SlideShare a Scribd company logo

Network Security v1.0 - Module 1.pptx

Download as PPTX, PDF
S
SamatarHussein

Security

Technology
1 of 14
Module 1: Securing Networks Networking Security v1.0 (NETSEC)
2 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Module Objectives Module Title: Securing Networks Module Objective: Explain network security. Topic Title Topic Objective Current State of Affairs Describe the current network security landscape. Network Topology Overview Describe how all types of networks need to be protected.
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1.1 Current State of Affairs 3
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Current State of Affairs Networks Are Targets Networks are routinely under attack. A quick internet search for network attacks will return many articles about them. Kapersky maintains the interactive Cyberthreat Real-Time Map display of current network attacks. The attack data is submitted from Kapersky network security products that are deployed worldwide. 4
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Current State of Affairs Reasons for Network Security Network security breaches can disrupt e-commerce, cause the loss of business data, threaten people’s privacy, and compromise the integrity of information. The Cisco Talos Intelligence Group website provides comprehensive security and threat intelligence. The Cisco Product Security Incident Response Team (PSIRT), is responsible for investigating and mitigating potential vulnerabilities in Cisco products. 5
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Current State of Affairs Vectors of Network Attacks An attack vector is a path by which a threat actor can gain access to a server, host, or network. Attack vectors originate from inside or outside the corporate network. Threat actors may target a network through the internet, to disrupt network operations and create a denial of service (DoS) attack.) 6
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Current State of Affairs Data Loss Term Definition Email/Social Networking The most common vector for data loss includes instant messaging software and social media sites. For instance, intercepted email or IMs could be captured and confidential information revealed. Unencrypted Devices A stolen corporate laptop typically contains confidential organizational data. If the data is not stored using an encryption algorithm, the thief can retrieve valuable confidential data. Cloud Storage Devices Saving data to the cloud has many potential benefits. However, sensitive data can be lost if access to the cloud is compromised due to weak security settings. Removable Media One risk is that an employee could perform an unauthorized transfer of data to a USB drive. Another risk is that a USB drive containing valuable corporate data could be lost. Hard Copy Sensitive data should be disposed of thoroughly. For example, confidential data should be shredded when no longer required. Otherwise, a thief could retrieve discarded reports and gain valuable information. Improper Access Control Passwords are the first line of defense. Stolen passwords or weak passwords which have been compromised can provide an attacker easy access to data. 7
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Current State of Affairs Video - Anatomy of an Attack 8
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1.2 Network Topology Overview 9
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Network Topology Overview Campus Area Networks Term Definition VPN The Cisco ISR is secured. It protects data in motion that is flowing from the CAN to the outside world by establishing Virtual Private Networks (VPNs). VPNs ensure data confidentiality and integrity from authenticated sources. ASA Firewall A Cisco Adaptive Security Appliance (ASA) firewall performs stateful packet filtering to filter return traffic from the outside network into the campus network. IPS A Cisco Intrusion Prevention System (IPS) device continuously monitors incoming and outgoing network traffic for malicious activity. It logs information about the activity and attempts to block and report it. Layer 3 Switches These distribution layer switches are secured and provide secure redundant trunk connections to the Layer 2 switches. Several different security features can be implemented, such as ACLs, DHCP snooping, Dynamic ARP Inspection (DAI), and IP source guard. Layer 2 Switches These access layer switches are secured and connect user-facing ports to the network. Several different security features can be implemented, such as port security, DHCP snooping, and 802.1X user authentication. AAA Server An authentication, authorization, and accounting (AAA) server authenticates users, authorizes what they are allowed to do, and tracks what they are doing. Hosts End points are secured using various features including antivirus and antimalware software, Host Intrusion Protection System features, and 802.1X authentication features. 10
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Network Topology Overview Small Office and Home Office Networks The figure displays a sample SOHO secured with a consumer-grade wireless router which provides integrated firewall features and secure wireless connections. The Layer 2 Switch is an access layer switch that is hardened with various security measures. It connects user-facing ports that use port security to the SOHO network. Wireless hosts connect to the wireless network using WPA2 data encryption technology. Hosts typically have antivirus and antimalware software installed. Combined, these security measures provide comprehensive defense at different layers of the network. 11
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Network Topology Overview Wide Area Networks Wide Area Networks (WANs) span a wide geographical area, often over the public internet. Organizations must ensure secure transport for the data in motion as it travels between sites over the public network. Network security professionals must use secure devices on the edge of the network. In the figure, the main site is protected by an Adaptive Security Appliance (ASA), which provides stateful firewall features and establishes secure Virtual Private Network (VPN) tunnels to various destinations. 12
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Network Topology Overview Data Center Networks Data center networks are typically housed in an off-site facility to store sensitive or proprietary data. These sites are connected to corporate sites using VPN technology with ASA devices and integrated data center switches. Because they store such vast quantities of sensitive, business-critical information, physical security is critical to their operation. Physical security not only protects access to the facility but also protects people and equipment. For example, fire alarms, sprinklers, seismically- braced server racks, redundant heating, ventilation, and air conditioning (HVAC), and UPS systems are in place to protect people, equipment, and data. Data center physical security can be divided into two areas: • Outside perimeter security - This can include on-premise security officers, fences, gates, continuous video surveillance, and security breach alarms. • Inside perimeter security - This can include continuous video surveillance, electronic motion detectors, security traps, and biometric access and exit sensors. 13
Network Security v1.0 - Module 1.pptx

