Chapter 1:

Modern Network Security Threats

 1.0 Introduction
1.1 Securing Networks

Chapter Outline 1.2 Network Threats

1.3 Mitigating Threats
1.4 Summary

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Section 1.1:
Securing Networks
Upon completion of this section, you should be able to:
• Describe the current network security landscape.

• Explain how all types of networks need to be protected.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Topic 1.1.1:
Current State of Affairs

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Networks Are Targets

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Drivers for Network Security
Common network security terms:
• Threat

• Vulnerability

• Mitigation
Cisco Security Intelligence Operations
• Risk

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Vectors of Network Attacks

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Topic 1.1.2:
Network Topology Overview

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Campus Area Networks

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Small Office and Home Office Networks

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Wide Area Networks

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Section 1.2:
Network Threats
Upon completion of the section, you should be able to:
• Describe the evolution of network security.

• Describe the various types of attack tools used by hackers.

• Describe malware.

• Explain common network attacks.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Topic 1.2.1:
Who is Hacking Our Networks?

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
The Hacker & The Evolution of Hackers

Modern hacking titles:

• Script Kiddies

• Vulnerability Brokers

• Hacktivists

• Cyber Criminals

• State-Sponsored
Hackers

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Topic 1.2.2:
Hacker Tools

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Introduction of Attack Tools

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Evolution of Security Tools
Penetration testing tools:
• Password crackers • Forensic

• Wireless hacking • Debuggers

• Network scanning and hacking • Hacking operating systems

• Packet crafting • Encryption

• Packet sniffers • Vulnerability exploitation

• Rootkit detectors • Vulnerability Scanners

• Fuzzers to search vulnerabilities

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Categories of Attack Tools
Network hacking attacks:
• Eavesdropping

• Data modification

• IP address spoofing

• Password-based

• Denial-of-service

• Man-in-the-middle

• Compromised-key

• Sniffer

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Topic 1.2.3:
Malware

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Various Types of Malware

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Viruses

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Trojan Horse Classification
Classifications:
• Security software disabler

• Remote-access

• Data-sending

• Destructive

• Proxy

• FTP

• DoS

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Worms

Initial Code Red Worm Infection

Code Red Worm Infection 19 Hours

Later

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Worm Components
Components:
1.
Propagate
• Enabling vulnerability for 19 days

• Propagation mechanism

• Payload

4.
Code Red 2.
Repeat the
cycle
Worm Launch DoS
attack for
next 7 days
Propagation

3.
Stop and go
dormant for
a few days

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Other Malware

Ransomware Scareware
Spyware Phishing
Adware Rootkits

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Topic 1.2.4:
Common Network Attacks

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Types of Network Attacks

Data
Modification
Syn Flood

Smurf
Attack

Reconnaissance
Access
DoS

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Reconnaissance Attacks
• Initial query of a target

• Ping sweep of the target network

• Port scan of active IP addresses

• Vulnerability scanners

• Exploitation tools

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Access Attacks
A few reasons why hackers use access attacks:
• To retrieve data

• To gain access

• To escalate access privileges

A few types of access attacks include:

• Password

• Trust exploitation

• Port redirection

• Man-in-the-middle

• Buffer overflow

• IP, MAC, DHCP spoofing

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Social Engineering Attacks
• Pretexting

• Phishing

• Spearphishing

• Spam

• Tailgating

• Something for Something

• Baiting

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Denial of Service Attacks

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
DDoS Attacks
1. Hacker builds a network of infected machines
• A network of infected hosts is called a botnet.
• The compromised computers are called zombies.
• Zombies are controlled by handler systems.

2. Zombie computers continue to scan and infect more targets

3. Hacker instructs handler system to make the botnet of zombies
carry out the DDoS attack

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
1.3 Mitigating Threats
Upon completion of this section, you should be able to::
• Describe methods and resources to protect the networks.

• Describe a collection of domains for network security.

• Explain the purpose of the Cisco SecureX Architecture.

• Describe the techniques used to mitigate common network attacks.

• Explain how to secure the three functional areas of Cisco routers and switches.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Topic 1.3.1:
Defending the Network

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Network Security Professionals

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Network Security Organizations

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Confidentiality, Integrity, Availability

Confidentiality:
Uses encryption to
encrypt and hide
data.

Components
of
Availability:
Cryptography
Integrity:
Assures data is
Uses hashing
accessible.
algorithms to
Guaranteed by
ensure data is
network hardening
unaltered during
mechanisms and
operation.
backup systems.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Topic 1.3.2:
Domains of Network Security

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Network Security Domains
• Risk assessment

• Security policy

• Organization of information security

• Asset management

• Human resources security

• Physical and environmental security

• Communications and operations management

• Information systems acquisition, development, and maintenance

• Access control

• Information security incident management

• Business continuity management

• Compliance

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Network Security Policy

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Network Security Policy Objectives

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Topic 1.3.3:
Mitigating Common Network Threats

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Defending the Network
Best practices:
• Develop a written security policy.

• Educate employees about the risks of social engineering, and develop strategies to
validate identities over the phone, via email, or in person.
• Control physical access to systems.

• Use strong passwords and change them often.

• Encrypt and password-protect sensitive data.

• Implement security hardware and software.

• Perform backups and test the backed up files on a regular basis.

• Shut down unnecessary services and ports.

• Keep patches up-to-date by installing them weekly or daily to prevent buffer

overflow and privilege escalation attacks.
• Perform security audits to test the network.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Mitigating Malware

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Mitigating Worms

Containment

Inoculation Quarantine

Treatment

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Mitigating Reconnaissance Attacks

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Mitigating Access Attacks

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
Mitigating DoS Attacks

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Topic 1.3.4:
Cisco Network Foundation Protection Framework

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
NFP Framework

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Securing the Control Plane

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Securing the Management Plane

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Securing the Data Plane

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
Section 1.4:
Summary
Chapter Objectives:
• Explain network security.

• Describe various types of threats and attacks.

• Explain tools and procedures to mitigate the effects of malware and common
network attacks.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
Thank you.