Please enable JavaScript.
Coggle requires JavaScript to display documents.
Module 1. Securing Networks, Module 2. Network Threats, imagen_2024-09-09…
Module 1. Securing Networks
Network : Topology Overview
Campus Area Networks
Campus Area Networks consists of interconnected LANs within a limited geographic area.
Connections to untrusted networks must be checked in-depth by multiple layers of defense before reaching enterprise resources.
This is known as defense-in-depth
.
The figure displays a sample CAN with a defense in-depth approach that uses various security features and security devices to secure it.
What is
:!?:
Small Office and Home Office Networks
SOHO
What is
:!?:
Home networks and small office and home office networks :
It is important that all types of networks, regardless of size, are protected
Home and SOHO networks are typically protected using a consumer grade router. These routers provide basic security features that adequately protect inside assets from outside attackers.
Wide Area Networks
WANs
Wide Area Networks, span a wide geographical area, often over the public internet. Organizations must ensure secure transport for the data in motion as it travels between sites over the public network.
the main site is protected by an ASA, which provides stateful firewall features and establishes secure VPN tunnels to various destinations.
Network security professionals must use secure devices on the edge of the networks
Data Center Networks
Data center networks are typically housed in an off-site facility to store sensitive or proprietary data. These sites are connected to corporate sites using VPN technology with ASA devices and integrated data center switches, such as a high-speed Cisco Nexus switches.
Today’s data centers store vast quantities of sensitive, business-critical information. Therefore, physical security is critical to their operation. Physical security not only protects access to the facility but also protects people and equipment.
Outside perimeter security
his can include continuous video surveillance, electronic motion detectors, security traps, and biometric access and exit sensors.
Inside perimeter security
This can include on-premise security officers, fences, gates, continuous video surveillance, and security breach alarms
Data center physical security can be divided into two areas
Data Center Physical Security
Security traps provide access to the data halls where data center data is stored. As shown in the figure below, a security trap is similar to an air lock. A person must first enter the security trap using their badge ID proximity card. After the person is inside the security trap, facial recognition, fingerprints, or other biometric verifications are used to open the second door. The user must repeat the process to exit the data hall.
Security Traps
below displays the biometric finger print scanner that is used to secure access
Cloud Networks and Virtualization
Cloud computing allows organizations to use services such as data storage or cloud-based applications, to extend their capacity or capabilities without adding infrastructure. By its very nature, the cloud is outside of the traditional network perimeter, allowing an organization to have a data center that may or may not reside behind the traditional firewall.
Hyperjacking
- An attacker could hijack a VM hypervisor and then use it as a launch point to attack other devices on the data center network.
Instant On Activation
- When a VM that has not been used for a period of time is brought online, it may have outdated security policies that deviate from the baseline security and can introduce security vulnerabilities.
Antivirus Storms
- This happens when all VMs attempt to download antivirus data files at the same time.
For security teams, an easy to implement yet comprehensive strategy that addresses business demands and defends the data center is a necessity
Secure Segmentation
Visibility
Threat Defense
Introduction
What does it mean securing network?
The protection of the underlying networking infrastructure from unauthorized access, misuse, or theft.
https://www.youtube.com/watch?v=sesacY7Xz3c
Ethical Hacking
Is
An authorized attempt to gain unauthorized access to a computer system, application, or data using the strategies and actions of malicious attackers.
https://www.youtube.com/watch?v=XLvPpirlmEs
How it helps doing this?
This practice helps identify security vulnerabilities that can then be resolved before a malicious attacker has the opportunity to exploit them.
1.1.- Current State of Affairs
Networks Are Targets
Networks are frequently attacked. News reports often highlight compromised networks. A quick search reveals numerous articles about attacks, security threats, and tools to prevent them.
Reasons for Network Security
Network security is essential for business continuity. Breaches can disrupt e-commerce, cause data loss, compromise privacy, and lead to financial losses, lawsuits, and public safety risks.
Vectors of Network Attacks
An attack vector is a route used by threat actors to access a server, host, or network. These can come from inside or outside the network, such as through the internet to launch denial of service (DoS) attacks.
