SlideShare a Scribd company logo

Ccna sec 01

E
EduclentMegasoftel

The document discusses the basics of IT security including the CIA triad of confidentiality, integrity and availability. It also covers common security concepts such as assets, vulnerabilities, threats, countermeasures and risks. Additionally, it summarizes authentication, authorization and accounting (AAA) protocols, common attacks and how to implement secure network architecture.

Education
1 of 11
Download to read offline
The basics of IT security: CIA (Confidentiality, Integrity, Availability) • Confidentiality. • Measures that prevent disclosure of information or data to unauthorized individuals or systems. • Integrity. • Protecting the data from unauthorized alteration or revision. • Often ensured through the use of a hash. • Availability. • Making systems and data ready for use when legitimate users need them at any time. • Guaranteed by network hardening mechanisms and backup systems. • Attacks against availability all fall into the “denial of service” realm. • Asset. • It is anything that is valuable to an organization. • Vulnerability. • An exploitable weakness in a system or its design. • Threat. • Any potential danger to an asset. • Countermeasure. • A safeguard that somehow mitigates a potential risk. • Risk. • The potential for unauthorized access to, compromise, destruction, or damage to an asset. • Classifying Assets. • One reason to classify an asset is so that you can take specific action, based on policy, with regard to assets in a given class. • Classifying Vulnerabilities. • Policy flaws • Design errors • CCNA Sec 01 CCNA Sec Page 1
Design errors • Protocol weaknesses • Misconfiguration • Software vulnerabilities • Human factors • Malicious software • Hardware vulnerabilities • Physical access to network resources • Classifying Countermeasures. • Administrative controls. • Consist of written policies, procedures, guidelines, and standards. • Physical controls. • Are exactly what they sound like, physical security for the network servers, equipment, and infrastructure. • Logical controls (technical controls). • Logical controls include passwords, firewalls, IPS, access lists, VPN tunnels, ……... • Potential Attackers. • Terrorists • Criminals • Government agencies • Nation states • Hackers • Disgruntled employees • Competitors • Attack Methods. • Reconnaissance. • This is the discovery process used to find information about the network. • Social engineering. • Leverages our weakest (very likely) vulnerability in a secure system (data, applications, devices, networks): the user. • Could be done through e-mail or misdirection of web pages, which results in the user clicking something that leads to the attacker gaining information. • Phishing. • Presents a link that looks like a valid trusted resource to a user. • Pharming. • Used to direct a customer’s URL from a valid resource to a malicious one that could be made to appear as the valid site to the user. • Privilege escalation. • The process of taking some level of access and achieving an even greater level of access. • Backdoor. • Application can be installed to allow access. • Code execution. • When attackers can gain access to a device, they might be able to take several actions. • Man-in-the-Middle Attacks. • Results when attackers place themselves in line between two devices that are communicating. • To mitigate this risk, you could use techniques such as DAI (Dynamic ARP Inspection). • Additional Attack Methods. • Covert channel. • Uses programs or communications in unintended ways. • For ex. If web traffic is allowed but peer-to-peer messaging is not, users can attempt to tunnel their peer-to- • CCNA Sec Page 2
For ex. If web traffic is allowed but peer-to-peer messaging is not, users can attempt to tunnel their peer-to- peer traffic inside of HTTP traffic. • Also a backdoor application collecting keystroke information from the workstation and then sending it out as ICMP or http packet. • Trust exploitation. • Ex. an attacker could leverage his gaining access to a DMZ host, and using that location to launch his attacks • from there to the inside network. Brute-force (password-guessing) attacks. • Performed when an attacker’s system attempts thousands of possible passwords looking for the right match. • Mitigated by limiting how many unsuccessful authentication attempts can occur within a specified time. • DoS (Denial of Service). • An attack is launched from a single device with the intent to cause damage to an asset • DDoS (Distributed Denial-of-Service). • An attack is launched from multiple devices as from botnet network. • Botnet. • A collection of infected computers that are ready to take instructions from the attacker. • RDoS (Reflected DDoS). • When the source of the initial (query) packets is actually spoofed by the attacker. • The response packets are then “reflected” back from the unknowing participant to the victim of the attack. • Guidelines for Secure Network Architecture. • Rule of least privilege. • Minimal access should only provided to the required network resources. • Defense in depth. • You should have security implemented on an early every point of your network. • Ex. filtering at a perimeter router, filtering again at a firewall, using IPSs to analyze traffic before it reaches your servers, and using host-based security precautions at the servers, as well. • Separation of duties. • Rotating individuals into different roles periodically will also assist in verifying that vulnerabilities are being addressed, because a person who moves into a new role will be required to review the policies in place. • Auditing. • Accounting and keeping records about what is occurring on the network. • Common forms of social engineering. • Phishing. • Elicits secure information through an e-mail message that appears to come from a legitimate source such as a service provider or financial institution. • The e-mail message may ask the user to reply with the sensitive data, or to access a website to update information such as a bank account number. • Malvertising. • This is the act of incorporating malicious ads on trusted websites, which results in users’ browsers being inadvertently redirected to sites hosting malware. • Phone scams. • An example is a miscreant posing as a recruiter asking for names, e-mail addresses, and so on for members of the organization and then using that information to start building a database to leverage for a future attack. • Defenses Against Social Engineering. • Password management. • The number and type of characters that each password must include, how often a password must be changed. • Two-factor authentication. • Use two-factor authentication rather than fixed passwords. • Antivirus/antiphishing defenses. • CCNA Sec Page 3
