CCNA_Security_01Mod-security-ciscopk.ppt
- 1. 1 © 2009 Cisco Learning Institute. Network Security Lecture One Modern Network Security Threats
- 2. 2 2 2 © 2009 Cisco Learning Institute. What is Network Security? National Security Telecommunications and Information Systems Security Committee (NSTISSC) Network security is the protection of information and systems and hardware that use, store, and transmit that information. Network security encompasses those steps that are taken to ensure the confidentiality, integrity, and availability of data or resources.
- 3. 3 3 3 © 2009 Cisco Learning Institute. Business Impact 1. Decrease in productivity 2. Loss of sales revenue 3. Release of unauthorized sensitive data 4. Threat of trade secrets or formulas 5. Compromise of reputation and trust 6. Loss of communications 7. Threat to environmental and safety systems 8. Loss of time
- 4. 4 4 4 © 2009 Cisco Learning Institute. Goals of an Information Security Program • Confidentiality - Prevent the disclosure of sensitive information from unauthorized people, resources, and processes • Integrity - The protection of system information or processes from intentional or accidental modification • Availability - The assurance that systems and data are accessible by authorized users when needed
- 5. 5 5 5 © 2009 Cisco Learning Institute. Confidentiality Integrity Availability Processing Storage Transmission Policy and Procedures Technology Education, Training, and Awareness Information Security Model Information Security Properties Security Measures
- 6. 6 6 6 © 2009 Cisco Learning Institute. Risk Management • Risk Analysis • Threats • Vulnerabilities • Countermeasures
- 7. 7 7 7 © 2009 Cisco Learning Institute. Risk Management Control physical access Password protection Develop a Security Policy • The process of assessing and quantifying risk and establishing an acceptable level of risk for the organization • Risk can be mitigated, but cannot be eliminated
- 8. 8 8 8 © 2009 Cisco Learning Institute. Network Security “Threat” • A potential danger to information or a system • An example: the ability to gain unauthorized access to systems or information in order to commit fraud, network intrusion, industrial espionage, identity theft, or simply to disrupt the system or network • There may be weaknesses that greatly increase the likelihood of a threat manifesting • Threats may include equipment failure, structured attacks, natural disasters, physical attacks, theft, viruses and many other potential events causing danger or damage
- 9. 9 9 9 © 2009 Cisco Learning Institute. Vulnerability • A network vulnerability is a weakness in a system, technology, product or policy • In today’s environment, several organizations track, organize and test these vulnerabilities • The US government has a contract with an organization to track and publish network vulnerabilities • Each vulnerability is given an ID and can be reviewed by network security professionals over the Internet. • The common vulnerability exposure (CVE) list also publishes ways to prevent the vulnerability from being attacked
- 10. 10 10 10 © 2009 Cisco Learning Institute. Vulnerability Appraisal • It is very import that network security specialists understand the importance of vulnerability appraisal • A vulnerability appraisal is a snapshot of the security of the organization as it now stands • What current security weaknesses may expose the assets to these threats? • Vulnerability scanners are tools available as free Internet downloads and as commercial products • These tools compare the asset against a database of known vulnerabilities and produce a discovery report that exposes the vulnerability and assesses its severity
- 11. 11 11 11 © 2009 Cisco Learning Institute. Risk Management Terms • Vulnerability – a system, network or device weakness • Threat – potential danger posed by a vulnerability • Threat agent – the entity that indentifies a vulnerability and uses it to attack the victim • Risk – likelihood of a threat agent taking advantage of a vulnerability and the corresponding business impact • Exposure – potential to experience losses from a threat agent • Countermeasure – put into place to mitigate the potential risk
- 12. 12 12 12 © 2009 Cisco Learning Institute. Understanding Risk Threat Agent Risk Threat Vulnerability Asset Countermeasure Exposure Gives rise to Exploits Leads to Can damage Causes Can be safeguarded by Directly affects
- 13. 13 13 13 © 2009 Cisco Learning Institute. Qualitative Risk Analysis A new worm Web site defacement Fire protection system Floods datacenter Exposure values prioritize the order for addressing risks
- 14. 14 14 14 © 2009 Cisco Learning Institute. Quantitative Risk Analysis • Exposure Factor (EF) - % of loss of an asset • Single Loss Expectancy (SLE) - EF x Value of asset in $ • Annualized Rate of Occurrence (ARO) - A number representing frequency of occurrence of a threat Example: 0.0 = Never 1000 = Occurs very often • Annualized Loss Expectancy (ALE) - Dollar value derived from: SLE x ARO
- 15. 15 15 15 © 2009 Cisco Learning Institute. Countermeasure Selection • Cost /benefit calculation (ALE before implementing safeguard) – (ALE after implementing safeguard) – (annual cost of safeguard) = value of safeguard to the company • Evaluating cost of a countermeasure - Product costs - Design/planning costs - Implementation costs - Environment modifications - Compatibility - Maintenance requirements - Testing requirements - Repair, replacement, or update costs - Operating and support costs - Effects of productivity
- 16. 16 16 16 © 2009 Cisco Learning Institute. Managing Risks Acknowledge that the risk exists, but apply no safeguard Shift responsibility for the risk to a third party (ISP, Insurance, etc.) Change the asset’s risk exposure (apply safeguard) Eliminate the asset’s exposure to risk, or eliminate the asset altogether Accept Avoid Mitigate Transfer Risk
- 17. 17 17 17 © 2009 Cisco Learning Institute. Types of Attacks Structured attack Come from hackers who are more highly motivated and technically competent. These people know system vulnerabilities and can understand and develop exploit code and scripts. They understand, develop, and use sophisticated hacking techniques to penetrate unsuspecting businesses. These groups are often involved with the major fraud and theft cases reported to law enforcement agencies. Unstructured attack Consists of mostly inexperienced individuals using easily available hacking tools such as shell scripts and password crackers. Even unstructured threats that are only executed with the intent of testing and challenging a hacker’s skills can still do serious damage to a company.
