Embed Size (px)
Citation preview
1
CCNA Security
Chapter 1: Modern Network Security Chapter 1: Modern Network Security ThreatsThreats
2
Lesson Objectives
Describe the evolution of network security.
Describe the drivers for network security.
Describe the major network security organizations.
Describe the domains of network security.
Describe network security policies.
Describe viruses, worms, and Trojan Horses.
3
Lesson Objectives
Describe how to mitigate threats from viruses, worms, and Trojan Horses.
Describe how network attacks are categorized.
Describe reconnaissance attacks.
Describe access attacks.
Describe Denial of Service attacks.
Describe how to mitigate network attacks.
4
Modern Network Security Threats
1.11.1 Fundamental Principles of a Secure Network Fundamental Principles of a Secure Network
1.2 1.2 Viruses, Worms, and Trojan HorsesViruses, Worms, and Trojan Horses
1.31.3 Attack Methodologies Attack Methodologies
5
1.1 Fundamental Fundamental PrinciplesPrinciples of a
Secure Network
6
1.1 Fundamental PrinciplesFundamental Principles of a Secure Network
1.1.1 1.1.1 EvolutionEvolution of Network Security of Network Security
1.1.2 1.1.2 DriversDrivers for Network Security for Network Security
1.1.3 Network Security Organizations1.1.3 Network Security Organizations
1.1.4 1.1.4 DomainsDomains of Network Security of Network Security
1.1.5 Network Security 1.1.5 Network Security PolicesPolices
7
1.1.1 Evolution of Network Security
In July 2001, the In July 2001, the Code RedCode Red worm attacked worm attacked web servers globally, infecting over web servers globally, infecting over 350,000350,000 hosts.hosts.
In July 2001, the In July 2001, the Code RedCode Red worm attacked worm attacked web servers globally, infecting over web servers globally, infecting over 350,000350,000 hosts.hosts.
8
Evolution of Network Security
““Necessity is the Necessity is the mother mother of invention.”of invention.”““Necessity is the Necessity is the mother mother of invention.”of invention.”
9
Evolution of Network Security
10
Evolution of Network Security
Internal threatsInternal threats can cause even greater can cause even greater damagedamage than than external threatsexternal threats..
11
Evolution of Network Security
ConfidentialityConfidentiality
IntegrityIntegrity
AvailabilityAvailability
12
1.1.2 Drivers for Network Security
Hackers–White hat
–Black hat
Hacking is a Hacking is a driving forcedriving force in in network security.network security.
13
Drivers for Network Security
Hacker:Hacker:
1960s: PhreakingPhreaking,
John Draper
1980s: Wardialing Wardialing
1990s: WardrivingWardriving
……
14
Drivers for Network Security
15
Drivers for Network Security
Network security professionals
16
1.1.3 Network Security Organizations
www.infosyssec.com
www.sans.org
www.cisecurity.org
www.cert.org
www.isc2.org
www.first.org
www.infragard.net
www.mitre.org
www.cnss.gov
17
Network Security Organizations - SANS
18
Network Security Organizations - CERT
19
Systems Security Certified Practitioner (SCCP)
Certification and Accreditation Professional (CAP)
Certified Secure Software Lifecycle Professional (CSSLP)
Certified Information Systems Security Professional (CISSP)
Information security certifications Offered by (ISC)2
Network Security Organizations - ISC2
20
1.1.4 Domains of Network Security
ISO/IEC 17799ISO/IEC 17799
21
Domains of Network Security
22
Network Security Policies(SDN)
23
Network Security Policies
24
Network Security Policies
25
Network Security Policies
ComprehensiveComprehensive
SuccinctSuccinct
26
1.2 Viruses, Worms, 1.2 Viruses, Worms, and Trojan Horsesand Trojan Horses
27
1.2 Viruses, Worms, and Trojan Horses
1.2.1 Virus
1.2.2 Worm
1.2.3 Trojan Horse
1.2.4 Mitigating Virus, Worms, and Trojan Horse
28
1.2.1 Viruses
A A virusvirus is malicious is malicious softwaresoftware which attaches which attaches to another program to to another program to executeexecute a specific a specific unwantedunwanted function on a computer. function on a computer.
29
1.2.2 Worms
A A wormworm executes arbitrary code and installs executes arbitrary code and installs copies copies
of itself in the of itself in the memory memory of the infected computer, of the infected computer, which then which then infectsinfects other hosts. other hosts.
30
Worms
Three major components to most worm attacks:
–Enabling vulnerability
–Propagation mechanism
–Payload
31
Worms
Five basic phases of attack of worm and virus:
探测
渗透
持续
传播
瘫痪
32
1.2.3 Trojan Horses1.2.3 Trojan Horses
A A Trojan HorseTrojan Horse is malware software is malware software that carries that carries
out malicious operations under the out malicious operations under the guiseguise of of a desired function. a desired function.
33
1.2.4 Mitigating Viruses, Worms, and Trojan Horses
Viruses and Trojan HorsesViruses and Trojan Horses tend to take advantage of tend to take advantage of
locallocal root buffer overflows. root buffer overflows.
WormsWorms such as SQL Slammer and Code Red exploit such as SQL Slammer and Code Red exploit
remoteremote root buffer overflows. root buffer overflows.
34
1.2.4 Mitigating Viruses, Worms, and Trojan Horses
The primary means of The primary means of mitigating virus and mitigating virus and Trojan horse attacks is Trojan horse attacks is
anti-virus softwareanti-virus software. .
35
Mitigating Viruses, Worms, and Trojan Horses
Worms are more network-based than viruses.
