1.0.1
1.0.1 What What does does Network Network SecuritySecurity involve?
involve?
Network security involves
Network security involves protocols,protocols,
technologies, devices, tools, and
technologies, devices, tools, and
techniques to secure data and mitigate
techniques to secure data and mitigate
threats.
threats.
What do Network security What do Network security organization
organizations s do?do?
set standards, encourage collaboration,
set standards, encourage collaboration,
and provide workforce development
and provide workforce development
opportunities for security professionals
opportunities for security professionals
What are some types of network What are some types of network attacks?
attacks?
Viruses, worms, and Trojan Horses are
Viruses, worms, and Trojan Horses are
specific types of network attacks. More
specific types of network attacks. More
generally, network attacks are classified
generally, network attacks are classified
as reconnaissance, access, or Denial of
as reconnaissance, access, or Denial of
Service attacks
Service attacks
1.1.1
1.1.1 Why Why is is Network Network SecuritySecurity
important to organizations and important to organizations and businesses?
businesses?
Network security breaches can disrupt
Network security breaches can disrupt
e-commerce, cause the loss of business
commerce, cause the loss of business
data and threaten people's privacy (with
data and threaten people's privacy (with
the potential legal
the potential legal consequences)consequences), , andand
compromise the integrity of information.
compromise the integrity of information.
These breaches can result in lost revenue
These breaches can result in lost revenue
for corporations, theft of
for corporations, theft of intellectualintellectual
property, and lawsuits, and can even
property, and lawsuits, and can even
threaten public safety.
threaten public safety.
What is the difference between What is the difference between an intrusion detection system an intrusion detection system (IDS) and an intrusion prevention (IDS) and an intrusion prevention system (IPS)?
system (IPS)?
An
An IDSIDS provides real-time detection ofprovides real-time detection of
certain types of attacks while they are in
certain types of attacks while they are in
progress.
progress.
IPS
IPS devices enable the detection ofdevices enable the detection of
malicious activity and have the ability to
malicious activity and have the ability to
automatically block the attack in
automatically block the attack in real-time.real-time.
Explain the difference between Explain the difference between packet-filterin
packet-filtering g firewalls andfirewalls and stateful firewalls?
stateful firewalls?
Packet filtering
Packet filtering firewalls inspect eachfirewalls inspect each
packet in isolation without examining
packet in isolation without examining
whether a packet is part of an existing
whether a packet is part of an existing
connection.
connection. Packet Packet filtering filtering firewallsfirewalls
inspect packets to see if they matched
inspect packets to see if they matched
sets of predefined rules, with the option of
forwarding or dropping the packets accordingly. Stateful firewalls also use predefined rules for permitting or denying traffic.
Unlike packet filtering firewalls, stateful firewalls keep track of established
connections and determine if a packet belongs to an existing flow of data,
providing greater security and more rapid processing.
What are the two main types of internal threats to the network?
Spoofing attacks where one device attempts to pose as another by falsifying data.
DoS attacks make computer resources unavailable to intended users.
What is Cryptography? the study and practice of hiding information
Describe the three components of Information Security?
Confidentiality, Integrity and Availability Confidentiality means hiding plaintext data.
Integrity, means that the data is
preserved unaltered during any operation. Availability means that data is always accessible.
1.1.2 What is a hacker? Bad or Good Bad hackers work to gain unauthorized access to devices on the Internet or that run programs to prevent or slow network access to a large number of users, or corrupt or wipe out data on servers. Good hackers work to ensure that networks are not vulnerable to attack.
Describe Nmap Nmap ("Network Mapper") is a free and open source utility for network exploration or security auditing. that uses raw IP
packets in novel ways to determine what hosts are available on the network, what services those hosts are offering, what operating systems and what type of packet filters/firewalls are in use, and dozens of other characteristics.
Describe SATAN The Security Administrator Tool for
Analyzing Networks (SATAN) is a testing and reporting toolbox that collects a
variety of information about networked hosts.
Describe Back Orifice 2000 BO2K is the most powerful network administration tool available for the
Microsoft environment that puts network administrators solidly back in control of the system, network, registry, passwords, file system, and processes.
What is the main need for laws safeguarding network security?
Trillions of dollars are transacted over the Internet on a daily basis, and the
livelihoods of millions depend on Internet commerce.
1.1.3 What are some of the network security organizations?
SysAdmin, Audit, Network, Security (SANS) Institute
Computer Emergency Response Team (CERT)
International Information Systems Security Certification Consortium Mitre Corporation
FIRST
1.1.4 What are the 12 network security domains specified by the
ISO/IEC?
* risk assessment * security policy;
* organization of information security; * asset management;
* human resources security;
* physical and environmental security; * communications and operations management;
* access control;
* information systems acquisition, development and maintenance; * information security incident management;
* business continuity management; * compliance.
