Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Enterprise Network Security Accessing the WAN – Chapter 4.

Published byHugh Kelley Modified over 8 years ago

Similar presentations

Presentation on theme: "© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Enterprise Network Security Accessing the WAN – Chapter 4."— Presentation transcript:

1 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Enterprise Network Security Accessing the WAN – Chapter 4

2 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 2 Objectives  Describe the general methods used to mitigate security threats to Enterprise networks  Configure Basic Router Security  Explain how to disable unused Cisco router network services and interfaces  Explain how to use Cisco SDM  Manage Cisco IOS devices

3 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 3 Why is Network Security Important?  Computer networks have grown in both size and importance in a very short time. If the security of the network is compromised, there could be serious consequences, such as:  Loss of privacy,  Theft of information, and even  Legal liability.

4 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 4 Increasing Threat to Security  In 1985 = Password guessing, self replicating code  In 1990= Password cracking, war dialing  In 1995= Viruses example Nimda, Code red  In 2000= Trajan Horse e.g Black Ortfice  2005 – to-date = Worm e.g Blaster, MyDoom, Slammer

5 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 5 Most common terms  White hat-An individual who looks for vulnerabilities in systems or networks and then reports these vulnerabilities to the owners of the system so that they can be fixed.  Hacker-A general term that has historically been used to describe a computer programming expert. More recently, this term is often used in a negative way to describe an individual that attempts to gain unauthorized access to network resources with malicious intent.  Black hat-Another term for individuals who use their knowledge of computer systems to break into systems or networks that they are not authorized to use, usually for personal or financial gain. A cracker is an example of a black hat.  Phreaker-An individual who manipulates the phone network to cause it to perform a function that is not allowed. A common goal of phreaking is breaking into the phone network, usually through a payphone, to make free long distance calls.

6 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 6 Conti…  Spammer-An individual who sends large quantities of unsolicited e-mail messages. Spammers often use viruses to take control of home computers and use them to send out their bulk messages.  Phisher-Uses e-mail or other means to trick others into providing sensitive information, such as credit card numbers or passwords. A phisher masquerades as a trusted party that would have a legitimate need for the sensitive information.

7 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 7 Think like an Attacker  The attacker's goal is :  to compromise a network target or  an application running within a network.  Many attackers use this seven-step process to gain information and state an attack:  Step 1-Perform footprint analysis (reconnaissance). A company webpage can lead to information, such as the IP addresses of servers.  Step 2- Enumerate information. An attacker can expand on the footprint by monitoring network traffic with a packet sniffer such as Wireshark, finding information such as version numbers of FTP servers and mail servers.  Step 3- Manipulate users to gain access.  Step 4- Escalate (increase) privileges.  Step 5- Gather additional passwords and secrets.

8 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 8 Conti…  Step 6- Install backdoors. Backdoors provide the attacker with a way to enter the system without being detected. The most common backdoor is an open listening TCP or UDP port.  Step 7- Leverage the compromised system. After a system is compromised, an attacker uses it to stage attacks on other hosts in the network.

9 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 9 Type of Computer Crime As security measures have improved over the years, some of the most common types of attacks have diminished in frequency, while new ones have emerged.  nsider abuse of network access  Virus  Mobile device theft  Phishing where an organization is fraudulently represented as the sender  Instant messaging misuse  Denial of service  Unauthorized access to information  Bots (Applications that run automated tasks) within the organization  Theft of customer or employee data  Abuse of wireless network

10 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 10 Conti…  System penetration  Financial fraud  Password sniffing  Key logging  Website defacement  Misuse of a public web application  Theft of proprietary information  Exploiting the DNS server of an organization  Telecom fraud  Sabotage  Note: In certain countries, some of these activities may not be a crime, but are still a problem.

11 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 11 Open versus Closed Networks The overall security challenge facing network administrators is balancing two important needs:  Keeping networks open to support evolving business requirements and  Protecting private, personal, and strategic business information.  Open Network –Easy to configure and administer –Easy for end users to access network resources –Security cost: least expensive  Restrictive –More difficult to configure and administer –More difficult for end users to access resources –Security cost: more expensive

12 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 12 Conti…  Closed Network  Most difficult to configure and administer  Most difficult for end users to access resources  Security cost: most expensive

13 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 13 Developing a Security Policy  The first step any organization should take to protect its data and itself from a liability challenge is to develop a security policy.  A policy is a set of principles that guide decision-making processes and enable leaders in an organization to distribute authority confidently.  Assembling a security policy can be daunting if it is undertaken without guidance.  For this reason, the International Organization for Standardization (ISO) And the International Electrotechnical Commission (IEC) have published a security standard document called ISO/IEC 27002.  The document consists of 12 sections.

