Chapter 1:

Network Security & Threats

CCNA Security v2.0

Nanda Kyu (LA IT Training Center)
Networks Are Targets

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Why do we need Security?
• Security is important
• Lack of Security will risks financial, legal, political and public
relations implications.
• Using software to block malicious programs from entering, or
running within, the network.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Security Terminology
• ASSET
Anything that is valuable to organization. (that is to be protected)
Can include Property, people and information/data that have value to the
company.

• VULNERABILITY
Weakness which allows attacker to reduce the Security assurance.
Vulnerability can be found in
- Protocols
- Operation Systems
- Application
-System Design

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Security Terminology
• THREAT
Event which cause damage to system, exploiting a vulnerability.
Physical ( Fire,Water,Earthquake )
Malicious codes ( Virus, Worm, Trojan )
Phishing & social Engineering

• RISK
The Probability of a threat or event to happen.
Potential to unauthorized access to asset
Potential to compromise of asset

• MITIGATION or COUNTERMEASURE
Reducing or eliminating the vulnerability or potential Risk.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Types of Threats
• Physical Threats
Hardware Threats
Physical damage to Server, Routers, Switches, cabling plant, and
workstations.
Electrical Threats
Voltage spikes
Insufficient supply voltage
Unconditioned power
Temperature extremes (too hot or too cold)
Humidity extremes (too wet or too dry)
Maintenance Threats
Poor handling of key electrical components (electrostatic discharge)
Lack of essential spare parts
Poor cabling and labeling
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Types of Threats
• Internal Threats
Users know already have physical access & knowledge of internal network.
Users physically steals or damage data.

Requires additional administrative & physical control measures to detect

& prevent
Physical Locks
Surveillance camera
ID access policy
Data loss prevention

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Types of Threats
• External Threats
Caused by from individuals working outside of a company. (Hackers)
Do not have authorized access to the computer systems or network.
They break into an organization’s network mainly from the Internet.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
External Threat and Internal Threat

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Common Security Threats in Offices

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Data Loss
Vectors of data loss:
• Email/Webmail

• Unencrypted Devices

• Cloud Storage Devices

• Removable Media

• Hard Copy

• Improper Access Control

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Attack Mitigation & Implementation
• Attack Mitigation
Attack mitigation is the process of preventing or responding to Threat.

Attack mitigation can be Pro-Active and Re-Active

Pro-Active Prevent attack before they occur (Firewall blocking a port)
Re-Active Respond to attack once it has occurred. (IPS shun on attacker)

• Implementing Attack Mitigation

Understand possible vulnerabilities & attacks.
Different tools are available for mitigation.
Implement up-to-date security solutions. (Eg: Using NGFW)

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Network Topology Overview

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Campus Area Networks

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Small Office and Home Office Networks

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Wide Area Networks

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Cloud and Virtual Networks

VM-specific threats: Hyperjacking

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Attack & Hacker Tools

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Categories of Attack
Network hacking attacks:
• Eavesdropping

• Spoofing Attacks

• Password-based

• Denial-of-service (DOS) & DDoS Attack

• Phishing Attack

• Social Engineering Attack

• Man-in-the-middle (MiTM)

• Compromised-key

• Reconnaissance Attacks

• Buffer overflow Attacks

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Social Engineering Attack
• Manipulation of people into performing actions or divulging
confidential information.
• Tricking people into breaking normal security procedures.
(information gathering, fraud, or system access)
Shoulder watching Attacker watches as
your type credentials (PIN or Password)

Fake Phone calls Asking for sensitive information

(Spoofing Identity)

Phishing via email Spoofed emails from banks

asking for credentials

USB Memory Lost on purpose ( hidden

partition install malicious software)

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Phishing Attack
• Attacks against the human, making them to leak information
• Email Phishing
• Pharming ( Based on DNS )
• Phone calls ( Vishing )
• SMS messages ( Smishing )

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Social Engineering & Phishing Mitigation
• Provide awareness to users through training, policies & live
simulations.
Be suspicious of unsolicited phone calls, visits, or email messages from
individuals asking about employees or other internal information

Verify his or her identity directly with the company.

Do not provide personal information or information about your organization,
including its structure or networks

Do not reveal personal or financial information in email

Do not respond to email solicitations.

Pay attention to the URL of a web site. ( .com vs .net )

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Social Engineering & Phishing Mitigation
Install and maintain anti-virus software, firewall, and email filters to
reduce these types of emails.
Web & Email Security Solutions ( Cisco WSA & ESA )
Endpoint security to restrict to restrict user access.
( Antivirus programs )
Network level security to restrict user access
( Firewalls, IPS )

Note: Cisco Web Security Appliance (Cisco WSA)

Cisco Email Security Appliance (Cisco ESA)

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Denial of Service ( DoS ) Attack
• Prevents users from accessing targeted computer systems, devices or other
network resources.
• Flood servers, systems or networks with traffic in order to overload the victim
resources and make it difficult or impossible for legitimate users to use them.
• Generally sourced from a single system.

Eg: Ping of Death & TCP Sync Flood attacks

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
DOS Attack - Ping of Death
• A ping packet can have up to 65536 bytes.
• An ICMP echo request with more than 65507 (65535-20-8) bytes
of data could cause a remote system to crash while reassembling
the packet fragments.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
DOS Attack - TCP Syn Flood
• The connection establishment is successfully completed when the
3-way handshake method is performed.
• An attacker could flood the server with TCP SYN segments
without acknowledging back the server's SYN response.
• The server's session table is filled up with ongoing Session
requests, utilizing resources.
• Valid users unable to accept legitimate connection requests until
its TCP inactivity timer is reached where it would start dropping
incomplete sessions.
• Usually originated by a spoofed source IP address making it
harder to track down the attacker.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
DOS Attack - TCP Syn Flood

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Attack Tools
Penetration tools:
• Password crackers • Forensic

• Wireless hacking • Debuggers

• Network scanning and hacking • Hacking operating systems

• Packet crafting • Encryption

• Packet sniffers • Vulnerability exploitation

• Rootkit detectors • Vulnerability Scanners

• Fuzzers to search vulnerabilities

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Malware

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Various Types of Malware

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Other Malware

Ransomware Scareware
Spyware Phishing
Adware Rootkits

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Reconnaissance Attacks
• Initial query of a target

• Ping sweep of the target network

• Port scan of active IP addresses

• Vulnerability scanners

• Exploitation tools

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Defending the Network

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Confidentiality, Integrity, Availability

Confidentiality:
Uses encryption to
encrypt and hide
data.

Components
of
Availability:
Cryptography
Integrity:
Assures data is
Uses hashing
accessible.
algorithms to
Guaranteed by
ensure data is
network hardening
unaltered during
mechanisms and
operation.
backup systems.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Cisco Network Foundation Protection Framework

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
NFP Framework

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Securing the Control Plane

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Securing the Management Plane

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Securing the Data Plane

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Thank you.