We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 90
Protecting the
Organization Cybersecurity Devices and Technologies Security Appliances Routers
While routers are primarily used to interconnect
various network segments together, they usually also provide basic traffic filtering capabilities. This information can help you define which computers from a given network segment can communicate with which network segments. Firewalls
Firewalls can look deeper into the network
traffic itself and identify malicious behavior that has to be blocked. Firewalls can have sophisticated security policies applied to the traffic that is passing through them. Intrusion prevention systems
IPS systems use a set of traffic
signatures that match and block malicious traffic and attacks. Virtual private networks
VPN systems let remote employees use
a secure encrypted tunnel from their mobile computer and securely connect back to the organization’s network. Antimalware or antivirus
These systems use signatures or
behavioral analysis of applications to identify and block malicious code from being executed. Firewalls Firewalls
In computer networking, a firewall is
designed to control or filter which communications are allowed in and which are allowed out of a device or network. Firewalls
A firewall can be installed on a single computer
with the purpose of protecting that one computer (host-based firewall) or it can be a standalone network device that protects an entire network of computers and all of the host devices on that network (network-based firewall). Firewall Types Network layer firewall
This filters communications based on
source and destination IP addresses. Transport layer firewall
Filters communications based on source
and destination data ports, as well as connection states. Application layer firewall
Filters communications based on an
application, program or service. Context aware layer firewall
Filters communications based on the
user, device, role, application type and threat profile. Proxy Server
Filters web content requests like URLs,
domain names and media types. Reverse Proxy Server
Placed in front of web servers, reverse
proxy servers protect, hide, offload and distribute access to web servers. Network Address Translation (NAT) Firewall
This firewall hides or masquerades the
private addresses of network hosts. Host-Based Firewall
Filters ports and system service calls on
a single computer operating system. QUIZ Placed in front of web servers, reverse proxy servers protect, hide, offload and distribute access to web servers. Filtering communications based on the user, device, role, application type and threat profile. Filters ports and system service calls on a single computer operating system. Filtering web content requests like URLs, domain names and media types. Filtering communications based on an application, program, or service. Filtering communications based on source and destination data ports, as well as connection states. Hides or masquerades the private addresses of network hosts. Filtering communications based on source and destination IP addresses. Port Scanning Port Scanning
Port-scanning is a process of probing a computer,
server or other network host for open ports. Port Scanning
The port scan reported an ‘open’ state response.
This means that the service running on the network can be accessed by other network devices. Therefore, if the service contains a vulnerability, it can be exploited by an attacker. Intrusion Detection and Prevention Systems Intrusion Detection and Prevention Systems
Intrusion detection systems (IDSs) and intrusion
prevention systems (IPSs) are security measures deployed on a network to detect and prevent malicious activities. Intrusion Detection and Prevention Systems Real-Time Detection Protecting Against Malware Protecting Against Malware
How do you provide defense against the constant presence
of zero-day attacks, as well as advanced persistent threats (APT) that steal data over long periods of time? One solution is to use an enterprise-level advanced malware detection solution that offers real-time malware detection. Protecting Against Malware
Network administrators must constantly monitor the network for
signs of malware or behaviors that reveal the presence of an APT. Cisco has an Advanced Malware Protection (AMP) Threat Grid that analyzes millions of files and correlates them against hundreds of millions of other analyzed malware artifacts. Secure Operation Center Team
The Threat Grid allows the Cisco
Secure Operations Center team to gather more accurate, actionable data. Incidence Response team
The Incidence Response team therefore
has access to forensically sound information from which it can more quickly analyze and understand suspicious behaviors. Threat Intelligence team
Using this analysis, the Threat
Intelligence team can proactively improve the organization’s security infrastructure. Security Infrastructure Engineering team
Overall, the Security Infrastructure
Engineering team is able to consume and act on threat information faster, often in an automated way. Security Best Practices Perform a Risk Assessment
Knowing and understanding the value of what
you are protecting will help to justify security expenditures. Create Security Policy
