Scribd
Upload
90 views35 pages

CCNP Security CH1

The document discusses network security threats and terminology. It describes why security is important to protect organizational assets from internal and external threats. Various types of threats are covered, including physical threats, internal threats from users, and external threats from hackers. Specific attacks like denial-of-service attacks, phishing, social engineering, and tools used by hackers are explained. The document also provides information on implementing attack mitigation techniques and security solutions to help prevent and respond to different threats.

Uploaded by

Loop Avoidance
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
90 views35 pages

CCNP Security CH1

The document discusses network security threats and terminology. It describes why security is important to protect organizational assets from internal and external threats. Various types of threats are covered, including physical threats, internal threats from users, and external threats from hackers. Specific attacks like denial-of-service attacks, phishing, social engineering, and tools used by hackers are explained. The document also provides information on implementing attack mitigation techniques and security solutions to help prevent and respond to different threats.

Uploaded by

Loop Avoidance
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 35

Network Security & Threats

Networks Are Targets

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Why do we need Security?
• Security is important
• Lack of Security will risks financial, legal, political and public
relations implications.
• Using software to block malicious programs from entering, or
running within, the network.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Security Terminology
• ASSET
Anything that is valuable to organization. (that is to be protected)
Can include Property, people and information/data that have value to the
company.

• VULNERABILITY
Weakness which allows attacker to reduce the Security assurance.
Vulnerability can be found in
- Protocols
- Operation Systems
- Application
-System Design

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Security Terminology
• THREAT
Event which cause damage to system, exploiting a vulnerability.
Physical ( Fire,Water,Earthquake )
Malicious codes ( Virus, Worm, Trojan )
Phishing & social Engineering

• RISK
The Probability of a threat or event to happen.
Potential to unauthorized access to asset
Potential to compromise of asset

• MITIGATION or COUNTERMEASURE
Reducing or eliminating the vulnerability or potential Risk.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Types of Threats
• Physical Threats
Hardware Threats
Physical damage to Server, Routers, Switches, cabling plant, and
workstations.
Electrical Threats
Voltage spikes
Insufficient supply voltage
Unconditioned power
Temperature extremes (too hot or too cold)
Humidity extremes (too wet or too dry)
Maintenance Threats
Poor handling of key electrical components (electrostatic discharge)
Lack of essential spare parts
Poor cabling and labeling
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Types of Threats
• Internal Threats
Users know already have physical access & knowledge of internal network.
Users physically steals or damage data.

Requires additional administrative & physical control measures to detect


& prevent
Physical Locks
Surveillance camera
ID access policy
Data loss prevention

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Types of Threats
• External Threats
Caused by from individuals working outside of a company. (Hackers)
Do not have authorized access to the computer systems or network.
They break into an organization’s network mainly from the Internet.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
External Threat and Internal Threat

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Common Security Threats in Offices

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Data Loss
Vectors of data loss:
• Email/Webmail

• Unencrypted Devices

• Cloud Storage Devices

• Removable Media

• Hard Copy

• Improper Access Control

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Attack Mitigation & Implementation
• Attack Mitigation
Attack mitigation is the process of preventing or responding to Threat.

Attack mitigation can be Pro-Active and Re-Active


Pro-Active Prevent attack before they occur (Firewall blocking a port)
Re-Active Respond to attack once it has occurred. (IPS shun on attacker)

• Implementing Attack Mitigation


Understand possible vulnerabilities & attacks.
Different tools are available for mitigation.
Implement up-to-date security solutions. (Eg: Using NGFW)

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Attack & Hacker Tools

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Categories of Attack
Network hacking attacks:
• Eavesdropping

• Spoofing Attacks

• Password-based

• Denial-of-service (DOS) & DDoS Attack

• Phishing Attack

• Social Engineering Attack

• Man-in-the-middle (MiTM)

• Compromised-key

• Reconnaissance Attacks

• Buffer overflow Attacks

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Social Engineering Attack
• Manipulation of people into performing actions or divulging
confidential information.
• Tricking people into breaking normal security procedures.
(information gathering, fraud, or system access)
Shoulder watching Attacker watches as
your type credentials (PIN or Password)

Fake Phone calls Asking for sensitive information


(Spoofing Identity)

Phishing via email Spoofed emails from banks


asking for credentials

USB Memory Lost on purpose ( hidden


partition install malicious software)

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Phishing Attack
• Attacks against the human, making them to leak information
• Email Phishing
• Pharming ( Based on DNS )
• Phone calls ( Vishing )
• SMS messages ( Smishing )

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Social Engineering & Phishing Mitigation
• Provide awareness to users through training, policies & live
simulations.
Be suspicious of unsolicited phone calls, visits, or email messages from
individuals asking about employees or other internal information

Verify his or her identity directly with the company.


Do not provide personal information or information about your organization,
including its structure or networks

Do not reveal personal or financial information in email

Do not respond to email solicitations.

Pay attention to the URL of a web site. ( .com vs .net )

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Social Engineering & Phishing Mitigation
Install and maintain anti-virus software, firewall, and email filters to
reduce these types of emails.
Web & Email Security Solutions ( Cisco WSA & ESA )
Endpoint security to restrict to restrict user access.
( Antivirus programs )
Network level security to restrict user access
( Firewalls, IPS )

Note: Cisco Web Security Appliance (Cisco WSA)


Cisco Email Security Appliance (Cisco ESA)

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Denial of Service ( DoS ) Attack
• Prevents users from accessing targeted computer systems, devices or other
network resources.
• Flood servers, systems or networks with traffic in order to overload the victim
resources and make it difficult or impossible for legitimate users to use them.
• Generally sourced from a single system.

Eg: Ping of Death & TCP Sync Flood attacks

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
DOS Attack - Ping of Death
• A ping packet can have up to 65536 bytes.
• An ICMP echo request with more than 65507 (65535-20-8) bytes
of data could cause a remote system to crash while reassembling
the packet fragments.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
DOS Attack - TCP Syn Flood
• The connection establishment is successfully completed when the
3-way handshake method is performed.
• An attacker could flood the server with TCP SYN segments
without acknowledging back the server's SYN response.
• The server's session table is filled up with ongoing Session
requests, utilizing resources.
• Valid users unable to accept legitimate connection requests until
its TCP inactivity timer is reached where it would start dropping
incomplete sessions.
• Usually originated by a spoofed source IP address making it
harder to track down the attacker.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
DOS Attack - TCP Syn Flood

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Attack Tools
Penetration tools:
• Password crackers • Forensic

• Wireless hacking • Debuggers

• Network scanning and hacking • Hacking operating systems

• Packet crafting • Encryption

• Packet sniffers • Vulnerability exploitation

• Rootkit detectors • Vulnerability Scanners

• Fuzzers to search vulnerabilities

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Malware

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Various Types of Malware

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Other Malware

Ransomware Scareware
Spyware Phishing
Adware Rootkits

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Reconnaissance Attacks
• Initial query of a target

• Ping sweep of the target network

• Port scan of active IP addresses

• Vulnerability scanners

• Exploitation tools

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Defending the Network

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Confidentiality, Integrity, Availability
Availability:
Assures data is
accessible. Guaranteed
by network hardening
mechanisms and
backup systems.

Components Confidentiality:
Uses encryption
of to encrypt and
Cryptography hide data.

Integrity:
Uses hashing
algorithms to ensure
data is unaltered
during operation.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Cisco Network Foundation Protection Framework

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
NFP Framework

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Securing the Control Plane

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Securing the Management Plane

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Securing the Data Plane

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Thank you.

You might also like