14 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 14 Common Security Threats When discussing network security, three common factors are  Vulnerability:- Vulnerability is the degree of weakness which is inherent in every network and device. This includes routers, switches, desktops, servers, and even security devices.  Threat:- Threats are the people interested and qualified in taking advantage of each security weakness.  Attack:-The threats use a variety of tools, scripts, and programs to launch attacks against networks and network devices. There are three primary vulnerabilities or weaknesses:  Technological weaknesses (HTTP, FTP etc)  Configuration weaknesses (Unsecured Account, Internet Access etc)  Security policy weaknesses (Lack of written security policy, Politics etc)

15 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 15 Conti… Threats to Physical Infrastructure When you think of network security, or even computer security, you may imagine attackers exploiting software vulnerabilities. A less glamorous, but no less important, class of threat is the physical security of devices.  Hardware threats: Physical damage to servers, routers, switches, cabling plant, and workstations  Environmental threats: Temperature extremes (too hot or too cold) or humidity extremes (too wet or too dry)  Electrical threats: Voltage spikes, insufficient supply voltage (brownouts), unconditioned power (noise), and total power loss  Maintenance threats: Poor handling of key electrical components (electrostatic discharge), lack of critical spare parts, poor cabling, and poor labeling  One can mitigate these physical threats by locking, temperature control system, UPS and generator sets etc.

16 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 16 Conti… Threats to Networks  Unstructured Threats : Unstructured threats consist of mostly inexperienced individuals using easily available hacking tools, such as shell scripts and password crackers.  Structured Threats: Structured threats come from individuals or groups that are more highly motivated and technically competent.  In 1995, Kevin Mitnick was convicted of accessing interstate computers in the United States for criminal purposes. He broke into the California Department of Motor Vehicles database, routinely took control of New York and California telephone switching hubs, and stole credit card numbers. He inspired the 1983 movie "War Games."  External Threats: External threats can arise from individuals or organizations working outside of a company who do not have authorized access  Internal Threats: Internal threats occur when someone has authorized access to the network with either an account or physical access.

17 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 17

18 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 18 Conti…  Types of Network Attacks –Reconnaissance: Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities - ping or gping- –Access: System access is the ability for an intruder to gain access to a device for which the intruder does not have an account or a password- dictionary,rainbow table -L0phtCrack- or brute force attack. –Denial of Service: Denial of service (DoS) is when an attacker disables or corrupts networks, systems, or services with the intent to deny services to intended users. –Worms, Viruses, and Trojan Horses: Malicious software can be inserted onto a host to damage or corrupt a system, replicate itself, or deny access to networks, systems, or services. Sub7

19 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 19 Conti… General Mitigation Technique  Antivirus Software  Personal Firewall  Operating System Patches  HIDS and HIPS

20 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 20  Common Security Appliances and Applications –In the past, the one device that would come to mind for network security was the firewall. – An integrated approach involving firewall, intrusion prevention, and VPN is necessary. –Threat control- Devices that provide threat control solutions are:  Cisco ASA 5500 Series Adaptive Security Appliances –Integrated Services Routers (ISR) –Network Admission Control –Cisco Security Agent for Desktops –Cisco Intrusion Prevention System

21 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 21 Conti…  Secure communications: VPN  Network admission control (NAC) : Provides a roles-based method of preventing unauthorized access to a network. Cisco offers a NAC appliance.  Cisco IOS Software on Cisco Integrated Services Routers (ISRs)  Cisco ASA 5500 Series Adaptive Security Appliance  The PIX has evolved into a platform that integrates many different security features, called the Cisco Adaptive Security Appliance (ASA). The Cisco ASA integrates firewall, voice security, SSL and IPsec VPN, IPS, and content security services in one device.  Cisco IPS 4200 Series Sensors  Cisco NAC Appliance: Enforce security policy compliance on all devices  Cisco Security Agent (CSA) provides threat protection capabilities for server, desktop, and point-of-service (POS) computing systems. E.g spyware, rootkits, and day-zero attacks.