Create a policy that clearly outlines the
organization’s rules, job roles, and responsibilities and expectations for employees. Physical Security Measures
Restrict access to networking closets and server
locations, as well as fire suppression. Human Resources Security Measures
Background checks should be completed for all
employees. Perform and test back up
Back up information regularly and test data
recovery from backups. Maintain Security Patches and Updates
Regularly update server, client and network
device operating systems and programs. Employ Access Control
Configure user roles and privilege levels as well
as strong user authentication. Regular Test Incident Response
security appliances. Implement a Comprehensive Endpoint Security Solution
Use enterprise level antimalware and antivirus
software. Educate Users
Provide training to employees in security
procedures. Encrypt Data
Encrypt all sensitive organizational data,
including email. Behavior Approach to Cybersecurity Behavior-Based Security Behavior-based security
Behavior-based security is a form of threat
detection that involves capturing and analyzing the flow of communication between a user on the local network and a local or remote destination. Honeypots
A honeypot is a behavior-based detection tool that lures the
attacker in by appealing to their predicted pattern of malicious behavior. Once the attacker is inside the honeypot, the network administrator can capture, log and analyze their behavior so that they can build a better defense. Cisco’s Cyber Threat Defense Solution Architecture
This is a security architecture that uses behavior-
based detection and indicators, to provide greater visibility, context, and control. NetFlow NetFlow
NetFlow technology is used to gather information
about data flowing through a network. Penetration Testing Penetration testing
Penetration testing, commonly known as pen
testing, is the act of assessing a computer system, network, or organization for security vulnerabilities. The five-step of pen test process STEP 1. Planning
The pen tester gathers as much information as
possible about a target system or network, its potential vulnerabilities, and exploits to use against it. STEP 2. Scanning
The pen tester carries out active reconnaissance to
probe a target system or network and identify potential weaknesses which, if exploited, could give an attacker access. STEP 3. Gaining Access
The pen tester will attempt to gain access to a
target system and sniff network traffic, using various methods to exploit the system. STEP 4. Maintaining Access
The pen tester will maintain access to the target to
find out what data and systems are vulnerable to exploitation. STEP 5. Analysis And Report
The pen tester will provide feedback via a report
that recommends updates to products, policies and training to improve an organization’s security. Your Turn: Put the following steps in the correct order __ Gather as much information as you can without being detected.
__ Footprint through the network to find ways to intrude.
__ Exploit any vulnerabilities identified in the network by
simulating an attack. Impact Reduction Actions organizations should take when a security breach is identified Communicate the Issue
Internally, all employees should be informed and a
clear call to action communicated.
Externally, all clients should be informed through
direct communication and official announcements. Be Sincere and Accountable
Respond to the breach in an honest and genuine
way, taking responsibility where the organization is at fault. Provide the details
Be open and explain why the breach took place
and what information was compromised. Find the Cause
Take steps to understand what caused and
facilitated the breach. This may involve hiring forensics experts to research and find out the details. Apply Lessons learned
Make sure that any lessons learned from forensic
investigations are applied to prevent similar breaches from happening in the future. Check and check again
Attackers will often attempt to leave a backdoor to
facilitate future breaches. To prevent this from happening, make sure that all systems are clean, no backdoors are installed and nothing else has been compromised. Educate
Raise awareness, train and educate employees,
partners and clients on how to prevent future breaches. Risk Management Risk management
Risk management is the formal process of
continuously identifying and assessing risk in an effort to reduce the impact of threats and vulnerabilities. Risk Management Process Fame the Risk
Identify the threats that increase risk. Threats may
include processes, products, attacks, potential failure or disruption of services, negative perception of an organization’s reputation, potential legal liability or loss of intellectual property. Assess the Risk
Determine the severity that each threat poses.
Respond to the Risk
Develop an action plan to reduce overall
organization risk exposure, detailing where risk can be eliminated, mitigated, transferred or accepted. Monitor the Risk
Continuously review any risk reduced through
elimination, mitigation or transfer actions. Remember, not all risks can be eliminated, so you will need to closely monitor any threats that have been accepted.