Chapter 4 – Network Security docx

Học viện mạng Bach Khoa - Website: www.bkacad.comOpen Access Network • An open security model is the easiest to implement.. Common Security ThreatsHọc viện mạng Bach Khoa - Website: www.

Trang 1

Chapter 4 – Network Security

CCNA Exploration 4.0

Trang 2

Học viện mạng Bach Khoa - Website: www.bkacad.com

Why is Network Security Important?

Vote

Bank

Medicate Travel

Purchase

Trang 3

1990 1985

Password Guessing

Self Replicating Code

Password Cracking

Exploiting Known Vulnerabilities

Disabling Audits

Back Doors

Hijacking Sessions

Sweepers

Sniffers Stealth Diagnostics

Technical Knowledge Required

High

Low

Trang 4

Think Like a Attacker

Trang 5

Step 1: Footprint Analysis

Trang 6

Step 2: Enumerate Information

Trang 7

Step 3: Manipulate Users to Gain Access

Trang 8

Step 4: Escalate Privilege

Trang 9

Step 5: Gather Additional Password & Secrets

Trang 10

Step 6: Install Back Doors and Port Redirections

Trang 11

Step 7: Leverage the Compromised System

Trang 12

100% Security

“

”

The only system which is truly secure is

one which is switched off and unplugged, locked in a titanium lined safe, buried in a

concrete bunker, and

is surrounded by nerve gas and very highly

paid armed guards Even then,

I wouldn’t stake my life on it….

Trang 13

Open versus Closed Networks

Trang 14

Open Access Network

• An open security model is the easiest to implement

• Simple passwords and server security become the foundation of this model

• If encryption is used, it is implemented by individual users or on servers

Trang 15

Restrictive Access Network

A restrictive security model is more difficult to implement

Firewalls and identity servers become the foundation of this model

Trang 16

Closed Access Networks

• A closed security model is most difficult to implement All available security measures are implemented in this design

• This model assumes that the protected assets are premium, all users are not trustworthy, and that threats are frequent

• Network security departments must clarify that they only implement the policy, which is designed, written, and approved by the corporation

Trang 17

Developing a Security Policy

• A security policy meets these goals:

1 Informs users, staff, and managers of their obligatory requirements for protecting technology and information assets

2 Specifies the mechanisms through which these requirements can be met

3 Provides a baseline from which to acquire, configure, and audit computer systems and networks for compliance with the policy

Trang 18

Developing a Security Policy

Trang 19

Common Security Threats

Trang 20

Trang 21

Trang 22

Threats to Physical Infrastructure

Trang 23

Trang 24

Trang 25

Trang 26

Network Security Threats

Trang 27

Unstructured threats

Trang 28

Structured threats

Trang 29

External threats

Trang 30

Internal threats

Trang 31

Social Engineering

Trang 32

Types of Network Attacks

Trang 33

Reconaissance Attacks

Trang 34

Internet Information Queries

Sample IP address query

Attackers can use Internet tools such

as “WHOIS” as weapons.

Trang 35

Port Scans and Ping Sweeps

Trang 36

Port Scan and Ping Sweep Attack Mitigation

Trang 37

Packet Sniffers

Trang 38

Packet Sniffer Mitigation

Trang 39

Access Attacks

Trang 40

Password Attacks

Trang 41

Password Attack Mitigation

Trang 42

Trust Exploitation

Trang 43

Trust Exploitation Attack Mitigation

Trang 44

Port Redirection

Trang 45

Man-in-the-Middle Attacks & Mitigation

Trang 46

DoS Attacks

Trang 47

Ping of Death Attack

Trang 48

SYN Flood Attack

Trang 49

DDos Attacks

Trang 50

DoS: Smurf Attack

Trang 51

Malicious Code Attacks

Trang 52

Anatomy of a Worm Attack

Trang 53

Mitigating Worm Attacks

Worm Attack Response Methodologies

Trang 54

Trang 55

Trang 56

General Mitigation Techniques

Trang 57

Trang 58

Trang 59

Intrusion Detection and Prevention

• Intrusion detection systems (IDS) detect attacks against a network and send logs to a management console

• Intrusion prevention systems (IPS) prevent attacks against the network and should provide the following active defense mechanisms in addition to detection:

– Prevention -Stops the detected attack from executing

– Reaction -Immunizes the system from future attacks from a malicious source

• Either technology can be implemented at a network level or host level, or both for maximum protection.

Trang 60

Host-based Intrusion Detection Systems

• Host-based intrusion is typically implemented as inline or passive technology, depending

on the vendor

1 Passive technology, which was the first generation technology, is called a

host-based intrusion detection system (HIDS) HIDS sends logs to a management

console after the attack has occurred and the damage is done

2 Inline technology, called a host-based intrusion prevention system (HIPS),

actually stops the attack, prevents damage, and blocks the propagation of worms and viruses.

• Cisco provides HIPS using the Cisco Security Agent software.

• HIPS software must be installed on each host, either the server or desktop, to monitor activity performed on and against the host

Trang 61

Common Security Appliances and Applications

Trang 62

The Network Security Wheel

Trang 63

Secure Network

Trang 64

Monitor Network

Trang 65

Test Secure

Trang 66

Improve Secure

Trang 67

What is a Security Policy?

