1.1.

1 Evolution of Network Security

In July 2001, the Code Red worm attacked web servers globally, infecting over 350,000 hosts.
The worm not only disrupted access to the infected servers, but also affected the local
networks hosting the servers, making them very slow or unusable. The Code Red worm caused
a Denial of Service (DoS) to millions of users.

If the network security professionals responsible for these Code Red-infected servers had
developed and implemented a security policy, security patches would have been applied in a
timely manner. The Code Red worm would have been stopped and would only merit a footnote
in network security history.

Network security relates directly to an organization's business continuity. Network security
breaches can disrupt e-commerce, cause the loss of business data, threaten people's privacy
(with the potential legal consequences), and compromise the integrity of information. These
breaches can result in lost revenue for corporations, theft of intellectual property, and lawsuits,
and can even threaten public safety.

Maintaining a secure network ensures the safety of network users and protects commercial
interests. To keep a network secure requires vigilance on the part of an organization's network
security professionals. Network security professionals must constantly be aware of new and
evolving threats and attacks to networks, and vulnerabilities of devices and applications. This
information is used to adapt, develop, and implement mitigation techniques. However, security
of the network is ultimately the responsibility of everyone who uses it. For this reason, it is the
job of the network security professional to ensure that all users receive security awareness
training. Maintaining a secure, protected network provides a more stable, functional work
environment for everyone.

"Necessity is the mother of invention." This saying applies perfectly to network security. In the
early days of the Internet, commercial interests were negligible. The vast majority of users were
research and development experts. Early users rarely engaged in activities that would harm
other users. The Internet was not a secure environment because it did not need to be.

Early on, networking involved connecting people and machines through communications
media. The job of a networker was to get devices connected to improve people's ability to
communicate information and ideas. The early users of the Internet did not spend much time
thinking about whether or not their online activities presented a threat to the network or to
their own data.

When the first viruses were unleashed and the first DoS attack occurred, the world began to
change for networking professionals. To meet the needs of users, network professionals
learned techniques to secure networks. The primary focus of many network professionals
evolved from designing, building, and growing networks to securing existing networks.

Today, the Internet is a very different network compared to its beginnings in the 1960s. The job
of a network security professional includes ensuring that appropriate personnel are well-versed
in network security tools, processes, techniques, protocols, and technologies. It is critical that
network security professionals manage the constantly evolving threats to networks.

As network security became an integral part of everyday operations, devices dedicated to
particular network security functions emerged.

One of the first network security tools was the intrusion detection system (IDS), first developed
by SRI International in 1984. An IDS provides real-time detection of certain types of attacks
while they are in progress. This detection allows network security professionals to more quickly
mitigate the negative impact of these attacks on network devices and users. In the late 1990s,
the intrusion prevention system or sensor (IPS) began to replace the IDS solution. IPS devices
enable the detection of malicious activity and have the ability to automatically block the attack
in real-time.

In addition to IDS and IPS solutions, firewalls were developed to prevent undesirable traffic
from entering prescribed areas within a network, thereby providing perimeter security. In 1988,
Digital Equipment Corporation (DEC) created the first network firewall in the form of a packet
filter. These early firewalls inspected packets to see if they matched sets of predefined rules,
with the option of forwarding or dropping the packets accordingly. Packet filtering firewalls
inspect each packet in isolation without examining whether a packet is part of an existing
connection. In 1989, AT&T Bell Laboratories developed the first stateful firewall. Like packet
filtering firewalls, stateful firewalls use predefined rules for permitting or denying traffic. Unlike
packet filtering firewalls, stateful firewalls keep track of established connections and determine
if a packet belongs to an existing flow of data, providing greater security and more rapid
processing.

The original firewalls were software features added to existing networking devices, such as
routers. Over time, several companies developed standalone, or dedicated firewalls that enable
routers and switches to offload the memory and processor-intensive activity of filtering
packets. Cisco's Adaptive Security Appliance (ASA) is available as a standalone context-aware
firewall. For organizations that do not require a dedicated firewall, modern routers, like the
Cisco Integrated Services Router (ISR), can be used as sophisticated stateful firewalls.

Traditional security relied on the layering of products and using multiple filters. However, as
threats became more sophisticated, these filters were required to look deeper into Network
and Application Layer traffic. Security requirements included more dynamic updates of
information and quicker response times to threats. For this reason, Cisco designed the Security
Intelligence Operations (SIO). SIO is a cloud-based service that connects global threat
information, reputation-based services, and sophisticated analysis to Cisco network security
devices to provide stronger protection with faster response times.
YEAR SECURITY TECHNOLOGY
Late 1988 DEC Packet Filter Firewall
1989 AT&T Bell Labs Stateful Firewalls
1991 DEC Seal Application Layer Firewall
1994 Check Point Firewall
1995 NetRanger IDS
August, 1997 RealSecure IDS
1998 Snort IDS
Late 1999 First IPS
2006 Cisco Zone-Based Policy Firewall
2010 Cisco Security Intelligence Operations

In addition to dealing with threats from outside of the network, network security professionals
must also be prepared for threats from inside the network. Internal threats, whether
intentional or accidental, can cause even greater damage than external threats because of
direct access to, and knowledge of the corporate network and data. Despite this fact, it has
taken more than 20 years after the introduction of tools and techniques for mitigating external
threats to develop tools and techniques for mitigating internal threats.

A common scenario for a threat originating from inside the network is a disgruntled employee
with some technical skills and a willingness to do harm. Most threats from within the network
leverage the protocols and technologies used on the local area network (LAN) or the switched
infrastructure. These internal threats fall into two categories: spoofing and Denial of Service
(DoS).

Spoofing attacks are attacks in which one device attempts to pose as another by falsifying data.
There are multiple types of spoofing attacks. For example, MAC address spoofing occurs when
one computer accepts data packets based on the MAC address of another computer.

DoS attacks make computer resources unavailable to intended users. Attackers use various
methods to launch DoS attacks.

As a network security professional, it is important to understand the methods designed
specifically for targeting these types of threats and ensuring the security of the LAN.

Evolution of LAN Security

In addition to preventing and denying malicious traffic, network security also requires that data
stay protected. Cryptography, the study and practice of hiding information, is used pervasively
in modern network security. Today, each type of network communication has a corresponding
protocol or technology designed to hide that communication from anyone other than the
intended user.

Wireless data can be encrypted (hidden) using various cryptography applications. The
conversation between two IP phone users can be encrypted. The files on a computer can also
be hidden with encryption. These are just a few examples. Cryptography can be used almost
anywhere that there is data communication. In fact, the trend is toward all communication
being encrypted.

Cryptography ensures data confidentiality, which is one of the three components of
information security: confidentiality, integrity, and availability. Information security deals with
protecting information and information systems from unauthorized access, use, disclosure,
disruption, modification, or destruction. Encryption provides confidentiality by hiding plaintext
data. Data integrity, meaning that the data is preserved unaltered during any operation, is
achieved by the use of hashing mechanisms. Availability, which is data accessibility, is
guaranteed by network hardening mechanisms and backup systems.
Encrypting Data

Evolution of Data Protection Technologies
Year Security Technology
1993 Cisco GRE Tunnels
1996 Site-to-Site IPSec VPNs
1999 SSH
2000 MPLS VPNs
2001 Remote-Access IPSec VPN
2002 Dynamic Multipoint VPN
2005 SSL VPN
2009 Group Encrypted Transport VPN (GET VPN)