NS2 -Chapter 1
Secure the Data Plane using
- ACLs - Antispoofing - Layer 2 security including port security, DHCP snooping, dynamic ARP inspection (DAI)
Secure the Control Plane using :
- AutoSecure - Routing protocol authentication - Control plane policing (CoPP)
Cisco Network Foundation Protection (NFP) divides routers and switches into three functional areas :
- Control plane - Management plane - Data plane (Forwarding plane)
Network hacking attacks
- Eavesdropping Attack/sniffing / snooping - Data Modification attack - IP address Spoofing attack - Password-based attacks - DOS attack - Man-in-the-Middle attack - Sniffer Attack
Secure the Managment Plane by :
- Enabling login and password policy - Presenting legal notification - Ensuring the confidentiality of data using SSH and HTTPS - Enabling role-based access control - Authorizing actions - Enabling management access reporting
DoS attack mitigation techniques :
- IPS and firewalls (Cisco ASAs and ISRs) - Antispoofing techniologies - Quality of service-traffic policing
Reconnaissance attack mitigation techniques include :
- Implement authentication to ensure proper access. - Use encrypton to render packet sniffer attacks useless - Use anti-sniffer tools to detect packet sniffer attacks - Implement a switched infrastructure - Use a firewall and IPS
There are two major sources of DoS attacks:
- Maliciously Formatted Packets - Overwhelming Quantity of Traffic
Data center physical security can be divided into two areas:
- Outside perimeter security - Inside perimeter security
Five comman types of access attacks
- Password attack - Trust exploitation - Port redirection - Man-in-the-middle attack - Buffer overflow - Ip, MAC, DHCP Spoofing
Some of the techniques used by malicious hackers conducting reconnaissance attacks:
- Perform an information query of a target - Initiate a ping sweep of the target network - Initiate a port scan of active IP addresses - Run Vulnerability Scanners - Run exploitation tools
Three early DoS attacks include
- Ping of death - Smurf attack - TCP SYN Flood Attack
Specific types of social engineering attacks include:
- Pretexting - Phishing - Spear phishing - Spam - Tailgating - Something for Something (Quid pro quo) - Baiting
Variety of modern malware
- Ransomware - Spyware - Adware - Shockware - Phishing - Rootkits
Three major categories of Network attacks :
- Reconnaissance Attacks - Access attacks - DoS Attacks
Trojan horse qualification
- Remote-access trojan horse - Data-sending trojan horse - Destructive trojan horse - Proxy trojan horse - FTP Trojan horse - Security softweare disabler trojan horse -DoS Trojan horse
Some modern Hacking Titles
- Script kiddies - State-sponsored - Vulnerability brokers - Hacktivists - Cyber criminals
Access attack mitigation techniques :
- Strong password security - Principle of minimum trust - Cryptography - Applying operating system and application patches
Common type of malware
- Virus (requires host program to run) - Worms (replicate themselves) - Trojans (Looks legit)
Best practices for securing a network :
- Written security policy - Educate employees on social engineering - Physical access control - Strong password - Encrypt and password-protect sensitive data - Implement security hardware (firewall, IPS, VPN) - Perform backup and test the backed up file regularly - Shutdown unnecessary services and ports - Keep patches up-to-date - Perform security audits to test the network
SecureX Product families
- secure edge and branch - secure email and web - secure mobility - secure access - secure data center and virtualization
What are the three core components of the Cisco Secure Data Center solution?
- secure segmentation - visibility - threat defense
The core components of the cisco secure data center solution provide
- secure segmentation' - Threat defense - Visibility
What are two purposes of launching a reconnaissance attack on a network? (Choose two.)
- to scan for accessibility - to gather information about the network and devices
Penetration testing tools
-Password crackers (Medusa) -wireless hacking tools (NetStumbler) -Network scanning and hacking tools (Angry Ip scanner) -Packet crafting tools (Scrapy) -Packet sniffers (Ratproxy) -Rootkit Detectors (Netfilter) -Fuzzers to search vulnerabilities (Skipfish) -Forensic Tools (Helix) -Debuggers (WinDbg) - Hacking operating system (Kali Linux) - Encryption tools ( Veracrypt) - Vulnerability exploitation tools (Metasploit) - Vulnerability scanners (Netsparker)
The Cisco SecureX architecture includes the following five major components:
-Scanning Engines -Delivery Mechanisms -Security Intelligence Operations (SIO) -Policy Management Consoles -Next-Generation Endpoints
Which statement describes phone freaking?
