The CCNA Security curriculum emphasizes core security technologies, the installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices, and competency in the technologies that Cisco uses in its security structure.
Trang 1© 2012 Cisco and/or its affiliates All rights reserved 1
Network Security
Concepts and Policies
Trang 2• To protect assets!
– Historically done through physical security and closed networks.
Purpose of Security
Trang 3© 2012 Cisco and/or its affiliates All rights reserved 3
• With the advent of personal computers, LANs, and the wide-open world of the Internet, the networks of today are more open
The Network Today
Trang 4• To provide adequate protection of network resources, the
procedures and technologies that you deploy need to guarantee three things :
– Confidentiality
– Integrity
– Availability of systems and data
Basic Security Requirements
Trang 5© 2012 Cisco and/or its affiliates All rights reserved 5
• An asset is anything of value to an organization.
• A vulnerability is a weakness in a system or its design
that could be exploited by a threat.
• A threat is a potential danger to information or systems.
• A risk is the likelihood that a particular vulnerability will
be exploited.
• An exploit is an attack performed against a
vulnerability.
• A countermeasure (safeguard) is the protection that
mitigates the potential risk.
Data, Vulnerabilities, and Countermeasures
Trang 6Need for Network Security
• Business goals and risk analysis drive the need for network
Trang 7© 2012 Cisco and/or its affiliates All rights reserved 7
Need for Network Security
Trang 8Adversaries, Methodologies, and Classes of Attack
• Adversaries : To defend against attacks on information and
information systems, organizations must begin to define the threat
by identifying potential adversaries These adversaries can
include the following:
• Government agencies, such as the National Security Agency
(NSA) and the Federal Bureau of Investigations (FBI)
Trang 9© 2012 Cisco and/or its affiliates All rights reserved 9
Adversaries, Methodologies, and Classes of Attack
• Methodologies :
– Step 1 Perform footprint analysis (reconnaissance).
– Step 2 Enumerate applications and operating systems.
– Step 3 Manipulate users to gain access.
– Step 4 Escalate privileges.
– Step 5 Gather additional passwords and secrets.
– Step 6 Install back doors.
– Step 7 Leverage the compromised system.
Trang 10Adversaries, Methodologies, and Classes of Attack
Threats Classification
• Enumeration and fingerprinting
• Spoofing and impersonation
• Man-in-the-middle
• Overt and covert channels
• Blended threats and malware
• Exploitation of privilege and trust
Trang 11© 2012 Cisco and/or its affiliates All rights reserved 11
IP Spoofing Attacks
TCP Three-Way Handshake
Trang 12Sequence Prediction
Sequence Number Prediction
Trang 13© 2012 Cisco and/or its affiliates All rights reserved 13
Trust Exploitation
Trust Exploitation
Trang 14Confidentiality and Integrity Attacks
Breach of Confidentiality
Trang 15© 2012 Cisco and/or its affiliates All rights reserved 15
Man-in-the-Middle Attacks
IP Source Routing Attack
Trang 16Overt and Covert Channels
Overt Channel
Trang 17© 2012 Cisco and/or its affiliates All rights reserved 17
Principles of Secure Network Design
• Defense in depth
• Compartmentalization
• Least privilege
• Weakest link
• Separation and rotation of duties
• Hierarchically trusted components and protection
• Mediated access
• Accountability and traceability
Trang 18Evaluating and
Managing the
Risk
Trang 19© 2012 Cisco and/or its affiliates All rights reserved 19
Risk Analysis and Management
• Every process of security should first address the following
questions:
• Which are the threats the system is facing?
• Which are the probable threats and what would be their
consequence, if exploited?
• The threat-identification process provides an organization with a list of threats to which a system is subject in a particular
environment
Trang 20Risk Analysis
• Quantitative
• Qualitative
Trang 21© 2012 Cisco and/or its affiliates All rights reserved 21
Building Blocks of Risk Analysis
• Assets and their value
• Vulnerabilities
• Threats, their impact, and rate or probability of occurrence
List of Assets and Their Value
Trang 22A Lifecycle Approach to Risk Management
Trang 23© 2012 Cisco and/or its affiliates All rights reserved 23
Security Policies
The three reasons for having a security policy are as follows:
• To inform users, staff, and managers
• To specify mechanisms for security
• To provide a baseline
A properly defined security policy does the following:
• Protects people and information
• Sets the rules for expected behavior
• Authorizes staff to monitor, probe, and investigate
• Defines the consequences of violations
Trang 24Security Policy Components
Components of a Comprehensive Security Policy
Trang 25© 2012 Cisco and/or its affiliates All rights reserved 25
Secure Network Lifecycle Management
Organization-wide Integration of IT Governance, Risk Management, Compliance