Chapter 1: Network Security Terminology AL In This Chapter ✓ Introduction to security terminology RI ✓ Identifying types of attacks ✓ Looking at security devices MA O TE ✓ Mitigating security threats TE D ne of the most important skills to have if you are going to support networked systems or systems connected to the Internet is the ability of securing systems and networks.
448 Quick Assessment Quick Assessment 1 (True/False). A packet-filtering firewall checks the state of the conversation. 2 A ______ is responsible for creating a secure tunnel over an unsecure network. 3 The term used for controlling who is allowed to access a resource is ______. 4 (True/False). A dictionary attack calculates all potential passwords. 5 A ______ virus is a self-replicating virus.
Answers Answers 1 False. See “Firewalls.” 2 VPN. Review “Virtual Private Networks.” 3 Authorization. Check out “Authorization.” 4 False. Peruse “Password attacks.” 5 Worm. Take a look at “Worm.
50 Introduction to Security Terminology Introduction to Security Terminology Let me start the discussion by going over some basic security concepts and terminology. The CCENT certification exam expects you to have some background in security best practices, so this chapter is designed to expose the concepts to you. The next chapter looks at specific steps you need to take to secure your Cisco devices. Authentication Authentication is the process of proving one’s identity to the network environment.
Introduction to Security Terminology 451 Using strong passwords A number of years ago, I had a coworker who was always trying to get me to guess his passwords. He thought I had some magical trick or program that was cracking them, but all I was doing was guessing his passwords. I remember one time he changed it, and I could not guess it — until one night when we were at a social function for work and all he talked about was the Flyers hockey team.
452 Introduction to Security Terminology Hackers find out about vulnerabilities in the software and hardware devices we use by purposely testing the limitations of the device or software. Once they discover the vulnerability, they work on figuring out how they can exploit it. Exploit An exploit takes advantage of a weakness, or vulnerability, in a piece of software or a device.
Identifying Types of Attacks 453 of the data, and there are a number of ways to ensure availability. For example, you can do backups, use RAID volumes for storing your data, and implement high-availability solutions such as clustering technologies (multiple servers running the same application, or service, so if one server fails the request for the service is sent to the second server).
454 Identifying Types of Attacks Social engineering attacks A social engineering attack occurs when a hacker tries to obtain information or gain access to a system through social contact with a user. Typically, the hacker poses as someone else and tries to trick a user into divulging personal or corporate information that allows the hacker access to a system or network.
Identifying Types of Attacks 455 When you are working as a network professional, educate your users never to run a program that has been e-mailed to them. Most software vendors, such as Microsoft, state that they will never e-mail a program to a person: Instead, they will e-mail a URL, but it is up to the person to go to the URL and download the update. A great book to find out more on the process a hacker employs to compromise a system is Kevin Beaver’s Hacking For Dummies, 3rd edition (Wiley).
456 Identifying Types of Attacks Also note that because there are dictionary files for different languages you should not use words found in any dictionary. This means avoiding not only English words, but also French, German, Hebrew . . . even Klingon! A second type of password attack is known as a hybrid password attack.
Identifying Types of Attacks 457 Denial of service Another popular network attack is a denial of service (DoS) attack, which can come in many forms and is designed to cause a system or network device to be so busy that it cannot service a real request from a client, essentially overloading the system or device and shutting it down.
458 Identifying Types of Attacks 2. All systems that are pinged reply to the modified source address — an unsuspecting victim. 3. The victim’s system (most likely a server) receives so many replies to the ping request that it is overwhelmed with traffic, causing it to be unable to answer any other request from the network. To protect against spoof attacks, you can implement encryption and authentication services on the network.
Identifying Types of Attacks 459 Man-in-the-middle A man-in-the-middle attack involves the hacker intercepting the data in transit, potentially modifying the data, and then forwarding the information on to the intended recipient. Note that the intended recipient receives the information, but the hacker sees the information as well. Man-in-the-middle attacks are popular with wireless networks at coffee shops today.
460 Identifying Types of Attacks To protect against buffer overflow attacks, you need to keep the system, applications, and devices up to date with patches and security fixes. Software-based attacks Just like there are a number of different types of network attacks, there are a number of software attacks. As you can likely guess, a software attack comes through software that a user runs.
