Drivers for Network Security

Common network security terms:

• Threat
• Vulnerability
• Mitigation
• Risk

Vectors of data loss:

• Email/Webmail
• Unencrypted Devices
• Cloud Storage Devices
• Removable Media
• Hard Copy
• Improper Access Control
Data Center Networks
Outside perimeter security:
• On-premise security officers
• Fences and gates
• Continuous video surveillance
• Security breach alarms
Inside perimeter security:
• Electronic motion detectors
• Security traps
• Continuous video surveillance
• Biometric access and exit sensors
Cloud and Virtual Network
VM-specific threats:
• Hyperjacking
• Instant On activation
• Antivirus storm
Components of a secure data center:
• Secure segmentation
• Threat defense
• Visibility
The Evolving Network Broder
Critical MDM functions for BYOD network:
• Data encryption
• PIN enforcement
• Data wipe
• Data loss prevention
• Jailbreak/root detection
The Hacker & The Evolution of Hackers
Modern hacking titles:
• Script Kiddies
• Vulnerability Brokers
• Hacktivists
• Cyber Criminals
• State-Sponsored Hackers
Penetration testing tools:
• Password crackers
• Wireless hacking
• Network scanning and hacking
• Packet crafting
• Packet sniffers
• Rootkit detectors
• Fuzzers to search vulnerabilities
• Forensic
• Debuggers
• Hacking operating systems
• Encryption
• Vulnerability exploitation
• Vulnerability Scanners
Categories of Attack Tools
Network hacking attacks:
• Eavesdropping
• Data modification
• IP address spoofing
• Password-based
• Denial-of-service
• Man-in-the-middle
• Compromised-key
• Sniffer
Trojan Horse Classification
Classifications:
• Security software disabler
• Remote-access
• Data-sending
• Destructive
• Proxy
• FTP
• DoS
Worm components
Components:
• Enabling vulnerability
• Propagation mechanism
• Payload
Other Malware
Malware:
Ransomware
Spyware
Adware
Scareware
Phishing
Rootkits
Types of network attacks:
1-Data Modification
2-Smurf Attack
3-Syn Flood
Reconnaissance Access DoS

Reconnaissance attacks:
• Initial query of a target
• Ping sweep of the target network
• Port scan of active IP addresses
• Vulnerability scanners
• Exploitation tools
Access attacks
A few reasons why hackers use access attacks:
• To retrieve data
• To gain access
• To escalate access privileges
A few types of access attacks include:
• Password
• Trust exploitation
• Port redirection
• Man-in-the-middle
• Buffer overflow
• IP, MAC, DHCP spoofing
Social Engineering attkacks:
Pretexting
• Phishing
• Spearphishing
• Spam
• Tailgating
• Something for Something
• Baiting
DDoS Attacks:

1-Hacker builds a network of infected machines .

.A network of infected hosts is called a botnet.
.The compromised computers are called zombies
. Zombies are controlled by handler systems.
2-Zombie computers continue to scan and infect more targets
3-Hacker instructs handler system to make the botnet of zombies carry out the DDoS attack
Components of Cryptography:
1-Confidentiality: Uses encryption to encrypt and hide data.
2-Integrity: Uses hashing algorithms to ensure data is unaltered during operation.
3-Availability: Assures data is accessible. Guaranteed by network hardening mechanisms and
backup systems.
Network Security Domains:
• Risk assessment
• Security policy
• Organization of information security
• Asset management
• Human resources security
• Physical and environmental security
• Communications and operations management
• Information systems acquisition, development, and maintenance
• Access control
• Information security incident management
• Business continuity management
• Compliance
SecureX
SecureX Product Families
1-Server Edge and Branch
2-Secure Email and Web
3-Secure Mobility
4-Secure Access
5-Secure Data Center and Virtualization
SecureX Security Technology
Cisco SecureX Architecture:
• Scanning engines
• Delivery mechanisms
• Security intelligence operations (SIO)
• Policy management consoles
• Next-generation endpoint
Centralised Contxet-Aware Network Scanning Element
Defines security policies based on five parameters:
• Type of device being used for access
• Person’s identity
• Application in use
• Location
• Time of access
Defending the Network
Best practices:
• Develop a written security policy.
• Educate employees about the risks of social engineering, and develop strategies to validate
identities over the phone, via email, or in person.
• Control physical access to systems.
• Use strong passwords and change them often.
• Encrypt and password-protect sensitive data.
• Implement security hardware and software.
• Perform backups and test the backed up files on a regular basis.
• Shut down unnecessary services and ports.
• Keep patches up-to-date by installing them weekly or daily to prevent buffer overflow and
privilege escalation attacks.
• Perform security audits to test the network.

Mitigating Worms
Containment:

Inoculation. Quarantine

Treatment
———-——————————————
Reconnaissance Attack Mitigation Techniques include:
1-Implement authentication to ensure proper access.
2-Use encryption to render packet sniffer attacks useless.
3-Use anti-sniffertools to detect packet sniffer attacks
4-Implement a switched infrastructure
5-Use a firewall and IPS
—————————————————-
Mitigating Access Attacks:
1-Strong password security
2-Principle of minimum trust
3-Cryptography
4-Applying operating system and application patches
————————-
Mitigating DoS Attacks:
1-IPS and firewalls(Cisco ASAs and ISRs)
2-Antispoofing technologies
3-Quality of service- traffic policing
—————
Secure the Control Plane Using:
1-AutoSecure
2-Routing protocol authentication
3-Control Plane Policing (CoPP)
————————-
Secure the Management Plane By:
1-Enabling login and password policy
2- Presenting legal notification
3-Ensuring the confidentiality of data using SSH and HTTPS
4-Enableling role-based access control
5-Authorizing actions
6-Enabling management access reporting
———————————
Secure the Data Plane Using:
1-ACLs
2-Antispoofing
3-Layer 2 security including port security, DHCP snooping,dynamic ARP inspection (DAI)
—————————-