Antivirus/antiphishing defenses. • Document handling and destruction. • Sensitive documents and media must be securely disposed of and not simply thrown out with the regular office trash. • Physical security. • Malware Identification Tools. • Packet captures. • Snort IDS • An open source IDS/IPS developed by the founder of Sourcefire. - NetFlow • IPS events • Advanced Malware Protection (AMP). • Designed for Cisco FirePOWER network security appliances. • Provides visibility and control to protect against highly sophisticated, targeted, zero-day, and persistent advanced malware threats. • NGIPS (Next-Generation Intrusion Prevention System). • The Cisco FirePOWER NGIPS solution provides multiple layers of advanced threat protection at high inspection throughput rates. • Implementing AAA in Cisco IOS Administrative access methods. • Password only. • Local database. • AAA Local Authentication (self-contained AAA). • AAA Server-based. • AAA provides: • Authentication. • Who is permitted to access a network. • Authorization. • What they can do while they are there. • Accounting. • Records in details what they did. • Methods of implementing AAA services. • Local AAA Authentication. • Uses a local database stored in the router for authentication. - Server-Based AAA Authentication. • Uses an external database server that leverages RADIUS or TACACS+ protocols. - Preferred in large environment. - Server-Based Authentication • The user establishes a connection with the router. • The router prompts the user for a username and password. • The router passes the username and password to the Cisco Secure ACS. • The ACS authenticates and authorizes the user based on its database. • ACS (Access Control Server). • Can create a central user and administrative access DB that all network devices can access. • Can work with many external databases, such as Active Directory. • Supports both TACACS+ and RADIUS protocols. • Both protocols can be used to communicate between AAA client (Router) and AAA servers (ACS). • Provides user and device group profiles. • CCNA Sec Page 4
• Restrictions to network access based on a specific time. • Can be software installed on windows server or a physical appliance can be purchased from Cisco. • RADIUS (Remote Authentication Dial-In User Service). • Open standard, RFCs 2865, 2866, 2867, and 2868. • Combines authentication & authorization, but separates accounting. • Supports detailed accounting required for billing users, so preferred by ISPs. • Encrypts only the password. • Does not encrypt user name, or any other data in the message. • Used UDP port 1645 & now 1812 for authentication & authorization. • Used UDP port 1646 & now 1813 for accounting. • Supports remote-access technologies, 802.1X, and SIP. • • TACACS+ (Terminal Access Control Access Control Server). • Cisco proprietary. • Separates authentication and authorization. • Provides limited detailed accounting. • Encrypts all packet not only the password. • Utilizes TCP port 49. • Multiprotocol support, such as IP and AppleTalk. • Incompatible with any previous version of TACACS. • • AAA clients must run Cisco IOS Release 11.2 or later. • ISE (Identity Services Engine). • An identity and access control policy platform. • Can validate that a computer meets the requirements of a company’s policy related to virus definition files, service pack levels, and so on before allowing the device on the network. • Leverages many AAA-like (authentication, authorization, and accounting) features, but is not a 100 percent replacement for ACS. • ACS should be used mainly for AAA, and ISE for the posturing & policy compliance checking for hosts. • Login method types: • CCNA Sec Page 5
Login method types: • Enable. • Uses the enable password for authentication. • Line. • Uses the line password for authentication. • Local. • Uses the local username database for authentication. • Local-case. • Uses case-sensitive local username authentication. • Group radius. • Uses the list of all RADIUS servers for authentication. • Group tacacs+. • Uses the list of all TACACS+ servers for authentication. • Group group-name. • Uses a subset of RADIUS or TACACS+ servers for authentication as defined by the aaa group server radius or aaa group server tacacs+ command. • None. • To ensure that the authentication succeeds even if all methods return an error. • AAA lists. • When AAA is enabled, the default list is automatically applied to all interfaces and lines but with no methods defined unless a predefined list is assigned. • If the default method list is not set and there is no other list, only the local user database is checked. • Authorization. • What a user can and cannot do on the network after that user is authenticated. • Implemented using a AAA server-based solution. • When a user has been authenticated, a session is established with the AAA server. • The router requests authorization for the requested service from the AAA server. • The AAA server returns a PASS/FAIL for authorization. • TACACS+ establishes a new TCP session for every authorization request. • When AAA authorization is not enabled, all users are allowed full access. • To enable AAA. • R(config)# aaa new-model • To Configure Authentication to Use the AAA Server. • R(config)# aaa authentication login list-name|default method method method [maximum 4 methods] • R(config)# aaa authentication login default group radius group tacacs+ local ….. • R(config)# aaa authentication enable list-name|default group tacacs+ enable • Methods are used in order, if no response from one, the next is used. • To specify the number of unsuccessful login attempts (then the user will be locked out). • R(config)# aaa local authentication attempts max-fail n • The account (non priv 15) will stay locked until it is cleared by an administrator. • To display a list of all locked-out users. • R# show aaa local user lockout • To unlock a specific user or to unlock all locked users. • R# clear aaa local user lockout all | username name • To display the attributes that are collected for a AAA session. • R# show aaa user all | unique-id • To show the unique ID of a session. • R# show aaa sessions • CCNA Sec Page 6
R# show aaa sessions • For vty lines. • R(config)# line vty 0 4 • R(config-line)# login authentication name|default • R(config-line)# authorization exec name|default • To debug aaa authentication. • R# debug aaa authentication|authorization • Look specifically for GETUSER and GETPASS status messages. • To configure AAA with CCP. • CCP, Configure, Router, AAA,…... • To create a local user account. • CCP > Router > Router Access > User Accounts/View > Add • To configure the AAA client (router) with the TACACS+ server. • R(config)# tacacs-server host ip key the-key • To configure the AAA client (router) with the RADIUS server. • R(config)# radius-server host ip key the-key • AAA Authorization (Router) • To get the priviege level that should be given to user from the local user database. • R(config)# aaa authorization exec default local • To get the priviege level that should be given to user from the tacacs server. • R(config)# aaa authorization exec default group tacacs+ • To enable command authorization on the console. • R(config)# aaa authorization console • To assign level 15 automatically to any user just authenticated. • R(config)# aaa authorization exec default if-authenticated • To authorize each command, you enter at config and it's submode. • R(config)# aaa authorization config-commands • To authorize level x (1-15) users. • R(config)# aaa authorization commands x default group tacacs+ if-authenticated • R(config)# no aaa authorization config-commands • AAA debugging • To debug aaa. • R# debug aaa authentication • To debug RADIUS or TACACS+. • R# debug radius|tacacs events • AAA Accounting • Each session established through the ACS can be fully accounted for and stored on the server. • To configure AAA accounting. • R(config)# aaa accounting exec default|list-name start-stop|stop-only method1 method2 ... • ACS server configurations. • Network device groups. • Groups of network devices, normally based on routers or switches with similar functions/devices managed by the same administrators. • Network devices (ACS clients/routers/switches). • The individual network devices that go into the device groups. • Identity groups (user/admin groups). • Groups of administrators, normally based on users who will need similar rights and access to specific groups of network devices. • CCNA Sec Page 7