Trang 68

Components of a Security Policy

Trang 69

Safeguard a Router

Trang 70

Password-Protecting a Router

Trang 71

Configure the Line-Level Password

Trang 72

Enable Password

Trang 73

Cisco-Proprietary Password Encryption

Trang 74

Enhanced Username Password Security

Trang 75

Hardening Login

Trang 76

Hardening Login

Trang 77

Securing Administrative Access to Routers

Trang 78

Securing Administrative Access to Routers

Trang 79

Implementing SSH to Secure Remote Administrative Access

Trang 80

Configuring SSH Security

Trang 81

Trang 82

Trang 83

Trang 84

Học viện mạng Bach Khoa - Website: www.bkacad.comLOGGING ROUTER ACTIVITY

Trang 85

Why is Syslog Important?

• Logs allow you to verify that a router is working properly or

to determine whether the router has been compromised

• In some cases, a log can show what types of probes or

attacks are being attempted against the router or the

protected network.

Trang 86

Log Output Destination

Trang 87

Syslog System

A syslog logging solution consists of two primary components:

 syslog servers

 syslog client s

Trang 88

Syslog Severity Levels

Trang 89

Syslog Severity Levels Examples

Trang 90

Structure of a Syslog Message

Trang 91

Configuring for Syslog

Trang 92

Trang 93

Trang 94

SECURE ROUTER

NETWORK SERVICES

Trang 95

Vulnerable Router Services and Interfaces

Trang 96

Vulnerable Router Services and Interfaces

Trang 97

Cisco Auto Secure

Trang 98

Cisco Auto Secure

Trang 99

Routing Protocol Authentication Overview

Trang 100

Trang 101

Trang 102

Routing Protocol Authentication

Trang 103

Using Cisco SDM

Trang 104

What is Cisco SDM?

• The Cisco Router and Security Device Manager (SDM) is an easy-to-use, web-based device-

management tool designed for configuring LAN, WAN, and security features on Cisco IOS software-based routers

• The SDM files can be installed on the router, a

PC, or on both An advantage of installing SDM on the PC is that it saves router memory, and allows you to use SDM to manage other routers on the network

Trang 105

Cisco SDM Features

• Cisco SDM smart wizards can intelligently detect incorrect

configurations and propose fixes, such as allowing DHCP traffic

through a firewall if the WAN interface is DHCP-addressed

• Online help embedded within Cisco SDM contains appropriate

background information, in addition to step-by-step procedures to help users enter correct data in Cisco SDM.

Trang 106

Configuring Your Router to Support Cisco SDM

Trang 107

Starting Cisco SDM

Trang 108

Cisco SDM Home Page Overview

Trang 109

About Your Router Area

Trang 110

Configuration Overview Area

Interfaces and Connections

Firewall Policies

VPN

View Running Config

Trang 111

Cisco SDM Wizards

• Check http://www.cisco.com/go/sdm for the latest information about the Cisco SDM wizards and the interfaces they support.

Trang 112

http://www.cisco.com/cdc_content_elements/flash/sdm/demo.htm?NO_NAV

Trang 113

Locking Down a Router with Cisco SDM

• AutoSecure features that are implemented differently in Cisco SDM include

the following:

1 Disables SNMP, and does not configure SNMP version 3

2 Enables and configures SSH on crypto Cisco IOS images

3 Does not enable Service Control Point or disable other access and

file transfer services, such as FTP

Trang 114

Locking Down a Router with Cisco SDM

Refer to 4.4.6

Trang 115

Secure Router Management

Trang 116

Maintaining Cisco IOS Software Image

• An update replaces one release with another without upgrading the

feature set The software might be updated to fix a bug or to replace a release that is no longer supported Updates are free

• An upgrade replaces a release with one that has an upgraded feature

set The software might be upgraded to add new features or

technologies, or replace a release that is no longer supported

Upgrades are not free

Trang 117

• Cisco recommends following a four-phase migration process to simplify

network operations and management

• When you follow a repeatable process, you can also benefit from reduced

costs in operations, management, and training

1 Plan -Set goals, identify resources, profile network hardware and

software, and create a preliminary schedule for migrating to new releases

2 Design -Choose new Cisco IOS releases and create a strategy for

migrating to the releases

3 Implement -Schedule and execute the migration

4 Operate -Monitor the migration progress and make backup copies of

images that are running on your network

Trang 118

• There are a number of tools available on Cisco.com to aid in migrating Cisco IOS

software You can use the tools to get information about releases, feature sets,

platforms, and images The following tools do not require a Cisco.com login :

1 Cisco IOS Reference Guide -Covers the basics of the Cisco IOS software

family

2 Cisco IOS software technical documents -Documentation for each release

of Cisco IOS software

3 Software Center -Cisco IOS software downloads

4 Cisco IOS Software Selector -Finds required features for a given

technology

Trang 119

• The following tools require valid Cisco.com login accounts :

1 Bug Toolkit -Searches for known software fixes based on software version,

feature set, and keywords

2 Cisco Feature Navigator -Finds releases that support a set of software

features and hardware, and compares releases

3 Software Advisor -Compares releases, matches Cisco IOS software and

Cisco Catalyst OS features to releases, and finds out which software release supports a given hardware device

4 Cisco IOS Upgrade Planner -Finds releases by hardware, release, and

feature set, and downloads images of Cisco IOS software

Tiêu đề	Chapter 4 – Network Security
Trường học	Học viện mạng Bach Khoa
Chuyên ngành	Network Security
Thể loại	lecture notes
Năm xuất bản	1990

Định dạng
Số trang	143
Dung lượng	10,88 MB