Recommended

Iot(security)
Iot(security)Iot(security)
Iot(security)Shreya Pohekar
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAAKASH S
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
Wireshark
Wireshark Wireshark
Wireshark antivirusspam
 
Data Hiding Techniques
Data Hiding TechniquesData Hiding Techniques
Data Hiding Techniquesprashant3535
 
Windows internals
Windows internalsWindows internals
Windows internalsPiyush Jain
 
Introduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for networkIntroduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for networkEng. Mohammed Ahmed Siddiqui
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics OverviewYansi Keim
 

Recommended

Iot(security)
Iot(security)Iot(security)
Iot(security)Shreya Pohekar
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAAKASH S
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
Wireshark
Wireshark Wireshark
Wireshark antivirusspam
 
Data Hiding Techniques
Data Hiding TechniquesData Hiding Techniques
Data Hiding Techniquesprashant3535
 
Windows internals
Windows internalsWindows internals
Windows internalsPiyush Jain
 
Introduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for networkIntroduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for networkEng. Mohammed Ahmed Siddiqui
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics OverviewYansi Keim
 
Wireshark Basic Presentation
Wireshark Basic PresentationWireshark Basic Presentation
Wireshark Basic PresentationMD. SHORIFUL ISLAM
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
Wireshark
WiresharkWireshark
Wiresharklakshya dubey
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIntel® Software
 
Network security
Network security Network security
Network security Madhumithah Ilango
 
CCNAv5 - S2: Chapter3 Vlans
CCNAv5 - S2: Chapter3 VlansCCNAv5 - S2: Chapter3 Vlans
CCNAv5 - S2: Chapter3 VlansVuz Dở Hơi
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chainAnkita Ganguly
 
Snort IPS
Snort IPSSnort IPS
Snort IPSSimone Tino
 
Dmz
Dmz Dmz
Dmz أحلام انصارى
 
eaodv
eaodveaodv
eaodvChandu Chiru
 
Firewall configuration
Firewall configurationFirewall configuration
Firewall configurationNutan Kumar Panda
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionUmesh Dhital
 
Topics in network security
Topics in network securityTopics in network security
Topics in network securityNasir Bhutta
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffersKunal Thakur
 
The Current ICS Threat Landscape
The Current ICS Threat LandscapeThe Current ICS Threat Landscape
The Current ICS Threat LandscapeDragos, Inc.
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurationsStudent
 
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassGeorgia Weidman
 
Lecture 11
Lecture 11Lecture 11
Lecture 11vishal choudhary
 
Firewall protection
Firewall protectionFirewall protection
Firewall protectionVC Infotech
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system gaurav koriya
 
Network Security v1.0 Network Security v
Network Security v1.0 Network Security vNetwork Security v1.0 Network Security v
Network Security v1.0 Network Security vSYYULIANISKOMMT
 
CSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptxCSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptxMohammad512578
 

More Related Content

What's hot

Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIntel® Software
 
CCNAv5 - S2: Chapter3 Vlans
CCNAv5 - S2: Chapter3 VlansCCNAv5 - S2: Chapter3 Vlans
CCNAv5 - S2: Chapter3 VlansVuz Dở Hơi
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionUmesh Dhital
 