of network devices. • User accounts. • Individual administrator/user accounts that are placed in identity groups. • Authorization profiles. • These profiles control what rights are permitted. • The profile is associated with a network device group and a user/administrator identity group. • To manage ACS server. • https://ip • Default username and password: acsadmin pass: default • For trial license. • https://www.cisco.com/go/license username: adelmohammad , pass: P@ssw0rd get other licenses , demo and..., search for access control , To create a device group. • ACS > Network Resources > Network Device Groups > Device Type > Create • To add a device to the group. • Network Resources > Network Devices and AAA Clients > Create • Click the Select button to the right of the device type and select the device group • Select tacacs+ and type the password • In the ip address select range and type the range (ex. 10.0.0.100-200) , Add V • To create a user group. • Users and Identity Stores > Identity Groups > Create • To create individual user. • Users and Identity Stores > Internal Identity Stores > Users and click > Create • To create a shell profile. • Policy Elements > Authorization and Permissions > Device Administration > Shell Profiles > Create • Custom tasks tab, Default Privilege:static, type a privilige level • To configure authorization policies (To assign permisions to identity group to access device group). • Access Policies > Access Services > Default Device Admin > Authorization > Create • Then select a shell profile or create one (shell profile has a name and defines a privilige level). • Verifying and Troubleshooting Router-to-ACS Server Interactions. • Ping the ACS server from the router. • R# test aaa group tacacs+ username password legacy • Using debug Commands to Verify Functionality • To look at the reports on the ACS server. • Monitoring & Reports > Reports > Catalog > AAA Protocol • Bring Your Own Device (BYOD) Allowing users bringing their own network-connected devices while also maintaining an appropriate • security posture. The organization’s security policy must be lever-aged to govern the level of access for BYOD devices. • CCNA Sec Page 8
• BYOD Solution Components. • BYOD devices. • The corporate-owned and personally owned endpoints that require access to the corporate network regardless of their physical location. • Wireless access points (AP). • Provide wireless network connectivity to the corporate network for both local & BYOD devices. • Wireless LAN (WLAN) controllers. • Serve as a centralized point for the configuration, management, and monitoring of the Cisco WLAN solution. • Used to implement and enforce the security requirements for the BYOD solution. • Works with the ISE to enforce both authentication and authorization policies on each BYOD endpoint. • Identity Services Engine (ISE). • The cornerstone of the AAA requirements for endpoint access, which are governed by the security policies put forth by the organization. • Cisco AnyConnect Secure Mobility Client. • Provides connectivity for end users who need access to the corporate network. • Inside network users leverages 802.1X to provide secure access to the corporate network. • Outside users uses AnyConnect Client to provide secure VPN connectivity, including posture checking. • Integrated Services Routers (ISR). • Will be used in the Cisco BYOD solution to provide WAN and Internet access for the branch offices and Internet access for home office environments. • Can provide VPN connectivity for mobile devices that are part of the BYOD solution. • Adaptive Security Appliance (ASA). • Provides all the standard security functions for the BYOD solution at the Internet edge. • Can provide IPS and VPN for end devices. • Cloud Web Security (CWS). • Provides enhanced security for all the BYOD solution endpoints while they access Internet. • RSA SecurID. • The RSA SecurID server provides one-time password (OTP) generation and logging for users that access network devices and other applications which require OTP authentication. • CCNA Sec Page 9
network devices and other applications which require OTP authentication. • Active Directory. • Restricts access to those users with valid authentication credentials. • Certificate authority. • The CA server ensures that only devices with corporate certificates can access the corporate network. • Mobile Device Management (MDM). • Deploy, manage, and monitor the mobile devices that make up the Cisco BYOD solution. • Specific functions provided by MDM include: • Enforcement of a PIN lock (locking a device after a set threshold of failed login attempts has been reached). - Enforcement of strong passwords for all BYOD devices. - Detection of attempts to “jailbreak” or “root” BYOD devices, specifically smartphones, and then attempting to use these compromised devices on the corporate network. - Enforcement of data encryption requirements based on an organization’s security policies. - Ability to remotely wipe a stolen or lost BYOD device so that all data is completely removed. - MDM Deployment Options. • On-Premise MDM Deployment. • MDM application software is installed and maintained on servers within the corporate data center. • Consists of the following topology and network components: • Data center. • The data center consists of the servers and ISE to enforce posture assessment and access control. • Internet edge. • Includes an ASA firewall, WLC and the MDM which provides all the policies and profiles, digital certificates, applications, data, and configuration settings for all the BYOD devices. • Services. • Contains the WLC for all APs to which the corporate users connect; however, any other network-based services required for the corporate. • Core. • Serves as the main distribution and routing point for all network traffic traversing the corporate network environment. • Campus building. • A distribution switch provides the main ingress/egress point for all network traffic entering and exiting from the campus environment. • Cloud-Based MDM Deployment. • MDM application software is hosted, managed and maintained by a service provider who is solely • CCNA Sec Page 10
MDM application software is hosted, managed and maintained by a service provider who is solely responsible for the BYOD solution. • Consists of the following topology and network components: • Data Center. • The data center consists of the servers and ISE to enforce posture assessment and access control. • Internet edge. • Includes an ASA firewall, WLC and the MDM which provides all the policies and profiles, digital certificates, applications, data, and configuration settings for all the BYOD devices. • WAN. • Provides MPLS VPN connectivity for the branch office back to corporate network. • Internet access for the branch office. • Access to the cloud-based MDM functionality. • The cloud-based MDM provides all the policies and profiles, digital certificates, applications, data, and configuration settings for all of the BYOD devices. • WAN edge. • Serve as the ingress/egress point for the MPLS WAN traffic entering from and exiting to the branch office environment. • Services. • Contains the WLC for all APs to which the corporate users connect; however, any other network-based services required for the corporate • Core. • Serves as the main distribution and routing point for all network traffic travers ing the corporate network environment. • Branch office. • All users requiring network connectivity within the branch office do so through either hardwired connections to the access switches or via WLAN access to the corporate APs. • • CCNA Sec Page 11