22 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 22 Conti….  To assist with the compliance of a security policy, the Security Wheel, a continuous process, has proven to be an effective approach.  The Security Wheel promotes retesting and reapplying updated security measures on a continuous basis.  Step 1. Secure  Step 2. Monitor  Step 3. Test  Step 4. Improve

23 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 23 Securing Cisco Routers  The Role of Routers in Network Security  Router security is a critical element in any security deployment.  Routers are definite targets for network attackers.  If an attacker can compromise and access a router, it can be a potential aid to them  Routers fulfill the following roles:  Advertise networks and filter who can use them.  Provide access to network segments and subnetworks.  Here are some examples of various security problems  Compromising the access control  Compromising the route tables  Misconfiguring a router traffic filter

24 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 24 Conti…  Securing Your Network Securing routers at the network perimeter is an important first step in securing the network.  Think about router security in terms in these categories:  Physical security  Update the router IOS whenever advisable  Backup the router configuration and IOS  Harden the router to eliminate the potential abuse of unused ports and services (You should harden your router configuration by disabling unnecessary services.)

25 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 25 Conti…  Steps to Safeguard a Router  Step 1. Manage router security (Good password practices, Passphrases)  Step 2. Secure remote administrative access to routers(SSH)  Step 3. Logging router activity ((syslog))  Step 4. Secure vulnerable router services and interfaces ((CDP)  Step 5. Secure routing protocols  Step 6. Control and filter network traffic  R1(config)# service password-encryption  R1(config)# do show run | include username  R1(config)# security passwords min-length 10

26 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 26 Cisco SDM  The Cisco Router and Security Device Manager (SDM) is an easy-to-use,  Web-based device-management tool designed for configuring LAN, WAN, And security features on Cisco IOS software-based routers.

27 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 27 Conti…  Cisco SDM Features  Cisco SDM simplifies router and security configuration through the use of several intelligent wizards  Efficient configuration of key router virtual private network (VPN)  Cisco IOS firewall parameters.  This capability permits administrators to quickly and easily deploy, configure, and monitor Cisco access routers.  Cisco SDM Interfaces  Interfaces and Connections  Firewall Policies  VPN  Routing

28 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 28 Configuring Router to support SDM  Step 1. Access the router's Cisco CLI interface using Telnet or the console connection  Step 2. Enable the HTTP and HTTPS servers on the router  Step 3.Create a user account defined with privilege level 15 (enable privileges).  Step 4. Configure SSH and Telnet for local login and privilege level 15.  SDM Interfaces

29 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 29 How to Use Cisco SDM  Start SDM

30 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 30 Conti…

31 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 31 Conti…  The Cisco SDM one-step lockdown wizard implements almost all of the security configurations that Cisco AutoSecure offers

32 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 32 Manage Cisco IOS Devices  R2# copy running-config startup-config  R2# copy system:running-config nvram:startup-config  Copy the running configuration from RAM to a remote location:  R2# copy running-config tftp:  R2# copy system:running-config tftp:  Copy a configuration from a remote source to the running configuration:  R2# copy tftp: running-config  R2# copy tftp: system:running-config  Copy a configuration from a remote source to the startup configuration:  R2# copy tftp: startup-config  R2# copy tftp: nvram:startup-config

33 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 33 Manage Cisco IOS Devices  How to recover the enable password and the enable secret passwords

34 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 34 Summary  Security Threats to an Enterprise network include: –Unstructured threats –Structured threats –External threats –Internal threats  Methods to lessen security threats consist of: –Device hardening –Use of antivirus software –Firewalls –Download security updates

35 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 35 Summary  Basic router security involves the following: –Physical security –Update and backup IOS –Backup configuration files –Password configuration –Logging router activity  Disable unused router interfaces & services to minimize their exploitation by intruders  Cisco SDM –A web based management tool for configuring security measures on Cisco routers

36 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 36 Summary  Cisco IOS Integrated File System (IFS) –Allows for the creation, navigation & manipulation of directories on a cisco device

37 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 37

Download ppt "© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Enterprise Network Security Accessing the WAN – Chapter 4."

Similar presentations

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.

Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Enterprise Network Security Accessing the WAN Lecture week 4.

Enterprise Network Security Accessing the WAN Lecture week 4.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

Similar presentations

Ads by Google