Topics in network security
Topics in network securityTopics in network security
Topics in network securityNasir Bhutta
 
The Current ICS Threat Landscape
The Current ICS Threat LandscapeThe Current ICS Threat Landscape
The Current ICS Threat LandscapeDragos, Inc.
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurationsStudent
 
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassGeorgia Weidman
 
Firewall protection
Firewall protectionFirewall protection
Firewall protectionVC Infotech
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system gaurav koriya
 

What's hot (20)

Wireshark Basic Presentation
Wireshark Basic PresentationWireshark Basic Presentation
Wireshark Basic Presentation
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
 
Wireshark
WiresharkWireshark
Wireshark
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and Solutions
 
Network security
Network security Network security
Network security
 
CCNAv5 - S2: Chapter3 Vlans
CCNAv5 - S2: Chapter3 VlansCCNAv5 - S2: Chapter3 Vlans
CCNAv5 - S2: Chapter3 Vlans
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
 
Snort IPS
Snort IPSSnort IPS
Snort IPS
 
Dmz
Dmz Dmz
Dmz
 
eaodv
eaodveaodv
eaodv
 
Firewall configuration
Firewall configurationFirewall configuration
Firewall configuration
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Topics in network security
Topics in network securityTopics in network security
Topics in network security
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffers
 
The Current ICS Threat Landscape
The Current ICS Threat LandscapeThe Current ICS Threat Landscape
The Current ICS Threat Landscape
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurations
 
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner Class
 
Lecture 11
Lecture 11Lecture 11
Lecture 11
 
Firewall protection
Firewall protectionFirewall protection
Firewall protection
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
 

Similar to Network Security v1.0 - Module 1.pptx

Network Security v1.0 Network Security v
Network Security v1.0 Network Security vNetwork Security v1.0 Network Security v
Network Security v1.0 Network Security vSYYULIANISKOMMT
 
CSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptxCSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptxMohammad512578
 
Residency research makeup project acme enterprise scenario resi
Residency research makeup project acme enterprise scenario resiResidency research makeup project acme enterprise scenario resi
Residency research makeup project acme enterprise scenario resiSHIVA101531
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Mukesh Chinta
 
Web Server Security Guidelines
Web Server Security GuidelinesWeb Server Security Guidelines
Web Server Security Guidelineswebhostingguy
 
Access Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance EssayAccess Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance EssayDotha Keller
 
Acme Enterprise Scenario Residency WeekAcme Enterprise is a pr.docx
Acme Enterprise Scenario Residency WeekAcme Enterprise is a pr.docxAcme Enterprise Scenario Residency WeekAcme Enterprise is a pr.docx
Acme Enterprise Scenario Residency WeekAcme Enterprise is a pr.docxMARK547399
 
Protect your guest wifi - NOW
Protect your guest wifi - NOWProtect your guest wifi - NOW
Protect your guest wifi - NOWJoshua Sibaja
 
Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...IOSR Journals
 
IJISRT22MAR7471.docx
IJISRT22MAR7471.docxIJISRT22MAR7471.docx
IJISRT22MAR7471.docxballolliemin
 
Seminar (network security)
Seminar (network security)Seminar (network security)
Seminar (network security)Gaurav Dalvi
 
CCNA RS_ITN - Chapter 11
CCNA RS_ITN - Chapter 11CCNA RS_ITN - Chapter 11
CCNA RS_ITN - Chapter 11Irsandi Hasan
 
Information Security Technology for IPv6-based IoT (Internet-of-Things)
Information Security Technology for IPv6-based IoT (Internet-of-Things)Information Security Technology for IPv6-based IoT (Internet-of-Things)
Information Security Technology for IPv6-based IoT (Internet-of-Things)IJAEMSJORNAL
 
CCNA 1 Routing and Switching v5.0 Chapter 11
CCNA 1 Routing and Switching v5.0 Chapter 11CCNA 1 Routing and Switching v5.0 Chapter 11
CCNA 1 Routing and Switching v5.0 Chapter 11Nil Menon
 
A Study of Data Storage Security Issues in Cloud Computing
A Study of Data Storage Security Issues in Cloud ComputingA Study of Data Storage Security Issues in Cloud Computing
A Study of Data Storage Security Issues in Cloud Computingvivatechijri
 