Recommended

Network security
Network securityNetwork security
Network security
Sri Manakula Vinayagar Engineering College
 
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
BeyondTrust
 
Web application security part 02
Web application security part 02Web application security part 02
Web application security part 02
G Prachi
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
Nikhil Raj
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
gaurav koriya
 
Network_Intrusion_Detection_System_Team1
Network_Intrusion_Detection_System_Team1Network_Intrusion_Detection_System_Team1
Network_Intrusion_Detection_System_Team1
Saksham Agrawal
 
NGIPS(Next Generation Intrusion Prevention System) in Network security presen...
NGIPS(Next Generation Intrusion Prevention System) in Network security presen...NGIPS(Next Generation Intrusion Prevention System) in Network security presen...
NGIPS(Next Generation Intrusion Prevention System) in Network security presen...
UzairAhmad81
 
Chapter 13 web security
Chapter 13 web securityChapter 13 web security
Chapter 13 web security
newbie2019
 

Recommended

Network security
Network securityNetwork security
Network security
Sri Manakula Vinayagar Engineering College
 
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
BeyondTrust
 
Web application security part 02
Web application security part 02Web application security part 02
Web application security part 02
G Prachi
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
Nikhil Raj
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
gaurav koriya
 
Network_Intrusion_Detection_System_Team1
Network_Intrusion_Detection_System_Team1Network_Intrusion_Detection_System_Team1
Network_Intrusion_Detection_System_Team1
Saksham Agrawal
 
NGIPS(Next Generation Intrusion Prevention System) in Network security presen...
NGIPS(Next Generation Intrusion Prevention System) in Network security presen...NGIPS(Next Generation Intrusion Prevention System) in Network security presen...
NGIPS(Next Generation Intrusion Prevention System) in Network security presen...
UzairAhmad81
 
Chapter 13 web security
Chapter 13 web securityChapter 13 web security
Chapter 13 web security
newbie2019
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Roshan Ranabhat
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system security
Gary Mendonca
 
Introduction IDS
Introduction IDSIntroduction IDS
Introduction IDS
Hitesh Mohapatra
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
Aj Maurya
 
CNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationCNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident Preparation
Sam Bowne
 
DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting
Shah Sheikh
 
Eximbank security presentation
Eximbank security presentationEximbank security presentation
Eximbank security presentation
laonap166
 
Intrusion Detection Presentation
Intrusion Detection PresentationIntrusion Detection Presentation
Intrusion Detection Presentation
Mustafash79
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
OECLIB Odisha Electronics Control Library
 
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
Shah Sheikh
 
Intrusion Detection Systems
Intrusion Detection SystemsIntrusion Detection Systems
Intrusion Detection Systemsvamsi_xmen
 
CNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsCNIT 50: 9. NSM Operations
CNIT 50: 9. NSM Operations
Sam Bowne
 
Ids & ips
Ids & ipsIds & ips
Ids & ips
Lan & Wan Solutions
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemSweta Sharma
 
Industry Best Practice against DDoS Attacks
Industry Best Practice against DDoS AttacksIndustry Best Practice against DDoS Attacks
Industry Best Practice against DDoS Attacks
Marcelo Silva
 
Authentication
AuthenticationAuthentication
Authentication
primeteacher32
 
IDS n IPS
IDS n IPSIDS n IPS
IDS n IPS
SAurabh PRajapati
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)
LJ PROJECTS
 
AN INTRUSION DETECTION SYSTEM
AN INTRUSION DETECTION SYSTEMAN INTRUSION DETECTION SYSTEM
AN INTRUSION DETECTION SYSTEMApoorv Pandey
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
Mohit Belwal
 
Trisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersTrisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS Defenders
Dragos, Inc.
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)
Sam Bowne
 

More Related Content

What's hot

Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Roshan Ranabhat
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system security
Gary Mendonca
 
Introduction IDS
Introduction IDSIntroduction IDS
Introduction IDS
Hitesh Mohapatra
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
Aj Maurya
 
CNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationCNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident Preparation
Sam Bowne
 
DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting
Shah Sheikh
 
Eximbank security presentation
Eximbank security presentationEximbank security presentation
Eximbank security presentation
laonap166
 
Intrusion Detection Presentation
Intrusion Detection PresentationIntrusion Detection Presentation
Intrusion Detection Presentation
Mustafash79
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
OECLIB Odisha Electronics Control Library
 
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
Shah Sheikh
 
Intrusion Detection Systems
Intrusion Detection SystemsIntrusion Detection Systems
Intrusion Detection Systemsvamsi_xmen
 
CNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsCNIT 50: 9. NSM Operations
CNIT 50: 9. NSM Operations
Sam Bowne
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemSweta Sharma
 
Industry Best Practice against DDoS Attacks
Industry Best Practice against DDoS AttacksIndustry Best Practice against DDoS Attacks
Industry Best Practice against DDoS Attacks
Marcelo Silva
 