The response to a worm infection can be broken down into four phases: Containment(抑制)Inoculation(接种)Quarantine(隔离)Treatment(治疗)
36
Mitigating Viruses, Worms, and Trojan Horses
Example ( SQL Slammer worm):
37
Mitigating Viruses, Worms, and Trojan Horses
• Host-based intrusion prevention system (HIPS) Cisco Security Agent (CSA)
Cisco Network Admission Control (NAC)
Cisco Security Monitoring, Analysis, and Response System (MARS)
38
1.3 Attack 1.3 Attack MethodologiesMethodologies
39
1.3 Attack Methodologies
1.3.1 1.3.1 Reconnaissance Reconnaissance AttackAttack
1.3.2 1.3.2 AccessAccess Attacks Attacks
1.3.3 1.3.3 Denial of ServiceDenial of Service Attacks Attacks
1.3.4 1.3.4 MitigatingMitigating Network Attacks Network Attacks
40
1.3.1 Reconnaissance Attack
This course classifies attacks in three major categories.
41
Reconnaissance Attack
Reconnaissance attacks use various tools to Reconnaissance attacks use various tools to gain access to a network: gain access to a network:
– Packet sniffersPacket sniffers
– Ping sweepsPing sweeps
– Port scansPort scans
– Internet information queriesInternet information queries
42
Reconnaissance Attack A packet sniffer is a software application.
Uses a network adapter card in promiscuous mode to capture all network packets that are sent across a LAN.
Some network applications distribute network packets in unencrypted plaintext.
Numerous freeware and shareware packet sniffers.
43
Reconnaissance Attack
44
Reconnaissance Attack
Keep in mind that reconnaissance attacks are Keep in mind that reconnaissance attacks are
typically the typically the precursorprecursor to further attacks. to further attacks.
The network-based intrusion prevention The network-based intrusion prevention
functionality supported by Cisco IOS functionality supported by Cisco IOS security security
imagesimages running on ISRs. running on ISRs.
45
1.3.2 Access Attacks
There are There are five typesfive types of access attacks: of access attacks:• Password attack Password attack
• Trust exploitation Trust exploitation
• Port redirection Port redirection
• Man-in-the-middle attack Man-in-the-middle attack
• Buffer overflowBuffer overflow
46
Access Attacks
Password attack
Attackers can implement password attacks using several different methods:
–Brute-force attacks
–Trojan Horse programs
–Packet sniffers
47
Access Attacks
Trust exploitation
48
Access Attacks
Port redirection
49
Access Attacks
Man-in-the-middle attack
50
Access Attacks
Buffer overflow
51
Access Attacks
Detect the Access Attacks:
– Reviewing logsReviewing logs
Check the numbers of failed loginfailed login attempts.
– Bandwidth utilizationBandwidth utilization
Detect the Man-in-the-middle attacks.
– Process loadsProcess loads
Detect the buffer overflowbuffer overflow attacks.
52
1.3.3 Denial of Service Attacks
A DoSDoS attack is a networknetwork attack.
DoS attacks attempt to compromise the availabilitycompromise the availability of a network, host, or application.
There are two major reasons a DoS attack occurs:
–A host or application fails to handle an unexpected condition.
–A network, host, or application is unable to handle an enormous quantity of data.
53
Denial of Service Attacks
Dos
54
Denial of Service Attacks
DDos — Distribute Dos
55
Denial of Service Attacks Ping of Death
A hacker sends an echo request in an IP packet larger than the maximum packet size of 65,535 bytes
– ping -t -l 65550 192.168.1.1
56
Denial of Service Attacks Smurf Attack
57
Denial of Service Attacks
TCP SYN Flood
58
Denial of Service Attacks - Email Attacks
Sends a Sends a copycopy of itself to everyone mail listed. of itself to everyone mail listed.
Email Email BombBomb. .
59
DoS - Physical Infrastructure Attacks
Snip your Snip your cablescables! !
Affect Power!Affect Power!
DestructionDestruction of devices! of devices!
60
Social EngineeringSocial Engineering Attacks AttacksSocial EngineeringSocial Engineering Attacks Attacks
61
Tools of the Attacker
The following are a few of the most popular tools used by network attackers:
Enumeration tools (dumpreg, netview and netuser)
Port/address scanners (AngryIP, nmap, Nessus)
Vulnerability scanners (Meta Sploit, Core Impact, ISS)
Packet Sniffers (Snort, Wire Shark, Air Magnet)
Root kits
Cryptographic cracking tools (Cain, WepCrack)
Malicious codes (worms, Trojan horse, time bombs)
System hijack tools (netcat, MetaSploit, Core Impact)
62
1.3.4 Mitigating Network Attacks
Reconnaissance attacksReconnaissance attacks can be mitigated in several ways.
1. Implement authenticationauthentication to ensure proper access.
2. Use encryptioencryptionn to render packet sniffer attacks useless.
3. Use anti-sniffer toolsanti-sniffer tools to detect packet sniffer attacks.
4. Implement a switchedswitched infrastructure.
5. Use a firewall and IPSfirewall and IPS.
63
Mitigating Network Attacks
Several techniques are available for mitigating access access
attacksattacks.
1.1. StrongStrong password security
2. Principle of minimum trustminimum trust
3.3. CryptographyCryptography
4. Applying operating system and application patchespatches
64
Mitigating Network Attacks
The Primary Means of Mitigating DoSDoS Attacks :
1.1. IPSIPS and firewallsfirewalls (Cisco ASAs and ISRs)
2.2. Anti-spoofingAnti-spoofing technologies
3.3. Quality of ServiceQuality of Service – traffic policing
65
10 best practices (1)
66
10 best practices (2)
Avoid unnecessary inputs
Shutdown services and ports Backup
Educate
67
Security of the network is ultimately the responsibility of
everyone
68
