© 2001, Cisco Systems, Inc. CSIDS 2.02-1 Chapter 2 Introduction to Network Security.

Презентация:



Advertisements
Похожие презентации
© 2000, Cisco Systems, Inc. CSPFF Chapter 1 Network Security and the Cisco Secure PIX Firewall.
Advertisements

Designing Security Services © 2004 Cisco Systems, Inc. All rights reserved. Evaluating Network Security Policies ARCH v
© 1999, Cisco Systems, Inc. 2-1 Network Security Threats Chapter 2.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 2 Network Security and Cisco.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 3 Cisco PIX Firewall Technology and Features.
© 2001, Cisco Systems, Inc. CSIDS Chapter 10 IP Blocking Configuration.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring System Correlation Rules.
© 2001, Cisco Systems, Inc. CSIDS Chapter 8 Sensor Configuration.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Policies Configuring Policies.
© 2001, Cisco Systems, Inc. CSIDS Chapter 9 Signature and Intrusion Detection Configuration.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring Windows-Only Rules.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Policies Building an Agent Kit.
© 2001, Cisco Systems, Inc. CSIDS Chapter 4 Cisco Secure Policy Manager Installation.
© 2000, Cisco Systems, Inc. CSPFF Chapter 2 Cisco Secure PIX Firewall Models and Features.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring Rules Common to Windows and UNIX.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Lesson 3 Cisco PIX Firewall Technology and Features.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Generating Application Deployment Reports.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Configuring Application Behavior Investigation.
© 2006 Cisco Systems, Inc. All rights reserved. SND v Securing the Perimeter Applying a Security Policy for Cisco Routers.
© 2006 Cisco Systems, Inc. All rights reserved. SND v Configuring a Cisco IOS Firewall Configuring a Cisco IOS Firewall with the Cisco SDM Wizard.
Транксрипт:

© 2001, Cisco Systems, Inc. CSIDS Chapter 2 Introduction to Network Security

© 2001, Cisco Systems, Inc. CSIDS Objectives Upon completion of this chapter, you will be able to perform the following tasks: Describe the need for network security. Describe the four types of security threats. Describe attack methods and techniques used by hackers.

© 2001, Cisco Systems, Inc. CSIDS Objectives (cont.) Describe the purpose of the Cisco Security Wheel and how it illustrates security as a continuous process. Name methods and devices for securing networks. Identify the phase of the Security Wheel in which CSIDS is designed to function. Describe the purpose for testing security policies once they are applied to the network.

© 2001, Cisco Systems, Inc. CSIDS Need for Network Security

© 2001, Cisco Systems, Inc. CSIDS Security Incidents on the Rise The Internet has made networked computers accessible and vulnerable to anyone in the world.

© 2001, Cisco Systems, Inc. CSIDS Four Basic Types of Threats There are four primary network security threats: Unstructured threats Structured threats External threats Internal threats

© 2001, Cisco Systems, Inc. CSIDS Attack Types and Methods

© 2001, Cisco Systems, Inc. CSIDS Reconnaissance Unauthorized discovery and mapping of systems, services, or vulnerabilities

© 2001, Cisco Systems, Inc. CSIDS Access Unauthorized data manipulation, system access, or privilege escalation

© 2001, Cisco Systems, Inc. CSIDS Denial of Service Disable or corrupt networks, systems, or services

© 2001, Cisco Systems, Inc. CSIDS Reconnaissance Methods Common commands or administrative utilities –Examples: nslookup, ping, netcat, telnet, finger, rpcinfo, File Explorer, srvinfo, dumpacl Hacker tools –Examples: SATAN, NMAP, Nessus, custom scripts

© 2001, Cisco Systems, Inc. CSIDS Access Methods Exploit easily guessed passwords – Default – Brute force Exploit mis-administered services – IP services – Trust relationships – File sharing

© 2001, Cisco Systems, Inc. CSIDS Access Methods (cont.) Exploit application holes –Mishandled input data Access outside application domain, buffer overflows, race conditions –Protocol weaknesses Fragmentation, TCP session hijack Trojan horses –Programs that introduce an inconspicuous backdoor into a host

© 2001, Cisco Systems, Inc. CSIDS Denial of Service Methods Resource Overload – Disk space, bandwidth, buffers – Ping floods, SYN flood, UDP bombs – Unsolicited Commercial (UCE) Fragmentation or Impossible Packets – Large ICMP packets – IP fragment overlay – Same Source and Destination IP packet

© 2001, Cisco Systems, Inc. CSIDS The Cisco Security Wheel

© 2001, Cisco Systems, Inc. CSIDS Secure Monitor Test Improve Security Policy Network Security as a Continuous Process Network security is a continuous process built around a security policy. Step 1: Secure Step 2: Monitor Step 3: Test Step 4: Improve

© 2001, Cisco Systems, Inc. CSIDS Secure Monitor Test Improve Security Policy Secure the Network Implement security solutions –Authentication –firewalls –VPNs –patching Stop or prevent unauthorized access and activities.

© 2001, Cisco Systems, Inc. CSIDS Secure Monitor Test Improve Security Policy Monitor Security Detect violations to the security policy –System auditing –real-time intrusion detection Validate the security implementation in step one

© 2001, Cisco Systems, Inc. CSIDS Secure Monitor Test Improve Security Policy Test Security Validate effectiveness of security policy implementation through system auditing and vulnerability scanning

© 2001, Cisco Systems, Inc. CSIDS Secure Monitor Test Improve Security Policy Improve Security Use information from the monitor and test phases, make improvements to the security implementation Adjust the security policy as security vulnerabilities and risks are identified

© 2001, Cisco Systems, Inc. CSIDS Summary

© 2001, Cisco Systems, Inc. CSIDS Summary Network security is necessary because the proliferation of the Internet has made information systems easily accessible and vulnerable to attacks. The four basic threats to network security are: unstructured, structured, external, and internal.

© 2001, Cisco Systems, Inc. CSIDS Summary (cont.) The three basic attack types are: reconnaissance, access, and denial of service. Hackers use easily accessible tools and techniques to perform their attacks. Network security is a continuous process built around a security policy.