Ex4 Chapter 4 - Network Security

When discussing network security, three common factors are vulnerability, threat, and attack.
Vulnerability is the degree of weakness which is inherent in every network and device. This includes routers, switches, desktops, servers, and even security devices.
Threats are the people interested and qualified in taking advantage of each security weakness. Such individuals can be expected to continually search for new exploits and weaknesses.

The four classes of physical threats are:
Hardware threats - Physical damage to servers, routers, switches, cabling plant, and workstations
Environmental threats - Temperature extremes (too hot or too cold) or humidity extremes (too wet or too dry)
Electrical threats - Voltage spikes, insufficient supply voltage (brownouts), unconditioned power (noise), and total power loss
Maintenance threats - Poor handling of key electrical components (electrostatic discharge), lack of critical spare parts, poor cabling, and poor labeling.

Threats to Networks:
Unstructured Threats - Unstructured threats consist of mostly inexperienced individuals using easily available hacking tools, such as shell scripts and password crackers.
Structured Threats - Structured threats come from individuals or groups that are more highly motivated and technically competent.
External Threats - External threats can arise from individuals or organizations working outside of a company who do not have authorized access to the computer systems or network.
Internal Threats - Internal threats occur when someone has authorized access to the network with either an account or physical access.

Social Engineering -  trick a member of an organization into giving over valuable information, such as the location of files or passwords (ex: Phishing - sending out spam e-mails that appear to be from known online banking or auction sites).

Types of Network Attacks:
Reconnaissance -  is the unauthorized discovery and mapping of systems, services, or vulnerabilities. (Internet information queries - nslookup, whois, Ping sweeps - fping, gping,, Port scans - nmap, superscan, Packet sniffers - wireshark)
Access -
is the ability for an intruder to gain access to a device for which the intruder does not have an account or a password.
Password Attacks, Trust Exploitation, Port Redirection, Man-in-the-Middle Attack )
Denial of Service -
is when an attacker disables or corrupts networks, systems, or services with the intent to deny services to intended users.
(Disk space, bandwidth, buffers overload, Ping of Death, SYN Flood, E-mail bombs, Malicious applets, DDos Attacks)
    DDoS attacks: 

     - SMURF attack - uses spoofed broadcast ping messages to flood a target system
     - Tribe flood network (TFN)
     - Stacheldraht
     - MyDoom
Worms, Viruses, and Trojan Horses
- Malicious software can be inserted onto a host to damage or corrupt a system, replicate itself, or deny access to networks, systems, or services.

Host and Server Based Security:
 - Device Hardening - Default usernames and passwords should be changed immediately, Access to system resources should be restricted
 - Antivirus Software
 - Personal Firewall
 - Operating System Patches
 - Intrusion Detection and Prevention

Devices that provide threat control solutions are:
Cisco ASA 5500 Series Adaptive Security Appliances  - (PIX firewall envolved in ASA) firewall, voice security, SSL and IPsec VPN, IPS, and content security services in one device.
Integrated Services Routers (ISR)
Network Admission Control
Cisco Security Agent for Desktops
Cisco Intrusion Prevention Systems

A security policy is a formal statement of the rules by which people who are given access to an organization's technology and information assets must abide.
A security policy is a living document, meaning that the document is never finished and is continuously updated as technology and employee requirements change.

Routers fulfill the following roles:
 - Advertise networks and filter who can use them.
 - Provide access to network segments and subnetworks.

If remote access is required, your options are as follows:
 - Establish a dedicated management network.
 - Encrypt all traffic between the administrator computer and the router.

To enable SSH on the router
hostname hostname
ip domain-name example.com
crypto key generate rsa

line vty 0 4
  transport input ssh
  login local
ip ssh time-out seconds
authentication-retries integer
 Cisco AutoSecure uses a single command to disable non-essential system processes and services, eliminating potential security threats

The Cisco Router and Security Device Manager (SDM) is an easy-to-use, web-based device-management tool designed for configuring LAN, WAN, and security features on Cisco IOS software-based routers.
• Embedded web-based management tool
• Intelligent wizards
• Tools for more advanced users
   - ACL
   - VPN crypto map editor
   - Cisco IOS CLI preview

Manage IOS:
show file systems 
cd nvram:
 If the Cisco IOS image is lost, the router goes into ROMmon mode when it boots up. ROMmon supports Xmodem.
 xmodem [-cyr] [filename]
Troubleshouting router
term monitor
term no monitor
undebug all
 Debug gets CPU priority. Plan debug use carefully.
 Debug can help resolve persistent issues, outweighing its effect on network performance.
 Debug can generate too much output. Know what you are looking for before you start.
 Different debugs generate different output formats. Do not be caught by surprise.
 Plan the use of the debug command. Use it with great care.

Password recovery:

show version
rommon 2>confreg 0x2142
configure password
config-register 0x2102
copy startup-config running-config

No comments :

Post a Comment