A hacker mimics a tone using a whistle to make free long-distance calls on an analog telephone network.
Users report to the helpdesk that icons usually seen on the menu bar are randomly appearing on their computer screens. What could be a reason that computers are displaying these random graphics?
A virus has infected the computers
What is a significant characteristic of virus malware?
A virus is triggered by an event on the host system.
ASA
Adaptive Security Appliance
................................................................................. provides stateful firewall features and establishes secure Virtual Private Network (VPN) tunnels to various destinations.
Adaptive Security Appliance (ASA)
In order to mitigate Malware , we must use .............................................
Antivirus
This happens when all VMs attempt to download antivirus data files at the same time.
Antivirus storms
To accommodate the BYOD trend, Cisco developed the ..................................................... Network.
Borderless
cryptography ensures three components of information security:
Confidentiality Integrity Availability
The response to a worm attack can be broken down into four phases :
Containment Inoculation Quarantine Treatment
What is the meaning of the principle of minimum trust when used to design network security?
Devices in networks should not access and use one another unnecessarily and unconditionally.
ESA
Email security Appliance
An attack could hijack a VM hypervisor (VM controlling software) and then use it as a lauch point to attack other devices on the data center network.
Hypejacking
.......................................................... security can include continuous video surveillance, electronic motion detectors, security traps, and biometric access and exit sensors.
Inside perimeter
When a VM that has not been used for a period of time is brought online, it may have outdated security policies that deviate from the baseline security and can introduce security vulnerabilities .
Instant on Activation
To support BYOD, Cisco devices support .................................................................................... features. MDM features secure, monitor, and manage mobile devices, including corporate-owned devices and employee-owned devices.
Mobile Device Management (MDM)
................................................................. security can include on-premise security officers, fences, gates, continuous video surveillance, and security breach alarms.
Outside perimeter
A virus is triggered by an event on the host system.
Security Intelligence Operations
The ....................................................................... is a Cloud-based service that connects global threat information, reputation-based services, and sophisticated analysis, to Cisco network security devices.
Security Intelligence Operations (SIO)
A context-aware policy uses a simplified descriptive business language to define security policies based on five parameters:
The person's identity The application in use The type of device being used for access The location The time of access
There are at least three reasons that hackers would use access attacks on networks or systems:
To retrieve data To gain access To escalate access privileges
WSA
Web security Appliance
What causes a buffer overflow?
attempting to write more data to a memory location than that location can hold
What type of malware has the primary objective of spreading across the network?
Worm
What is a ping sweep?
a network scanning technique that indicates the live hosts in a range of IP addresses
What are the three major components of a worm attack?
an enabling vulnerability a payload a propagation mechanism
What is the primary means for mitigating virus and Trojan horse attacks?
antivirus software
What method can be used to mitigate ping sweeps?
blocking ICMP echo and echo-replies at the network edge
How does a DoS attack take advantage of the stateful condition of target systems?
by continuously sending packets of unexpected size or unexpected data
How is a smurf attack conducted?
by sending a large number of ICMP requests to directed broadcast addresses from a spoofed source address on the same network
Which security measure is typically found both inside and outside a data center facility?
continuous video surveillance
The Cisco Network Foundation Protection framework has three functional areas. The ............................................. plane of a router is responsible for routing packets correctly.
data
What role does the Security Intelligence Operations (SIO) play in the Cisco SecureX architecture?
identifying and stopping malicious traffic
What is the primary method for mitigating malware?
installing antivirus software on all hosts
Which two network security solutions can be used to mitigate DoS attacks?
intrusion protection systems antispoofing technologies
An attacker is using a laptop as a rogue access point to capture all network traffic from a targeted user. Which type of attack is this?
man in the middle
What functional area of the Cisco Network Foundation Protection framework uses protocols such as Telnet and SSH to manage network devices?
management plane
A disgruntled employee is using Wireshark to discover administrative Telnet usernames and passwords. What type of network attack does this describe?
reconnaissance
What is hyperjacking?
taking over a virtual machine hypervisor as part of a data center attack
What is a main purpose of launching an access attack on network systems?
to retrieve data