Authentication
AuthenticationAuthentication
Authentication
primeteacher32
 
IDS n IPS
IDS n IPSIDS n IPS
IDS n IPS
SAurabh PRajapati
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)
LJ PROJECTS
 
AN INTRUSION DETECTION SYSTEM
AN INTRUSION DETECTION SYSTEMAN INTRUSION DETECTION SYSTEM
AN INTRUSION DETECTION SYSTEMApoorv Pandey
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
Mohit Belwal
 

What's hot (20)

Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system security
 
Introduction IDS
Introduction IDSIntroduction IDS
Introduction IDS
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
 
CNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationCNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident Preparation
 
DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting
 
Eximbank security presentation
Eximbank security presentationEximbank security presentation
Eximbank security presentation
 
Intrusion Detection Presentation
Intrusion Detection PresentationIntrusion Detection Presentation
Intrusion Detection Presentation
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
 
Intrusion Detection Systems
Intrusion Detection SystemsIntrusion Detection Systems
Intrusion Detection Systems
 
CNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsCNIT 50: 9. NSM Operations
CNIT 50: 9. NSM Operations
 
Ids & ips
Ids & ipsIds & ips
Ids & ips
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Industry Best Practice against DDoS Attacks
Industry Best Practice against DDoS AttacksIndustry Best Practice against DDoS Attacks
Industry Best Practice against DDoS Attacks
 
Authentication
AuthenticationAuthentication
Authentication
 
IDS n IPS
IDS n IPSIDS n IPS
IDS n IPS
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)
 
AN INTRUSION DETECTION SYSTEM
AN INTRUSION DETECTION SYSTEMAN INTRUSION DETECTION SYSTEM
AN INTRUSION DETECTION SYSTEM
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
 

Similar to Ccna sec 01

Trisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersTrisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS Defenders
Dragos, Inc.
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)
Sam Bowne
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
Murali Mohan
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself Alert Logic
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the Cloud
Security Innovation
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber security
KAMALI PRIYA P
 
Chapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdfChapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdf
AschalewAyele2
 
Network Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptxNetwork Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptx
talkaton
 
Network Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdfNetwork Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdf
talkaton
 
Unit-5.pptx
Unit-5.pptxUnit-5.pptx
Unit-5.pptx
RoyBokhiriya
 
Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1
PROIDEA
 
CyberSecurity101.pdf
CyberSecurity101.pdfCyberSecurity101.pdf
CyberSecurity101.pdf
DhananjaySingh23178
 
network security.pdf
network security.pdfnetwork security.pdf
network security.pdf
KIYALIBAN1
 
Cyber Security # Lec 4
Cyber Security # Lec 4 Cyber Security # Lec 4
Cyber Security # Lec 4
Kabul Education University
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewalls
Divya Jyoti
 
Dncybersecurity
DncybersecurityDncybersecurity
Dncybersecurity
Anne Starr
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version
Brian Pichman
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cycle
penetration Tester
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
Јаѓќеѕн Јажѕшаф
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
Online
 

Similar to Ccna sec 01 (20)

Trisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersTrisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS Defenders
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the Cloud
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber security
 
Chapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdfChapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdf
 
Network Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptxNetwork Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptx
 
Network Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdfNetwork Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdf
 
Unit-5.pptx
Unit-5.pptxUnit-5.pptx
Unit-5.pptx
 
Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1
 
CyberSecurity101.pdf
CyberSecurity101.pdfCyberSecurity101.pdf
CyberSecurity101.pdf
 
network security.pdf
network security.pdfnetwork security.pdf
network security.pdf
 
Cyber Security # Lec 4
Cyber Security # Lec 4 Cyber Security # Lec 4
Cyber Security # Lec 4
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewalls
 
Dncybersecurity
DncybersecurityDncybersecurity
Dncybersecurity
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cycle
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
 

Recently uploaded

June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
Levi Shapiro
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
Jean Carlos Nunes Paixão
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
SACHIN R KONDAGURI
 
JEE1_This_section_contains_FOUR_ questions
JEE1_This_section_contains_FOUR_ questionsJEE1_This_section_contains_FOUR_ questions
JEE1_This_section_contains_FOUR_ questions
ShivajiThube2
 
The Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collectionThe Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collection
Israel Genealogy Research Association
 
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdfUnit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Thiyagu K
 
Digital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments UnitDigital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments Unit
chanes7
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
Thiyagu K
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
thanhdowork
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
DeeptiGupta154
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
EverAndrsGuerraGuerr
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
Celine George
 
Best Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDABest Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDA
deeptiverma2406
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
JosvitaDsouza2
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
Sandy Millin
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
David Douglas School District
 
The Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptxThe Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptx
DhatriParmar
 
Advantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO PerspectiveAdvantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO Perspective
Krisztián Száraz
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
Jisc
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Akanksha trivedi rama nursing college kanpur.
 

Recently uploaded (20)

June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
 
JEE1_This_section_contains_FOUR_ questions
JEE1_This_section_contains_FOUR_ questionsJEE1_This_section_contains_FOUR_ questions
JEE1_This_section_contains_FOUR_ questions
 
The Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collectionThe Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collection
 
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdfUnit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdf
 
Digital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments UnitDigital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments Unit
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
 
Best Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDABest Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDA
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
 
The Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptxThe Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptx
 
Advantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO PerspectiveAdvantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO Perspective
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
 