Looking at Security Devices 461 automatically, infecting each computer. How the virus spreads depends on the virus itself — there have been worm viruses that connect across the network automatically to a vulnerable system and then infect that system. Recently, worm viruses automatically infect a flash drive that is connected to the system so that when you take the drive to the next system, the worm infects that system from the flash drive.
462 Looking at Security Devices as the destination port is 80, the packet is then allowed or denied access to the network depending on how the firewall is configured. There are three major types of firewalls that are popular today: ✦ Packet-filtering firewall: A packet-filtering firewall is limited in the sense that it filters traffic by the fields in the header such as the source and destination IP address and the source and destination port numbers.
Looking at Security Devices 463 The first firewall (Firewall1 in Figure 1-4) is connected to the Internet and controls what traffic is allowed to pass from the Internet through the firewall. You can see that the first firewall has to allow HTTP traffic and DNS server traffic through the firewall, as there are public HTTP and DNS servers behind the first firewall.
464 Looking at Security Devices There are two main types of intrusion detection systems: ✦ Host-based IDS: This is typically software installed on the system that monitors activity on that one system. If suspicious activity is found on the system an alert is generated and the administrator is notified.
Looking at Security Devices 465 ✦ Disable ports: For security reasons, you need to disable any ports on the switch that you are not using. This prevents someone from connecting an unknown system to the network without your knowledge. ✦ VLANs: Virtual LANs allow you to create communication boundaries on the switch. You can create multiple VLANs on the switch and then place different ports into different VLANs.
466 Mitigating Security Threats VPN protocols are responsible for encrypting the data. Examples of VPN protocols are the Point-to-Point Tunneling Protocol (PPTP) and the Layer 2 Tunneling Protocol (L2TP). Growing in popularity is SSL VPNs, which do not require VPN client software on the client systems as the Web browser makes the client connection.
Mitigating Security Threats 467 ✦ Patch systems. Be sure to keep your servers up-to-date with patches. This includes patching the operating system and all software installed. ✦ Use server-class antivirus software. Ensure that you have company-approved antivirus software that is designed to run on servers. ✦ Keep virus definitions up-to-date. Make sure that you are keeping the virus software definitions up-to-date. These definitions allow the virus-protection software to know what the current viruses are.
468 Chapter Summary Chapter Summary This chapter covers the fundamental concepts regarding network security. It is an important topic, but understand that this chapter only scratches the surface of security concepts. For the CCENT certification, be familiar with the following facts about security: ✦ Authentication is proving your identity to the system. ✦ Authorization is granting someone access to a system or resource after he has been authenticated.
Lab Exercises 469 Term Description ___ Vulnerability A. Verifying a user’s identity. ___ Packet-filtering firewall B. Creates an encrypted tunnel over an unsecure network. ___ Authentication C. Filters traffic by understanding the context of the conversation. ____Mitigating threats D. A weakness in a piece of software or hardware. ___ CIA E. An area of the network used to place servers that are accessed from the Internet. ___ VPN F.
Network Security Terminology Prep Test 1 What type of firewall can allow or deny traffic after inspecting the application data in the packet? A B C D 2 SYN flood Spoof attack Brute force attack Ping of death ❍ ❍ ❍ ❍ IDS Private LAN DMZ Internal LAN What type of attack involves the hacker contacting the victim through e-mail or a phone call? A B C D 5 ❑ ❑ ❑ ❑ What is the term used for the area of the network where you are to place servers from the Internet? A B C D 4 Application-level firewall St
What type of attack involves the hacker sending too much data to the application, which normally results in administrative access within a command shell? A B C D 7 Spoof attack Buffer overflow attack Social engineering attack Denial of service attack ❍ ❍ ❍ ❍ Dictionary Hybrid Brute force Calculated What type of firewall knows about the context of the conversation and whether the packet is the right packet at that point in time? A B C D 10 ❍ ❍ ❍ ❍ What type of password attack mathematically calculate
Network Security Terminology Answers 1 A. Application-level firewalls can inspect the application-level data, such as what application command is executing, and either allow or deny that traffic. See “Firewalls.” 2 A, D. A SYN flood attack and the ping of death attack were popular denial of service attacks years back. Review “Denial of service.” 3 C. The demilitarized zone (DMZ) is where you should place public servers such as Web and DNS servers. Check out “Firewalls.” 4 A.
