Tópicos:

• Introduction
• Securing Networks
• Network Threats
• Mitigating Threats
Drivers for Network Security

Common network security terms:

• Threat

• Vulnerability

• Mitigation

• Risk
Vectors of Network Attacks
Data Loss

Vectors of data loss:

• Email/Webmail

• Unencrypted Devices

• Cloud Storage Devices

• Removable Media

• Hard Copy

• Improper Access Control

Network Topology Overview
Campus Area Networks
Small Office and Home Office Networks
Wide Area Networks
Data Center Networks
Outside perimeter security:
• On-premise security officers

• Fences and gates

• Continuous video surveillance

• Security breach alarms

Inside perimeter security:

• Electronic motion detectors

• Security traps

• Continuous video surveillance

• Biometric access and exit sensors

Cloud and Virtual Networks
VM-specific threats: Components of a secure data center:
• Hyperjacking • Secure segmentation

• Instant On activation • Threat defense

• Antivirus storm • Visibility

• Data encryption

• PIN enforcement

• Data wipe

• Data loss prevention

• Jailbreak/root detection
The Hacker & The Evolution of Hackers

Modern hacking titles:

• Script Kiddies

• Vulnerability Brokers

• Hacktivists

• Cyber Criminals

• State-Sponsored Hackers
Introduction of Attack Tools
Evolution of Security Tools

Penetration testing tools:

• Password crackers • Forensic

• Wireless hacking • Debuggers

• Network scanning and hacking • Hacking operating systems

• Packet crafting • Encryption

• Packet sniffers • Vulnerability exploitation

• Rootkit detectors • Vulnerability Scanners

• Fuzzers to search vulnerabilities

Categories of Attack Tools

Network hacking attacks:

• Eavesdropping

• Data modification

• IP address spoofing

• Password-based

• Denial-of-service

• Man-in-the-middle

• Compromised-key

• Sniffer
Malware
Various Types of Malware
Viruses
Trojan Horse Classification

Classifications:
• Security software disabler

• Remote-access

• Data-sending

• Destructive

• Proxy

• FTP

• DoS
Worms

Initial Code Red Worm Infection

Code Red Worm Infection 19 Hours Later

Worm Components

Components:
1.
Propagate
• Enabling vulnerability for 19 days

• Propagation mechanism

• Payload

4.
Code Red 2.
Repeat the
cycle
Worm Launch DoS
attack for
next 7 days
Propagation

3.
Stop and go
dormant for
a few days
Other Malware

Ransomware Scareware
Spyware Phishing
Adware Rootkits
Common Network Attacks
Types of Network Attacks

Data
Modification
Syn Flood

Smurf Attack

Reconnaissance
Access
DoS
Reconnaissance Attacks

• Initial query of a target

• Ping sweep of the target network

• Port scan of active IP addresses

• Vulnerability scanners

• Exploitation tools
Access Attacks

A few reasons why hackers use access attacks:

• To retrieve data

• To gain access

• To escalate access privileges

A few types of access attacks include:

• Password

• Trust exploitation

• Port redirection

• Man-in-the-middle

• Buffer overflow

• IP, MAC, DHCP spoofing

Social Engineering Attacks

• Pretexting

• Phishing

• Spearphishing

• Spam

• Tailgating

• Something for Something

• Baiting
Denial of Service Attacks
DDoS Attacks

1. Hacker builds a network of infected machines

• A network of infected hosts is called a botnet.
• The compromised computers are called zombies.
• Zombies are controlled by handler systems.

2. Zombie computers continue to scan and infect more targets

3. Hacker instructs handler system to make the botnet of zombies carry
out the DDoS attack
Defending the Network
Network Security Organizations
Confidentiality, Integrity, Availability

Confidentiality:
Uses encryption to
encrypt and hide
data.

Components
of
Availability:
Cryptography Integrity:
Assures data is
Uses hashing
accessible.
algorithms to
Guaranteed by
ensure data is
network hardening
unaltered during
mechanisms and
operation.
backup systems.
• Domains of Network Security
Network Security Domains
• Risk assessment

• Security policy

• Organization of information security

• Asset management

• Human resources security

• Physical and environmental security

• Communications and operations management

• Information systems acquisition, development, and maintenance

• Access control

• Information security incident management

• Business continuity management

• Compliance
Network Security Policy
Network Security Policy Objectives
Introducing the Cisco SecureX Architecture
The Security Artichoke
SecureX Product Families

Server Edge
and Branch

Secure Data
Secure Email
Center and
and Web
Virtualization

SecureX

Secure Secure
Access Mobility
SecureX Security Technology

SecureX Architecture:
• Scanning engines

• Delivery mechanisms

• Security intelligence operations (SIO)

• Policy management consoles

• Next-generation endpoint
Centralized Context-Aware Network Scanning Element

Defines security policies based on five parameters:

• Type of device being used for access

• Person’s identity

• Application in use

• Location

• Time of access
Cisco Security Intelligence Operations
Cisco Security Intelligence Operations (cont.)
Mitigating Common Network Threats
Defending the Network
Best practices:
• Develop a written security policy.

• Educate employees about the risks of social engineering, and develop strategies to validate
identities over the phone, via email, or in person.

• Control physical access to systems.

• Use strong passwords and change them often.

• Encrypt and password-protect sensitive data.

• Implement security hardware and software.

• Perform backups and test the backed up files on a regular basis.

• Shut down unnecessary services and ports.

• Keep patches up-to-date by installing them weekly or daily to prevent buffer overflow and
privilege escalation attacks.

• Perform security audits to test the network.

Mitigating Malware
Mitigating Worms

Containment

Inoculation Quarantine

Treatment
Mitigating Reconnaissance Attacks
Mitigating Access Attacks
Mitigating DoS Attacks
Network Foundation Protection Framework
NFP Framework
Securing the Control Plane
Securing the Management Plane
Securing the Data Plane