Ccna sec 01

  • 1. The basics of IT security: CIA (Confidentiality, Integrity, Availability) • Confidentiality. • Measures that prevent disclosure of information or data to unauthorized individuals or systems. • Integrity. • Protecting the data from unauthorized alteration or revision. • Often ensured through the use of a hash. • Availability. • Making systems and data ready for use when legitimate users need them at any time. • Guaranteed by network hardening mechanisms and backup systems. • Attacks against availability all fall into the “denial of service” realm. • Asset. • It is anything that is valuable to an organization. • Vulnerability. • An exploitable weakness in a system or its design. • Threat. • Any potential danger to an asset. • Countermeasure. • A safeguard that somehow mitigates a potential risk. • Risk. • The potential for unauthorized access to, compromise, destruction, or damage to an asset. • Classifying Assets. • One reason to classify an asset is so that you can take specific action, based on policy, with regard to assets in a given class. • Classifying Vulnerabilities. • Policy flaws • Design errors • CCNA Sec 01 CCNA Sec Page 1
  • 2. Design errors • Protocol weaknesses • Misconfiguration • Software vulnerabilities • Human factors • Malicious software • Hardware vulnerabilities • Physical access to network resources • Classifying Countermeasures. • Administrative controls. • Consist of written policies, procedures, guidelines, and standards. • Physical controls. • Are exactly what they sound like, physical security for the network servers, equipment, and infrastructure. • Logical controls (technical controls). • Logical controls include passwords, firewalls, IPS, access lists, VPN tunnels, ……... • Potential Attackers. • Terrorists • Criminals • Government agencies • Nation states • Hackers • Disgruntled employees • Competitors • Attack Methods. • Reconnaissance. • This is the discovery process used to find information about the network. • Social engineering. • Leverages our weakest (very likely) vulnerability in a secure system (data, applications, devices, networks): the user. • Could be done through e-mail or misdirection of web pages, which results in the user clicking something that leads to the attacker gaining information. • Phishing. • Presents a link that looks like a valid trusted resource to a user. • Pharming. • Used to direct a customer’s URL from a valid resource to a malicious one that could be made to appear as the valid site to the user. • Privilege escalation. • The process of taking some level of access and achieving an even greater level of access. • Backdoor. • Application can be installed to allow access. • Code execution. • When attackers can gain access to a device, they might be able to take several actions. • Man-in-the-Middle Attacks. • Results when attackers place themselves in line between two devices that are communicating. • To mitigate this risk, you could use techniques such as DAI (Dynamic ARP Inspection). • Additional Attack Methods. • Covert channel. • Uses programs or communications in unintended ways. • For ex. If web traffic is allowed but peer-to-peer messaging is not, users can attempt to tunnel their peer-to- • CCNA Sec Page 2
  • 3. For ex. If web traffic is allowed but peer-to-peer messaging is not, users can attempt to tunnel their peer-to- peer traffic inside of HTTP traffic. • Also a backdoor application collecting keystroke information from the workstation and then sending it out as ICMP or http packet. • Trust exploitation. • Ex. an attacker could leverage his gaining access to a DMZ host, and using that location to launch his attacks • from there to the inside network. Brute-force (password-guessing) attacks. • Performed when an attacker’s system attempts thousands of possible passwords looking for the right match. • Mitigated by limiting how many unsuccessful authentication attempts can occur within a specified time. • DoS (Denial of Service). • An attack is launched from a single device with the intent to cause damage to an asset • DDoS (Distributed Denial-of-Service). • An attack is launched from multiple devices as from botnet network. • Botnet. • A collection of infected computers that are ready to take instructions from the attacker. • RDoS (Reflected DDoS). • When the source of the initial (query) packets is actually spoofed by the attacker. • The response packets are then “reflected” back from the unknowing participant to the victim of the attack. • Guidelines for Secure Network Architecture. • Rule of least privilege. • Minimal access should only provided to the required network resources. • Defense in depth. • You should have security implemented on an early every point of your network. • Ex. filtering at a perimeter router, filtering again at a firewall, using IPSs to analyze traffic before it reaches your servers, and using host-based security precautions at the servers, as well. • Separation of duties. • Rotating individuals into different roles periodically will also assist in verifying that vulnerabilities are being addressed, because a person who moves into a new role will be required to review the policies in place. • Auditing. • Accounting and keeping records about what is occurring on the network. • Common forms of social engineering. • Phishing. • Elicits secure information through an e-mail message that appears to come from a legitimate source such as a service provider or financial institution. • The e-mail message may ask the user to reply with the sensitive data, or to access a website to update information such as a bank account number. • Malvertising. • This is the act of incorporating malicious ads on trusted websites, which results in users’ browsers being inadvertently redirected to sites hosting malware. • Phone scams. • An example is a miscreant posing as a recruiter asking for names, e-mail addresses, and so on for members of the organization and then using that information to start building a database to leverage for a future attack. • Defenses Against Social Engineering. • Password management. • The number and type of characters that each password must include, how often a password must be changed. • Two-factor authentication. • Use two-factor authentication rather than fixed passwords. • Antivirus/antiphishing defenses. • CCNA Sec Page 3
  • 4. Antivirus/antiphishing defenses. • Document handling and destruction. • Sensitive documents and media must be securely disposed of and not simply thrown out with the regular office trash. • Physical security. • Malware Identification Tools. • Packet captures. • Snort IDS • An open source IDS/IPS developed by the founder of Sourcefire. - NetFlow • IPS events • Advanced Malware Protection (AMP). • Designed for Cisco FirePOWER network security appliances. • Provides visibility and control to protect against highly sophisticated, targeted, zero-day, and persistent advanced malware threats. • NGIPS (Next-Generation Intrusion Prevention System). • The Cisco FirePOWER NGIPS solution provides multiple layers of advanced threat protection at high inspection throughput rates. • Implementing AAA in Cisco IOS Administrative access methods. • Password only. • Local database. • AAA Local Authentication (self-contained AAA). • AAA Server-based. • AAA provides: • Authentication. • Who is permitted to access a network. • Authorization. • What they can do while they are there. • Accounting. • Records in details what they did. • Methods of implementing AAA services. • Local AAA Authentication. • Uses a local database stored in the router for authentication. - Server-Based AAA Authentication. • Uses an external database server that leverages RADIUS or TACACS+ protocols. - Preferred in large environment. - Server-Based Authentication • The user establishes a connection with the router. • The router prompts the user for a username and password. • The router passes the username and password to the Cisco Secure ACS. • The ACS authenticates and authorizes the user based on its database. • ACS (Access Control Server). • Can create a central user and administrative access DB that all network devices can access. • Can work with many external databases, such as Active Directory. • Supports both TACACS+ and RADIUS protocols. • Both protocols can be used to communicate between AAA client (Router) and AAA servers (ACS). • Provides user and device group profiles. • CCNA Sec Page 4