Data Loss
The data loss can result in:
Brand damage and loss of reputation
Loss of competitive advantage
Loss of customers
Loss of revenue
Litigation/legal action that results in fines and civil penalties
Significant cost and effort to notify affected parties and recover from the breach
Module 2. Network Threats
2.1 Who is attacking our network?
Threat, vulnerability and risk
What is?
Threat
A potential danger to an asset such as data or the network itself.
Vulnerability
A weakness in a system o its design that could be exlpited by a threat.
Exploit
The mechanism that is used to leverage a vulnerability to compromise an asset
Risk
The likelihood that a particular threat will exploit a particular vulnerability of an asset and result in an undesirable consequence
https://www.youtube.com/watch?v=UQslnCo91kQ
Hacker vs. threat actor
The term “hacker” has a variety of meanings:
A clever programmer capable of developing new programs and coding changes to existing programs to make them more efficient.
A network professional that uses sophisticated programming skills to ensure that networks are not vulnerable to attack.
A person who tries to gain unauthorized access to devices on the internet.
An individual who run programs to prevent or slow network access to a large number of users, or corrupt or wipe out data on servers.
A threat actor refers to an individual, group, or organization that intentionally seeks to exploit vulnerabilities in systems or networks to cause harm or gain unauthorized access.
Types of actors
Script Kiddies
Emerged in the 1990s and refers to teenagers or inexperienced threat actors running existing scripts, tools, and exploits, to cause harm, but typically not for profit.
Vulnerability brokers
Typically refers to grey hat hackers who attempt to discover exploits and report them to vendors, sometimes for prizes or rewards.
Hacktivists
Is a term that refers to grey hat hackers who rally and protest against different political and social ideas.
Cybercriminal
Is a term for black hat hackers who are either self-employed or working for large cybercrime organizations.
Cybercriminals are threat actors who are motivated to make money using any means necessary.
Cybercriminals operate in an underground economy where they buy, sell, and trade exploits and tools. They also buy and sell the personal information and intellectual property that they steal from victims. Cybercriminals target small businesses and consumers, as well as large enterprises and industries.
They target the vulnerable end devices of home users and small-to-medium sized businesses, as well as large public and private organizations.
State-Sponsored hackers
Are threat actors who steal government secrets, gather intelligence, and sabotage networks of foreign governments, terrorist groups, and corporations.
https://www.youtube.com/watch?v=P3u_bTFKMqc
Cyber Threat Indicators
Many network attacks can be prevented by sharing information about indicators of compromise (IOC).
Each attack has unique identifiable attributes.
Indicators of compromise are the evidence that an attack has occurred. IOCs can be features that identify malware files, IP addresses of servers that are used in attacks, filenames, and characteristic changes made to end system software, among others.
Indicators of attack (IOA) focus more on the motivation behind an attack and the potential means by which threat actors have, or will, compromise vulnerabilities to gain access to assets.
IOAs are concerned with the strategies that are used by attackers. For this reason, rather than informing response to a single threat, IOAs can help generate a proactive security approach.
2.2 Threat actor tools
:
To exploit a vulnerability, a threat actor must have a technique or tool. Over the time, attack tools have become more sophisticated. These new tools require less technical knowledge to implement.
Sophistication of Attack Tools vs. Technical Knowledge IN 1985
Sophistication of Attack Tools vs. Technical Knowledge IN 2015
Evolution of Security Tools
2.3 Malware
Common malware behaviors
Types of malwares
Viruses
A virus is a type of malware that spreads by inserting a copy of itself into another program. After the program is run, viruses then spread from one computer to another, infecting the computers.
Trojan horses
Trojan horse malware is software that appears to be legitimate, but it contains malicious code which exploits the privileges of the user that runs it, as shown in the figure.
2.4 Common Network Attacks - Reconnaissance, Access, and Social Engineering
Types of Network Attacks
2.5 Network Attacks - Denial of Service, Buffer Overflows, and Evasion
The core components of the Cisco Secure Data Center solution provide the following services:
