Chapter one: Understanding Network Security Principles

Cisco Press

This affiliate covers the following topics:

Exploring security fundamentals:

This department explains the need for network security and discusses the elements of a secure network. Additionally, legal and ethical considerations are discussed.

Understanding the methods of network attacks:

This section makes you enlightened of various threats targeting the security of your network and describes specific attacks that could be launched against a network.

As networks grow and interconnect with other networks, including the Internet, those networks are exposed to a greater number of security risks. Non but does the number of potential attackers grow along with the size of the network, but the tools available to those potential attackers are ever increasing in terms of sophistication.one

Understanding Network Security Principles

This chapter begins past broadly describing the necessity of network security and what should be in place in a secure network. Legal ramifications are addressed. Also, this affiliate walks y'all through several specific types of attacks that could threaten your network. Finally, you are provided with a listing of all-time-practice recommendations for mitigating such attacks.

"Do I Know This Already?" Quiz

The "Exercise I Know This Already?" quiz helps you make up one's mind your level of knowledge of this chapter's topics earlier you begin. Table 1-1 details the major topics discussed in this chapter and their corresponding quiz questions.

Table ane-1 "Do I Know This Already?" Section-to-Question Mapping

Foundation Topics Section

Questions

Exploring Security Fundamentals

i to 6

Understanding the Methods of Network Attacks

seven to 15

  1. Where practice most attacks on an organization's computer resources originate?

    1. From the Net

    2. From the within network

    3. From universities

    4. From intruders who gain physical access to the computer resources

  2. What are the 3 primary goals of network security? (Choose iii.)

    1. Confidentiality

    2. Redundancy

    3. Integrity

    4. Availability

  3. The U.S. government places classified data into which classes? (Choose 3.)

    1. SBU

    2. Confidential

    3. Surreptitious

    4. Top-secret

  4. Cisco defines three categories of security controls: authoritative, physical, and technical. Individual controls inside these categories tin be further classified as what three specific types of controls? (Choose iii.)

    1. Preventive

    2. Deterrent

    3. Detective

    4. Reactive

  5. Litigators typically require which 3 of the following elements to present an effective argument when prosecuting data security violations? (Cull iii.)

    1. Audit trail

    2. Motive

    3. Ways

    4. Opportunity

  6. Which blazon of law typically involves the enforcement of regulations by government agencies?

    1. Criminal law

    2. Tort law

    3. Administrative law

    4. Civil law

  7. Which of the following is a weakness in an information system that an aggressor might leverage to proceeds unauthorized access to the system or data on the organisation?

    1. Run a risk

    2. Exploit

    3. Mitigation

    4. Vulnerability

  8. What type of hacker attempts to hack telephony systems?

    1. Script kiddy

    2. Hacktivist

    3. Phreaker

    4. White hat hacker

  9. Which of the following is a method of gaining access to a organization that bypasses normal security measures?

    1. Creating a back door

    2. Launching a DoS assail

    3. Starting a Smurf assault

    4. Conducting social engineering

  10. What security blueprint philosophy uses a layered approach to eliminate single points of failure and provide overlapping protection?

    1. AVVID

    2. Defence in Depth

    3. SONA

    4. IINS

  11. What are two types of IP spoofing attacks? (Choose two.)

    1. Nonblind spoofing

    2. Promiscuous spoofing

    3. Autonomous spoofing

    4. Blind spoofing

  12. What term refers to the electromagnetic interference (EMI) that tin radiate from network cables?

    1. Doppler waves

    2. Emanations

    3. Gaussian distributions

    4. Multimode distortion

  13. What kind of integrity attack is a drove of small-scale attacks that consequence in a larger assault when combined?

    1. Data diddling

    2. Botnet set on

    3. Hijacking a session

    4. Salami attack

  14. Which of the following best describes a Smurf set on?

    1. It sends ping requests to a subnet, requesting that devices on that subnet send ping replies to a target arrangement.

    2. It sends ping requests in segments of an invalid size.

    3. It intercepts the third step in a TCP iii-way handshake to hijack a session.

    4. Information technology uses Trojan horse applications to create a distributed collection of "zombie" computers, which can be used to launch a coordinated DDoS set on.

  15. Which of the following are Cisco best-practise recommendations for securing a network? (Choose three.)

    1. Deploy HIPS software on all end-user workstations.

    2. Routinely apply patches to operating systems and applications.

    3. Disable unneeded services and ports on hosts.

    4. Require strong passwords, and enable password expiration.

Foundation Topics: Exploring Security Fundamentals

A "secure network" is a moving target. As new vulnerabilities and new methods of attack are discovered, a relatively unsophisticated user can potentially launch a devastating attack against an unprotected network. This department begins by describing the challenges posed by the current security landscape. You volition learn nearly the iii main goals of security: confidentiality, integrity, and availability.

This section also explains traffic classification and security controls. You volition acquire how to answer to a security violation and consider the legal and ethical ramifications of network security.

Why Network Security Is a Necessity

Network attacks are evolving in their composure and in their power to evade detection. Also, attacks are becoming more targeted and have greater financial consequences for their victims.

Types of Threats

Connecting a network to an outside network (for example, the Internet) introduces the possibility that outside attackers will exploit the network, perhaps by stealing network data or by impacting the network'southward performance (for example, by introducing viruses). Yet, even if a network were disconnected from any external network, security threats (in fact, virtually of the probable security threats) would withal exist.