  • 5. • Restrictions to network access based on a specific time. • Can be software installed on windows server or a physical appliance can be purchased from Cisco. • RADIUS (Remote Authentication Dial-In User Service). • Open standard, RFCs 2865, 2866, 2867, and 2868. • Combines authentication & authorization, but separates accounting. • Supports detailed accounting required for billing users, so preferred by ISPs. • Encrypts only the password. • Does not encrypt user name, or any other data in the message. • Used UDP port 1645 & now 1812 for authentication & authorization. • Used UDP port 1646 & now 1813 for accounting. • Supports remote-access technologies, 802.1X, and SIP. • • TACACS+ (Terminal Access Control Access Control Server). • Cisco proprietary. • Separates authentication and authorization. • Provides limited detailed accounting. • Encrypts all packet not only the password. • Utilizes TCP port 49. • Multiprotocol support, such as IP and AppleTalk. • Incompatible with any previous version of TACACS. • • AAA clients must run Cisco IOS Release 11.2 or later. • ISE (Identity Services Engine). • An identity and access control policy platform. • Can validate that a computer meets the requirements of a company’s policy related to virus definition files, service pack levels, and so on before allowing the device on the network. • Leverages many AAA-like (authentication, authorization, and accounting) features, but is not a 100 percent replacement for ACS. • ACS should be used mainly for AAA, and ISE for the posturing & policy compliance checking for hosts. • Login method types: • CCNA Sec Page 5
  • 6. Login method types: • Enable. • Uses the enable password for authentication. • Line. • Uses the line password for authentication. • Local. • Uses the local username database for authentication. • Local-case. • Uses case-sensitive local username authentication. • Group radius. • Uses the list of all RADIUS servers for authentication. • Group tacacs+. • Uses the list of all TACACS+ servers for authentication. • Group group-name. • Uses a subset of RADIUS or TACACS+ servers for authentication as defined by the aaa group server radius or aaa group server tacacs+ command. • None. • To ensure that the authentication succeeds even if all methods return an error. • AAA lists. • When AAA is enabled, the default list is automatically applied to all interfaces and lines but with no methods defined unless a predefined list is assigned. • If the default method list is not set and there is no other list, only the local user database is checked. • Authorization. • What a user can and cannot do on the network after that user is authenticated. • Implemented using a AAA server-based solution. • When a user has been authenticated, a session is established with the AAA server. • The router requests authorization for the requested service from the AAA server. • The AAA server returns a PASS/FAIL for authorization. • TACACS+ establishes a new TCP session for every authorization request. • When AAA authorization is not enabled, all users are allowed full access. • To enable AAA. • R(config)# aaa new-model • To Configure Authentication to Use the AAA Server. • R(config)# aaa authentication login list-name|default method method method [maximum 4 methods] • R(config)# aaa authentication login default group radius group tacacs+ local ….. • R(config)# aaa authentication enable list-name|default group tacacs+ enable • Methods are used in order, if no response from one, the next is used. • To specify the number of unsuccessful login attempts (then the user will be locked out). • R(config)# aaa local authentication attempts max-fail n • The account (non priv 15) will stay locked until it is cleared by an administrator. • To display a list of all locked-out users. • R# show aaa local user lockout • To unlock a specific user or to unlock all locked users. • R# clear aaa local user lockout all | username name • To display the attributes that are collected for a AAA session. • R# show aaa user all | unique-id • To show the unique ID of a session. • R# show aaa sessions • CCNA Sec Page 6
  • 7. R# show aaa sessions • For vty lines. • R(config)# line vty 0 4 • R(config-line)# login authentication name|default • R(config-line)# authorization exec name|default • To debug aaa authentication. • R# debug aaa authentication|authorization • Look specifically for GETUSER and GETPASS status messages. • To configure AAA with CCP. • CCP, Configure, Router, AAA,…... • To create a local user account. • CCP > Router > Router Access > User Accounts/View > Add • To configure the AAA client (router) with the TACACS+ server. • R(config)# tacacs-server host ip key the-key • To configure the AAA client (router) with the RADIUS server. • R(config)# radius-server host ip key the-key • AAA Authorization (Router) • To get the priviege level that should be given to user from the local user database. • R(config)# aaa authorization exec default local • To get the priviege level that should be given to user from the tacacs server. • R(config)# aaa authorization exec default group tacacs+ • To enable command authorization on the console. • R(config)# aaa authorization console • To assign level 15 automatically to any user just authenticated. • R(config)# aaa authorization exec default if-authenticated • To authorize each command, you enter at config and it's submode. • R(config)# aaa authorization config-commands • To authorize level x (1-15) users. • R(config)# aaa authorization commands x default group tacacs+ if-authenticated • R(config)# no aaa authorization config-commands • AAA debugging • To debug aaa. • R# debug aaa authentication • To debug RADIUS or TACACS+. • R# debug radius|tacacs events • AAA Accounting • Each session established through the ACS can be fully accounted for and stored on the server. • To configure AAA accounting. • R(config)# aaa accounting exec default|list-name start-stop|stop-only method1 method2 ... • ACS server configurations. • Network device groups. • Groups of network devices, normally based on routers or switches with similar functions/devices managed by the same administrators. • Network devices (ACS clients/routers/switches). • The individual network devices that go into the device groups. • Identity groups (user/admin groups). • Groups of administrators, normally based on users who will need similar rights and access to specific groups of network devices. • CCNA Sec Page 7
