© 2001, Cisco Systems, Inc. CSIDS Chapter 2 Introduction to Network Security
© 2001, Cisco Systems, Inc. CSIDS Objectives Upon completion of this chapter, you will be able to perform the following tasks: Describe the need for network security. Describe the four types of security threats. Describe attack methods and techniques used by hackers.
© 2001, Cisco Systems, Inc. CSIDS Objectives (cont.) Describe the purpose of the Cisco Security Wheel and how it illustrates security as a continuous process. Name methods and devices for securing networks. Identify the phase of the Security Wheel in which CSIDS is designed to function. Describe the purpose for testing security policies once they are applied to the network.
© 2001, Cisco Systems, Inc. CSIDS Need for Network Security
© 2001, Cisco Systems, Inc. CSIDS Security Incidents on the Rise The Internet has made networked computers accessible and vulnerable to anyone in the world.
© 2001, Cisco Systems, Inc. CSIDS Four Basic Types of Threats There are four primary network security threats: Unstructured threats Structured threats External threats Internal threats
© 2001, Cisco Systems, Inc. CSIDS Attack Types and Methods
© 2001, Cisco Systems, Inc. CSIDS Reconnaissance Unauthorized discovery and mapping of systems, services, or vulnerabilities
© 2001, Cisco Systems, Inc. CSIDS Access Unauthorized data manipulation, system access, or privilege escalation
© 2001, Cisco Systems, Inc. CSIDS Denial of Service Disable or corrupt networks, systems, or services
© 2001, Cisco Systems, Inc. CSIDS Reconnaissance Methods Common commands or administrative utilities –Examples: nslookup, ping, netcat, telnet, finger, rpcinfo, File Explorer, srvinfo, dumpacl Hacker tools –Examples: SATAN, NMAP, Nessus, custom scripts
© 2001, Cisco Systems, Inc. CSIDS Access Methods Exploit easily guessed passwords – Default – Brute force Exploit mis-administered services – IP services – Trust relationships – File sharing
© 2001, Cisco Systems, Inc. CSIDS Access Methods (cont.) Exploit application holes –Mishandled input data Access outside application domain, buffer overflows, race conditions –Protocol weaknesses Fragmentation, TCP session hijack Trojan horses –Programs that introduce an inconspicuous backdoor into a host
© 2001, Cisco Systems, Inc. CSIDS Denial of Service Methods Resource Overload – Disk space, bandwidth, buffers – Ping floods, SYN flood, UDP bombs – Unsolicited Commercial (UCE) Fragmentation or Impossible Packets – Large ICMP packets – IP fragment overlay – Same Source and Destination IP packet
© 2001, Cisco Systems, Inc. CSIDS The Cisco Security Wheel
© 2001, Cisco Systems, Inc. CSIDS Secure Monitor Test Improve Security Policy Network Security as a Continuous Process Network security is a continuous process built around a security policy. Step 1: Secure Step 2: Monitor Step 3: Test Step 4: Improve
© 2001, Cisco Systems, Inc. CSIDS Secure Monitor Test Improve Security Policy Secure the Network Implement security solutions –Authentication –firewalls –VPNs –patching Stop or prevent unauthorized access and activities.
© 2001, Cisco Systems, Inc. CSIDS Secure Monitor Test Improve Security Policy Monitor Security Detect violations to the security policy –System auditing –real-time intrusion detection Validate the security implementation in step one
© 2001, Cisco Systems, Inc. CSIDS Secure Monitor Test Improve Security Policy Test Security Validate effectiveness of security policy implementation through system auditing and vulnerability scanning
© 2001, Cisco Systems, Inc. CSIDS Secure Monitor Test Improve Security Policy Improve Security Use information from the monitor and test phases, make improvements to the security implementation Adjust the security policy as security vulnerabilities and risks are identified
© 2001, Cisco Systems, Inc. CSIDS Summary
© 2001, Cisco Systems, Inc. CSIDS Summary Network security is necessary because the proliferation of the Internet has made information systems easily accessible and vulnerable to attacks. The four basic threats to network security are: unstructured, structured, external, and internal.
© 2001, Cisco Systems, Inc. CSIDS Summary (cont.) The three basic attack types are: reconnaissance, access, and denial of service. Hackers use easily accessible tools and techniques to perform their attacks. Network security is a continuous process built around a security policy.