1,1,5 What is a Security Policy? A security policy is a formal statement of the rules by which people must abide who are given access to the technology and information assets of an organization. The policy is used to aid in network design, convey security principles, and facilitate network deployments
The network security policy outlines what assets need to be protected and gives guidance on how it should be protected. The policy should specify that logs are formally maintained for all network devices and servers.
Describe the Cisco Self-Defending Network.
A Cisco Self-Defending Network (SDN) uses the network to identify, prevent, and adapt to threats.
A Cisco SDN begins with a strong, secure, flexible network platform from which a security solution is built.
1.2.1 Describe the three primary vulnerabilities for end-users:
A virus is malicious software which
attaches to another program to execute a specific unwanted function on a computer.
A worm executes arbitrary code and installs copies of itself in the memory of the infected computer, which then infects other hosts.
A Trojan Horse is an application written to look like something else. When a
Trojan Horse is downloaded and opened, it attacks the end-user computer from within.
1.2.2 Describe the three major components to most worm attacks:
Enabling vulnerability - A worm installs itself using an exploit mechanism (email attachment, executable file, Trojan Horse) on a vulnerable system.
Propagation mechanism - After gaining access to a device, the worm replicates itself and locates new targets.
Payload - Any malicious code that results in some action. Most often this is used to create a backdoor to the infected host. Describe the five basic phases of
a worm or virus attack:
Probe phase Penetrate phase Persist phase Propagate phase Paralyze phase 1.2.3 Describe the types of Trojan
Horse attacks:
Remote-access Trojan Horse (enables unauthorized remote access)
Data sending Trojan Horse (provides the attacker with sensitive data such as
passwords)
Destructive Trojan Horse (corrupts or deletes files)
Proxy Trojan Horse (user's computer functions as a proxy server)
FTP Trojan Horse (opens port 21)
Security software disabler Trojan Horse (stops anti-virus programs or firewalls
from functioning)
Denial of Service Trojan Horse (slows or halts network activity)
1.2.4 Describe the four phases of worm mitigation:
The response to a worm infection can be broken down into: containment,
inoculation, quarantine, and treatment phases.
Describe Cisco Security Agent: A host-based intrusion prevention system that can be integrated with anti-virus
software from various vendors. Describe the Cisco Network
Admission Control (NAC):
A turnkey solution to control network access. It admits only hosts that are
authenticated and have had their security posture examined and approved for the network.
Describe Cisco MARS Cisco Security Monitoring, Analysis, and Response System provides security monitoring for network security devices and host applications made by Cisco and other providers. MARS makes precise recommendations for threat removal,
including the ability to visualize the attack path and identify the source of the threat with detailed topological graphs that simplify security response.
1.3.1 Describe the three major
catagories of network attacks:
Reconnaissance attacks involve the unauthorized discovery and mapping of systems, services, or vulnerabilities. methods may include: Packet sniffers, Ping sweeps, Port scans, or Internet information queries.
Access attacks exploit known
vulnerabilities in authentication services, FTP services, and web services to gain
entry. Used to retrieve data, gain access, and escalate access privileges. May
include: Password attack, Trust
exploitation, Port redirection, Man-in-the-middle attack, or Buffer overflow
Denial of Service attacks send extremely large numbers of requests over a network or the Internet to cause the target device to run suboptimally and causing the
attacked device to become unavailable for legitimate access and use.
1.3.3 Describe the five basic ways that DoS attacks can do harm:
Consumption of computational resources, such as bandwidth, disk space, or processor time
Disruption of configuration information, such as routing information
Disruption of state information, such as unsolicited resetting of TCP sessions Disruption of physical network
components
Obstruction of communication between the victim and others.
1.3.4 How can Reconnaissance attacks be mitigated?
Using strong authentication Encrypt network traffic
Use Antisniffer software
Implement a switched infrastructure Use a firewall and IPS
How can Access attacks be mitigated?
Strong password security Principle of minimum trust Cryptography
Applying operating system and application patches
How can DoS or DDoS attacks be mitigated?
IPS and firewalls (Cisco ASAs and ISRs) Anti-spoofing technologies
Describe the 10 best practices to secure your network:
1. Keep patches up to date by installing them weekly or daily, if possible, to prevent buffer overflow and privilege escalation attacks.
2. Shut down unnecessary services and ports.
3. Use strong passwords and change them often.
4. Control physical access to systems. 5. Avoid unnecessary web page inputs. Some websites allow users to enter
usernames and passwords. A hacker can enter more than just a username. For example, entering "jdoe; rm -rf /" might allow an attacker to remove the root file system from a UNIX server. Programmers should limit input characters and not
accept invalid characters such as | ; < > as input.
6. Perform backups and test the backed up files on a regular basis.
7. Educate employees about the risks of social engineering, and develop strategies to validate identities over the phone, via email, or in person.
8. Encrypt and password-protect sensitive data.
9. Implement security hardware and software such as firewalls, IPSs, virtual private network (VPN) devices, anti-virus software, and content filtering.
10. Develop a written security policy for the company.