  • 8. of network devices. • User accounts. • Individual administrator/user accounts that are placed in identity groups. • Authorization profiles. • These profiles control what rights are permitted. • The profile is associated with a network device group and a user/administrator identity group. • To manage ACS server. • https://ip • Default username and password: acsadmin pass: default • For trial license. • https://www.cisco.com/go/license username: adelmohammad , pass: P@ssw0rd get other licenses , demo and..., search for access control , To create a device group. • ACS > Network Resources > Network Device Groups > Device Type > Create • To add a device to the group. • Network Resources > Network Devices and AAA Clients > Create • Click the Select button to the right of the device type and select the device group • Select tacacs+ and type the password • In the ip address select range and type the range (ex. 10.0.0.100-200) , Add V • To create a user group. • Users and Identity Stores > Identity Groups > Create • To create individual user. • Users and Identity Stores > Internal Identity Stores > Users and click > Create • To create a shell profile. • Policy Elements > Authorization and Permissions > Device Administration > Shell Profiles > Create • Custom tasks tab, Default Privilege:static, type a privilige level • To configure authorization policies (To assign permisions to identity group to access device group). • Access Policies > Access Services > Default Device Admin > Authorization > Create • Then select a shell profile or create one (shell profile has a name and defines a privilige level). • Verifying and Troubleshooting Router-to-ACS Server Interactions. • Ping the ACS server from the router. • R# test aaa group tacacs+ username password legacy • Using debug Commands to Verify Functionality • To look at the reports on the ACS server. • Monitoring & Reports > Reports > Catalog > AAA Protocol • Bring Your Own Device (BYOD) Allowing users bringing their own network-connected devices while also maintaining an appropriate • security posture. The organization’s security policy must be lever-aged to govern the level of access for BYOD devices. • CCNA Sec Page 8
  • 9. • BYOD Solution Components. • BYOD devices. • The corporate-owned and personally owned endpoints that require access to the corporate network regardless of their physical location. • Wireless access points (AP). • Provide wireless network connectivity to the corporate network for both local & BYOD devices. • Wireless LAN (WLAN) controllers. • Serve as a centralized point for the configuration, management, and monitoring of the Cisco WLAN solution. • Used to implement and enforce the security requirements for the BYOD solution. • Works with the ISE to enforce both authentication and authorization policies on each BYOD endpoint. • Identity Services Engine (ISE). • The cornerstone of the AAA requirements for endpoint access, which are governed by the security policies put forth by the organization. • Cisco AnyConnect Secure Mobility Client. • Provides connectivity for end users who need access to the corporate network. • Inside network users leverages 802.1X to provide secure access to the corporate network. • Outside users uses AnyConnect Client to provide secure VPN connectivity, including posture checking. • Integrated Services Routers (ISR). • Will be used in the Cisco BYOD solution to provide WAN and Internet access for the branch offices and Internet access for home office environments. • Can provide VPN connectivity for mobile devices that are part of the BYOD solution. • Adaptive Security Appliance (ASA). • Provides all the standard security functions for the BYOD solution at the Internet edge. • Can provide IPS and VPN for end devices. • Cloud Web Security (CWS). • Provides enhanced security for all the BYOD solution endpoints while they access Internet. • RSA SecurID. • The RSA SecurID server provides one-time password (OTP) generation and logging for users that access network devices and other applications which require OTP authentication. • CCNA Sec Page 9
  • 10. network devices and other applications which require OTP authentication. • Active Directory. • Restricts access to those users with valid authentication credentials. • Certificate authority. • The CA server ensures that only devices with corporate certificates can access the corporate network. • Mobile Device Management (MDM). • Deploy, manage, and monitor the mobile devices that make up the Cisco BYOD solution. • Specific functions provided by MDM include: • Enforcement of a PIN lock (locking a device after a set threshold of failed login attempts has been reached). - Enforcement of strong passwords for all BYOD devices. - Detection of attempts to “jailbreak” or “root” BYOD devices, specifically smartphones, and then attempting to use these compromised devices on the corporate network. - Enforcement of data encryption requirements based on an organization’s security policies. - Ability to remotely wipe a stolen or lost BYOD device so that all data is completely removed. - MDM Deployment Options. • On-Premise MDM Deployment. • MDM application software is installed and maintained on servers within the corporate data center. • Consists of the following topology and network components: • Data center. • The data center consists of the servers and ISE to enforce posture assessment and access control. • Internet edge. • Includes an ASA firewall, WLC and the MDM which provides all the policies and profiles, digital certificates, applications, data, and configuration settings for all the BYOD devices. • Services. • Contains the WLC for all APs to which the corporate users connect; however, any other network-based services required for the corporate. • Core. • Serves as the main distribution and routing point for all network traffic traversing the corporate network environment. • Campus building. • A distribution switch provides the main ingress/egress point for all network traffic entering and exiting from the campus environment. • Cloud-Based MDM Deployment. • MDM application software is hosted, managed and maintained by a service provider who is solely • CCNA Sec Page 10
  • 11. MDM application software is hosted, managed and maintained by a service provider who is solely responsible for the BYOD solution. • Consists of the following topology and network components: • Data Center. • The data center consists of the servers and ISE to enforce posture assessment and access control. • Internet edge. • Includes an ASA firewall, WLC and the MDM which provides all the policies and profiles, digital certificates, applications, data, and configuration settings for all the BYOD devices. • WAN. • Provides MPLS VPN connectivity for the branch office back to corporate network. • Internet access for the branch office. • Access to the cloud-based MDM functionality. • The cloud-based MDM provides all the policies and profiles, digital certificates, applications, data, and configuration settings for all of the BYOD devices. • WAN edge. • Serve as the ingress/egress point for the MPLS WAN traffic entering from and exiting to the branch office environment. • Services. • Contains the WLC for all APs to which the corporate users connect; however, any other network-based services required for the corporate • Core. • Serves as the main distribution and routing point for all network traffic travers ing the corporate network environment. • Branch office. • All users requiring network connectivity within the branch office do so through either hardwired connections to the access switches or via WLAN access to the corporate APs. • • CCNA Sec Page 11