Foundation Summary
The "Foundation Summary" is a collection of tables and figures that provide a convenient review of many key concepts in this chapter. If you are already comfortable with the topics in this chapter, this summary can help you recall a few details. If you just read this chapter, this review should help solidify some key facts. If you are doing your final preparation before the exam, these tables and figures are a convenient way to review the day before the exam.
Network Security
There is no single security solution for every network. Network security is a combination of products and processes that support the organization''''''''s security policy.
Vulnerabilities, Threats, and Attacks
Vulnerabilities, threats, and attacks are three components that create the environment for a cyber-attack.
Vulnerabilities
Vulnerabilities are unintentional weaknesses in an application, hardware component, or network design that can be exploited to gain entry to a computer system or network. Attackers generally target known vulnerabilities when looking for targets.
Threats
Threats are broken down into two categories based on the intent of the attacker:- Structured threats Threats that are preplanned and focus on a specific target. A structured threat is an organized effort to breach a specific network or organization.
- Unstructured threats Threats that are random and usually the result of an attacker identifying the vulnerability by scanning the network looking for "targets of opportunity." This type of threat is by far the most common threat because it can be performed using automated tools (scripts) that are readily available on the Internet and can be performed by someone with very limited computer skills.
Attacks
There are three different types of attacks, which are named based on the attacker''''''''s intent:- Reconnaissance attack Designed to gain information about a specific target network or resource. Typical types of reconnaissance attacks include:
- DNS query Checks the Domain Name Service to see what address space is registered to a specific organization- Ping sweep Directs ICMP packets at specific host addresses on a network, enabling the attacker to determine what addresses are being used based on the replies received- Vertical scan Directs a scan against all the service ports of a specific host to determine which services are running on that host- Horizontal scan Directs a scan for a single service port against a range of network addresses- Block scan Directs a scan for multiple service ports against a range of network addresses - Access attack Designed to gain access to a network or resource. There are three main goals of an access attack:
- Interception Retrieve, alter, or destroy data- Modification Add, move, or change network resources, including user access- Fabrication Install exploits that can be used later to gain access to the network or resource - Denial of service attack Designed to deny authorized access to the target network or resource
Security Policies
A security policy is the written representation of an organization''''''''s security philosophy. The security policy is a guide that defines how the organization does business with respect to its network resources and defines in general terms how the network resources are to be secured. The security policy should fulfill the following objectives:- Analyze the threat based on the type of business performed and type of network exposure
- Determine the organization''''''''s security requirements
- Document the network infrastructure and identify potential security breach points
- Identify specific resources that require protection and develop an implementation plan
Network Security as a Process
The security process is driven by the security policy. The Security Wheel demonstrates the four ongoing steps used to continuously improve the security of a network:- Secure Implement the necessary security hardware, management and operational processes, and secure your system configurations to reduce your network exposure.
- Monitor Monitor the network to determine how changes have affected your network and look for additional threats.
- Test Test the current network and system configurations to determine if any vulnerabilities exist.
- Improve Make continuous improvements based on the results of your testing, based on vulnerabilities noted during the network monitoring, or based on normal component upgrades and improvements.
Defense in Depth
- Defense in depth refers to implementing multiple layers of security to mitigate potential threats. Cisco has two specific programs to address defense in depth. Those programs are Cisco AVVID and Cisco SAFE.
Cisco AVVID
- AVVID is the Cisco Architecture for Voice, Video, and Integrated Data. Cisco AVVID is an open architecture that is used by Cisco partners to develop various solutions. Cisco AVVID solutions provide the following benefits:
- Network performance
- - Application response time- Device performance- Protocol performance
- Scalability
- - Topology- Addressing- Routing protocols
- Availability
- - Equipment and link redundancy- Protocol resiliency- Network capacity design
Cisco SAFE
- The Cisco white papers ''''''''SAFE: A Security Blueprint for Enterprise Networks'''''''' and ''''''''SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks'''''''' are guides for network designers and focus on the implementation of secure network designs. The SAFE blueprints comprise the following components:
- Perimeter security
- Secure connectivity
- Application security
- Identity
- Security management and monitoring
Key Terms
 |
لطفا منتظر باشید ...
