MODERN NETWORK SECURITY

THREATS

 Securing networks
 Network threats
 Mitigating threats
 Modern Network Security
•
Threats
Who ?
- Attacker
- Target

• What ?
- Confidential Data
- Important Devices

• Why ?
- Money
- Popularity
 External and Internal Threat

Internet

External Threat

Internal Threat

Target
Data Loss

■ Improper Access Control

■ Email/Social Networking
■ Cloud Storage Device
■ Removable Media
■ Hard Copy
■ Unencrypted Device
Data Center Network
Data center physical security can be
divided into two areas
■ Outside perimeter security - This can include on-
premise security officers, fences, gates,
continuous video surveillance, and security breach
alarms.
■ Inside perimeter security - This can include
continuous video surveillance, electronic motion
detectors, security traps, and biometric access and
exit sensors.
 The Hacker
• White Hat Hacker
These are ethical hacker who
use their programing skills for
good, ethical, and legal purpose.
• Grey Hat Hacker
These are individuals who
commit crimes and do arguably
unethical
unethical things, but not for
personal gain or to cause
damage.
• Black Hat Hacker
these unethical criminals who
White Hat Grey Hat Black Hat violate computer and network
security for personal gain, or for
malicious reasons, such as
attacking network.
 Modern Hacking Titles

■ Script Kiddies
■ State Sponsored
■ Cyber Criminals
■ Hacktivists
■ Vulnerability Broker
Hacker Tools
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Various Types of Malware
Viruses
 Trojan Horse Classification

Classifications:
• Security software disabler

• Remote-access

• Data-sending

• Destructive

• Proxy

• FTP

• DoS
Worms

Initial Code Red Worm Infection

658 server

Code Red Worm Infection 19 Hours

Later 300.000 serevr
Worm Components

Components:
• Enabling vulnerability

• Propagation mechanism 1.
Propagate for
19 days

• Payload

4.
Code Red 2.
Repeat the
cycle
Worm Launch DoS
attack for next

Propagation 7 days

3.
Stop and go
dormant for a
few days
Other Malware

Ransomware Scareware
Spyware Phishing
Adware Rootkits
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Types of Network Attacks

Data
Modification
Syn Flood

Smurf Attack

Reconnaissance
Access
DoS
Reconnaissance Attacks

• Initial query of a target

• Ping sweep of the target network

• Port scan of active IP addresses

• Vulnerability scanners

• Exploitation tools
Access Attacks

A few reasons why hackers use access attacks:

• To retrieve data

• To gain access

• To escalate access privileges

A few types of access attacks include:

• Password

• Trust exploitation

• Port redirection

• Man-in-the-middle

• Buffer overflow

• IP, MAC, DHCP spoofing

Social Engineering Attacks

• Pretexting

• Phishing

• Spearphishing

• Spam

• Tailgating

• Something for Something

• Baiting
Denial of Service Attacks
DDoS Attacks

1. Hacker builds a network of infected machines

• A network of infected hosts is called a botnet.
• The compromised computers are called zombies.
• Zombies are controlled by handler systems.

2. Zombie computers continue to scan and infect

more targets
3. Hacker instructs handler system to make the
botnet of zombies carry out the DDoS attack
SECTION 1.3 MITIGATING THREATS
TOPIC 1.3.1:
DEFENDING THE NETWORK
Network Security Professionals
Network Security Organizations
Confidentiality, Integrity, Availability

Confidentiality:
Uses encryption to
encrypt and hide
data.

Components
of
Cryptography
Availability:
Integrity:
Assures data is
Uses hashing
accessible.
algorithms to
Guaranteed by
ensure data is
network hardening
unaltered during
mechanisms and
operation.
backup systems.
 Network Security Domains

• Risk assessment

• Security policy

• Organization of information security

• Asset management

• Human resources security

• Physical and environmental security

• Communications and operations management

• Information systems acquisition, development, and maintenance

• Access control

• Information security incident management

• Business continuity management

• Compliance
Network Security Policy
The Security Artichoke
Evolution of Network Security Tools
SecureX Product Families

Server Edge
and Branch

Secure Data
Secure Email
Center and
and Web
Virtualization

SecureX

Secure
Secure Access
Mobility
SecureX Security Technology

Cisco SecureX Architecture:

• Scanning engines

• Delivery mechanisms

• Security intelligence operations (SIO)

• Policy management consoles

• Next-generation endpoint
 Defending the Network

Best practices:

• Develop a written security policy.

• Educate employees about the risks of social engineering, and develop strategies to
validate identities over the phone, via email, or in person.

• Control physical access to systems.

• Use strong passwords and change them often.

• Encrypt and password-protect sensitive data.

• Implement security hardware and software.

• Perform backups and test the backed up files on a regular basis.

• Shut down unnecessary services and ports.

• Keep patches up-to-date by installing them weekly or daily to prevent buffer overflow
and privilege escalation attacks.

• Perform security audits to test the network.

Mitigating Malware
Mitigating Reconnaissance Attacks
Mitigating Access Attacks
Mitigating DoS Attacks
summary
■ Network security ; what, who, and why

■ Tpe –tipe ancaman dan serangan ; cth malware, virus, torjan,and

worm, other.

■ serangan yang sering terjadi ; cth Reconnaissance , Access , DoS

■ Alat-alat dan procedure untuk mengurangi efek serangan

berdasarkan tipe-tipenya.
TERIMA KASIH