Similar to Network Security v1.0 - Module 1.pptx (20)

Network Security v1.0 Network Security v
Network Security v1.0 Network Security vNetwork Security v1.0 Network Security v
Network Security v1.0 Network Security v
 
CSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptxCSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptx
 
Residency research makeup project acme enterprise scenario resi
Residency research makeup project acme enterprise scenario resiResidency research makeup project acme enterprise scenario resi
Residency research makeup project acme enterprise scenario resi
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2
 
Lecture 07 networking
Lecture 07 networkingLecture 07 networking
Lecture 07 networking
 
Web Server Security Guidelines
Web Server Security GuidelinesWeb Server Security Guidelines
Web Server Security Guidelines
 
Access Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance EssayAccess Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance Essay
 
Acme Enterprise Scenario Residency WeekAcme Enterprise is a pr.docx
Acme Enterprise Scenario Residency WeekAcme Enterprise is a pr.docxAcme Enterprise Scenario Residency WeekAcme Enterprise is a pr.docx
Acme Enterprise Scenario Residency WeekAcme Enterprise is a pr.docx
 
Protect your guest wifi - NOW
Protect your guest wifi - NOWProtect your guest wifi - NOW
Protect your guest wifi - NOW
 
PROJECT REPORT.docx
PROJECT REPORT.docxPROJECT REPORT.docx
PROJECT REPORT.docx
 
Cloud Security Solution Overview
Cloud Security Solution OverviewCloud Security Solution Overview
Cloud Security Solution Overview
 
Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...
 
Network security
Network security Network security
Network security
 
IJISRT22MAR7471.docx
IJISRT22MAR7471.docxIJISRT22MAR7471.docx
IJISRT22MAR7471.docx
 
www.ijerd.com
www.ijerd.comwww.ijerd.com
www.ijerd.com
 
Seminar (network security)
Seminar (network security)Seminar (network security)
Seminar (network security)
 
CCNA RS_ITN - Chapter 11
CCNA RS_ITN - Chapter 11CCNA RS_ITN - Chapter 11
CCNA RS_ITN - Chapter 11
 
Information Security Technology for IPv6-based IoT (Internet-of-Things)
Information Security Technology for IPv6-based IoT (Internet-of-Things)Information Security Technology for IPv6-based IoT (Internet-of-Things)
Information Security Technology for IPv6-based IoT (Internet-of-Things)
 
CCNA 1 Routing and Switching v5.0 Chapter 11
CCNA 1 Routing and Switching v5.0 Chapter 11CCNA 1 Routing and Switching v5.0 Chapter 11
CCNA 1 Routing and Switching v5.0 Chapter 11
 
A Study of Data Storage Security Issues in Cloud Computing
A Study of Data Storage Security Issues in Cloud ComputingA Study of Data Storage Security Issues in Cloud Computing
A Study of Data Storage Security Issues in Cloud Computing
 

Recently uploaded

Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 

Recently uploaded (20)

Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 

Network Security v1.0 - Module 1.pptx

  • 1. Module 1: Securing Networks Networking Security v1.0 (NETSEC)
  • 2. 2 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Module Objectives Module Title: Securing Networks Module Objective: Explain network security. Topic Title Topic Objective Current State of Affairs Describe the current network security landscape. Network Topology Overview Describe how all types of networks need to be protected.
  • 3. © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1.1 Current State of Affairs 3
  • 4. © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Current State of Affairs Networks Are Targets Networks are routinely under attack. A quick internet search for network attacks will return many articles about them. Kapersky maintains the interactive Cyberthreat Real-Time Map display of current network attacks. The attack data is submitted from Kapersky network security products that are deployed worldwide. 4
  • 5. © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Current State of Affairs Reasons for Network Security Network security breaches can disrupt e-commerce, cause the loss of business data, threaten people’s privacy, and compromise the integrity of information. The Cisco Talos Intelligence Group website provides comprehensive security and threat intelligence. The Cisco Product Security Incident Response Team (PSIRT), is responsible for investigating and mitigating potential vulnerabilities in Cisco products. 5
  • 6. © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Current State of Affairs Vectors of Network Attacks An attack vector is a path by which a threat actor can gain access to a server, host, or network. Attack vectors originate from inside or outside the corporate network. Threat actors may target a network through the internet, to disrupt network operations and create a denial of service (DoS) attack.) 6
  • 7. © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Current State of Affairs Data Loss Term Definition Email/Social Networking The most common vector for data loss includes instant messaging software and social media sites. For instance, intercepted email or IMs could be captured and confidential information revealed. Unencrypted Devices A stolen corporate laptop typically contains confidential organizational data. If the data is not stored using an encryption algorithm, the thief can retrieve valuable confidential data. Cloud Storage Devices Saving data to the cloud has many potential benefits. However, sensitive data can be lost if access to the cloud is compromised due to weak security settings. Removable Media One risk is that an employee could perform an unauthorized transfer of data to a USB drive. Another risk is that a USB drive containing valuable corporate data could be lost. Hard Copy Sensitive data should be disposed of thoroughly. For example, confidential data should be shredded when no longer required. Otherwise, a thief could retrieve discarded reports and gain valuable information. Improper Access Control Passwords are the first line of defense. Stolen passwords or weak passwords which have been compromised can provide an attacker easy access to data. 7
  • 8. © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Current State of Affairs Video - Anatomy of an Attack 8
  • 9. © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1.2 Network Topology Overview 9
  • 10. © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Network Topology Overview Campus Area Networks Term Definition VPN The Cisco ISR is secured. It protects data in motion that is flowing from the CAN to the outside world by establishing Virtual Private Networks (VPNs). VPNs ensure data confidentiality and integrity from authenticated sources. ASA Firewall A Cisco Adaptive Security Appliance (ASA) firewall performs stateful packet filtering to filter return traffic from the outside network into the campus network. IPS A Cisco Intrusion Prevention System (IPS) device continuously monitors incoming and outgoing network traffic for malicious activity. It logs information about the activity and attempts to block and report it. Layer 3 Switches These distribution layer switches are secured and provide secure redundant trunk connections to the Layer 2 switches. Several different security features can be implemented, such as ACLs, DHCP snooping, Dynamic ARP Inspection (DAI), and IP source guard. Layer 2 Switches These access layer switches are secured and connect user-facing ports to the network. Several different security features can be implemented, such as port security, DHCP snooping, and 802.1X user authentication. AAA Server An authentication, authorization, and accounting (AAA) server authenticates users, authorizes what they are allowed to do, and tracks what they are doing. Hosts End points are secured using various features including antivirus and antimalware software, Host Intrusion Protection System features, and 802.1X authentication features. 10
  • 11. © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Network Topology Overview Small Office and Home Office Networks The figure displays a sample SOHO secured with a consumer-grade wireless router which provides integrated firewall features and secure wireless connections. The Layer 2 Switch is an access layer switch that is hardened with various security measures. It connects user-facing ports that use port security to the SOHO network. Wireless hosts connect to the wireless network using WPA2 data encryption technology. Hosts typically have antivirus and antimalware software installed. Combined, these security measures provide comprehensive defense at different layers of the network. 11
  • 12. © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Network Topology Overview Wide Area Networks Wide Area Networks (WANs) span a wide geographical area, often over the public internet. Organizations must ensure secure transport for the data in motion as it travels between sites over the public network. Network security professionals must use secure devices on the edge of the network. In the figure, the main site is protected by an Adaptive Security Appliance (ASA), which provides stateful firewall features and establishes secure Virtual Private Network (VPN) tunnels to various destinations. 12
  • 13. © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Network Topology Overview Data Center Networks Data center networks are typically housed in an off-site facility to store sensitive or proprietary data. These sites are connected to corporate sites using VPN technology with ASA devices and integrated data center switches. Because they store such vast quantities of sensitive, business-critical information, physical security is critical to their operation. Physical security not only protects access to the facility but also protects people and equipment. For example, fire alarms, sprinklers, seismically- braced server racks, redundant heating, ventilation, and air conditioning (HVAC), and UPS systems are in place to protect people, equipment, and data. Data center physical security can be divided into two areas: • Outside perimeter security - This can include on-premise security officers, fences, gates, continuous video surveillance, and security breach alarms. • Inside perimeter security - This can include continuous video surveillance, electronic motion detectors, security traps, and biometric access and exit sensors. 13