Specifically, co-ordinate to the Computer Security Institute (CSI) in San Francisco, California, approximately lx to 80 percent of network misuse incidents originate from the inside network. Therefore, although network isolation is rarely viable in today's e-business organization environs, fifty-fifty physical isolation from other networks does not ensure network security.

Based on these factors, network administrators must consider both internal and external threats.

Internal Threats

Network security threats originating inside a network tend to exist more serious than external threats. Here are some reasons for the severity of internal threats:

  • Inside users already have knowledge of the network and its bachelor resources.

  • Inside users typically have some level of access granted to them because of the nature of their job.

  • Traditional network security mechanisms such as Intrusion Prevention Systems (IPS) and firewalls are ineffective against much of the network misuse originating internally.

External Threats

Considering external attackers probably do not accept intimate knowledge of a network, and because they practise not already possess access credentials, their attacks tend to be more technical in nature. For instance, an aggressor could perform a ping sweep on a network to place IP addresses that respond to the serial of pings. Then, those IP addresses could exist subjected to a port browse, in which open up services on those hosts are discovered. The attacker could then try to exploit a known vulnerability to compromise 1 of the discovered services on a host. If the attacker gains control of the host, he could apply that equally a jumping-off point to attack other systems in the network.

Fortunately, network administrators can mitigate many of the threats posed past external attackers. In fact, the bulk of this book is dedicated to explaining security mechanisms that can defeat virtually external threats.

Scope of the Challenge

The "2007 CSI/FBI Computer Crime and Security Survey" is a fascinating document that provides insight into trends in network attacks from 2004 to 2007. A re-create of this document can be downloaded from http://i.cmpnet.com/v2.gocsi.com/pdf/CSISurvey2007.pdf.

Every bit an example of the information contained in this document, Figure ane-one shows the boilerplate number of security incidents reported past 208 respondents for the years 2004 to 2007. Observe that the per centum of respondents reporting more than 10 incidents in a year dramatically increased in 2007.

Figure 1-1

Figure 1-i

Incidents in the Past 12 Months (Source: "2007 CSI/FBI Computer Crime and Security Survey")

The following is a further sampling of data independent in the survey:

  • The average financial loss from computer crime/security incidents increased from $168,000 in 2006 to $350,424 in 2007.

  • Of the survey respondents who reported ane or more attacks, 18 percent of those attacks were "targeted" attacks (that is, an attack not targeting the general population).

  • Before the 2007 report, viruses were the leading contributor to fiscal losses for seven years in a row. All the same, in the 2007 written report, viruses roughshod to the second leading crusade of fiscal losses, with financial fraud rising to the number one factor.

Nonsecured Custom Applications

The vast bulk (approximately 75 percentage) of network attacks target specific applications, as opposed to lower-layer attacks. 1 reason attacks have become more targeted is the trend of attackers to exist more motivated past turn a profit, rather than past the fame or notoriety generated by creating a virus, for example. Unfortunately, because many organizations utilise custom applications (oftentimes not written with security in mind), these applications can be prime number attack targets.

Attacks on custom applications are not as preventable as attacks on "well-known" applications, which periodically release security patches and updates. Another business for some organizations is complying with regulatory mandates about protecting company data (for example, customer credit carte information).

The Three Main Goals of Network Security

For about of today's corporate networks, the demands of eastward-commerce and client contact require connectivity between internal corporate networks and the outside world. From a security standpoint, two basic assumptions near modern corporate networks are as follows:

  • Today's corporate networks are large, interconnect with other networks, and run both standards-based and proprietary protocols.

  • The devices and applications connecting to and using corporate networks are continually increasing in complexity

    Because about all (if not all) corporate networks require network security, consider the 3 primary goals of network security:

    • Confidentiality

    • Integrity

    • Availability

Confidentiality

Data confidentiality implies keeping data individual. This privacy could entail physically or logically restricting admission to sensitive information or encrypting traffic traversing a network. A network that provides confidentiality would do the post-obit, as a few examples:

  • Employ network security mechanisms (for case, firewalls and access control lists [ACL]) to forbid unauthorized admission to network resources.

  • Require advisable credentials (for instance, usernames and passwords) to admission specific network resource.

  • Encrypt traffic such that an attacker could non decipher any traffic he captured from the network.

Integrity

Information integrity ensures that data has not been modified in transit. Likewise, a data integrity solution might perform origin authentication to verify that traffic is originating from the source that should be sending it.

Examples of integrity violations include

  • Modifying the appearance of a corporate website

  • Intercepting and altering an due east-commerce transaction

  • Modifying financial records that are stored electronically

Availability

The availability of data is a measure of the data's accessibility. For instance, if a server were downwardly only 5 minutes per twelvemonth, information technology would take an availability of 99.999 per centum (that is, "five nines" of availability).

Here are a couple of examples of how an attacker could attempt to compromise the availability of a network:

  • He could send improperly formatted data to a networked device, resulting in an unhandled exception error.

  • He could flood a network system with an excessive amount of traffic or requests. This would consume the system's processing resource and preclude the system from responding to many legitimate requests. This blazon of attack is called a denial-of-service (DoS) attack.

Categorizing Data

Different data requires varying levels of security (for example, based on the data's sensitivity). Therefore, organizations often adapt a data classification system to categorize data. Each category tin and so be treated with a specific level of security. However, sometimes this data classification is not just a convenience. Sometimes organizations are legally required to protect certain classifications of data.

Classification Models

Although no single standard exists for data classification, organizations often benefit from examining classification models usually used by authorities and many businesses.

Regime and Military Classification Model

Table 1-ii provides an example of a information classification model, which is used by multiple governments and militaries.