- 18. 18 18 18 © 2009 Cisco Learning Institute. Types of Attacks External attacks Initiated by individuals or groups working outside of a company. They do not have authorized access to the computer systems or network. They gather information in order to work their way into a network mainly from the Internet or dialup access servers. Internal attacks More common and dangerous. Internal attacks are initiated by someone who has authorized access to the network. According to the FBI, internal access and misuse account for 60 to 80 percent of reported incidents. These attacks often are traced to disgruntled employees.
- 19. 19 19 19 © 2009 Cisco Learning Institute. Tools of the Attacker • The following are a few of the most popular tools used by network attackers: - Enumeration tools (dumpreg, netview and netuser) - Port/address scanners (AngryIP, nmap, Nessus) - Vulnerability scanners (MetaSploit, Core Impact, ISS) - Packet Sniffers (Snort, WireShark, Air Magnet) - Root kits - Cryptographic cracking tools (Cain, WepCrack) - Malicious codes (worms, Trojan horse, time bombs) - System hijack tools (netcat, MetaSploit, Core Impact)
- 20. 20 20 20 © 2009 Cisco Learning Institute. Countermeasures • DMZ/NAT • IDS/IPS • Content Filtering/NAC • Firewalls/proxy services • Authentication/Authorization/Accounting • Self-defending networks • Policies, procedures, standards guidelines • Training and awareness
- 21. 21 21 21 © 2009 Cisco Learning Institute. Countermeasure Selection • Cost /benefit calculation (ALE before implementing safeguard) – (ALE after implementing safeguard) – (annual cost of safeguard) = value of safeguard to the company • Evaluating cost of a countermeasure - Product costs - Design/planning costs - Implementation costs - Environment modifications - Compatibility - Maintenance requirements - Testing requirements - Repair, replacement, or update costs - Operating and support costs - Effects of productivity
- 22. 22 22 22 © 2009 Cisco Learning Institute. Security Administration • Policies • Standards • Guidelines • Procedures • Baselines 1. Risk Assessment 2. Security Policy 3. Organization of Information Security 4. Asset Management 5. Human Resources Security 6. Physical and Environmental Security 7. Communications and Operations Management 8. Access Control 9. Information Systems Acquisition, Development and Maintenance 10. Information Security Incident Management 11. Business Continuity Management 12. Compliance Domains of Network Security
- 23. 23 23 23 © 2009 Cisco Learning Institute. What Is a Security Policy? • A document that states how an organization plans to protect its tangible and intangible information assets - Management instructions indicating a course of action, a guiding principle, or appropriate procedure - High-level statements that provide guidance to workers who must make present and future decisions - Generalized requirements that must be written down and communicated to others
- 24. 24 24 24 © 2009 Cisco Learning Institute. Documents Supporting Policies • Standards – dictate specific minimum requirements in our policies • Guidelines – suggest the best way to accomplish certain tasks • Procedures – provide a method by which a policy is accomplished (the instructions)
- 25. 25 25 25 © 2009 Cisco Learning Institute. Example: The Policy • All users must have a unique user ID and password that conforms to the company password standard • Users must not share their password with anyone regardless of title or position • Passwords must not be stored in written or any readable form • If a compromise is suspected, it must be reported to the help desk and a new password must be requested
- 26. 26 26 26 © 2009 Cisco Learning Institute. Example: The Standards • Minimum of 8 upper- and lowercase alphanumeric characters • Must include a special character • Must be changed every 30 days • Password history of 24 previous passwords will be used to ensure passwords aren’t reused
- 27. 27 27 27 © 2009 Cisco Learning Institute. Example: The Guideline • Take a phrase Up and At ‘me at 7! • Convert to a strong password Up&atm@7! • To create other passwords from this phrase, change the number, move the symbol, or change the punctuation mark
- 28. 28 28 28 © 2009 Cisco Learning Institute. Example: The Procedure Procedure for changing a password 1. Press Control, Alt, Delete to bring up the log in dialog box 2. Click the “change password” button 3. Enter your current password in the top box 4. …
- 29. 29 29 29 © 2009 Cisco Learning Institute. www.infosyssec.com www.sans.org www.cisecurity.org www.cert.org www.isc2.org www.first.org www.infragard.net www.mitre.org www.cnss.gov Network Security Organizations