© 1999, Cisco Systems, Inc. 2-1 Network Security Threats Chapter 2

© 1999, Cisco Systems, Inc. MCNSv Objectives Upon completion of this chapter you will be able to perform the following tasks: Identify the need for network security Identify the causes of network security problems Identify the most pervasive and significant security threats for campus, dialup, and Internet environments based on a case study network scenario

© 1999, Cisco Systems, Inc. MCNSv © 1999, Cisco Systems, Inc IT Issues Driving Network Security

© 1999, Cisco Systems, Inc. MCNSv IT Security Issues: The Challenge Security is not just a technology problem Vast quantities of security technologies exist The challenge: implement a single, network-wide security policy

© 1999, Cisco Systems, Inc. MCNSv © 1999, Cisco Systems, Inc Why Do We Have Security Issues?

© 1999, Cisco Systems, Inc. MCNSv Three Primary Reasons for Security Issues Technology weaknesses Configuration weaknesses Policy weaknesses And people eager to take advantage of the weaknesses

© 1999, Cisco Systems, Inc. MCNSv TCP/IP protocol weaknesses –Sendmail, SNMP, SMTP, DoS (Syn Flood) Operating system weaknesses –UNIX, Windows NT, Windows 95, OS/2 Network equipment weaknesses –Password protection –Lack of authentication –Routing protocols –Misconfigured firewall holes Technology Weaknesses TCP/IP OS Network Equipment

© 1999, Cisco Systems, Inc. MCNSv Configuration Weaknesses Unsecured user accounts System accounts with easily guessed passwords Misconfigured Internet services Unsecured default settings within products Misconfigured network equipment Console

© 1999, Cisco Systems, Inc. MCNSv Policy Weaknesses Lack of written security policy Politics Business lacks continuity, cannot implement policy evenly Logical access controls not applied Security administration is lax, including monitoring and auditing Software and hardware installation and changes do not follow policy Disaster recovery plan is nonexistent

© 1999, Cisco Systems, Inc. MCNSv © 1999, Cisco Systems, Inc Security Threat Types

© 1999, Cisco Systems, Inc. MCNSv General Threat Types Eavesdropping Denial of service Unauthorized access Data manipulation Masquerade Session Replay Session hijacking Rerouting Repudiation Viruses, Trojan Horses, and Worms

© 1999, Cisco Systems, Inc. MCNSv Prevents authorized people from using a service TCP SYN attack Ping of Death WinNuke Land.c attack CPU Denial of Service

© 1999, Cisco Systems, Inc. MCNSv Unauthorized Access: WareZ Accessing and placing unauthorized files or resources on another system –GIFs –Hacker tools –Unlicensed versions of software Free software here!

© 1999, Cisco Systems, Inc. MCNSv Data Manipulation: Graffiti Painting over Web pages Replacing FTP files Replacing MOTD files

© 1999, Cisco Systems, Inc. MCNSv Session Susceptibilities Session hijacking Rerouting Repudiation Johns Financial Institution Intruder I am John Send Cash $$$ John X X

© 1999, Cisco Systems, Inc. MCNSv © 1999, Cisco Systems, Inc The Security Opportunity

© 1999, Cisco Systems, Inc. MCNSv The Security Opportunity Good security should… Enable new applications and services Make the Internet a low-cost, ubiquitous access medium Be capable of being implemented and managed by the network manager

© 1999, Cisco Systems, Inc. MCNSv © 1999, Cisco Systems, Inc Chapter Summary and Review Questions

© 1999, Cisco Systems, Inc. MCNSv Summary The growth of networked computing is driving the need for network security Network security presents problems; it is complicated and difficult to implement uniformly Internet connections present security risks There are three primary reasons for security issues: technology, configuration, and policy weaknesses A large number of tools are available to the network intruder General threat types include eavesdropping, denial of service, unauthorized access, data manipulation, masquerade, session replay, session hijacking, rerouting and repudiation Campus, dialup, Extranet, and Internet environments are susceptible

© 1999, Cisco Systems, Inc. MCNSv Review Questions 1. What are the three primary reasons for network security issues? A.Technology weaknesses B.Configuration weaknesses C.Policy weaknesses 2. Which of the general network threats pose a risk to Internet connections? A.All of the general categories B.More threats are being created over time

© 1999, Cisco Systems, Inc. MCNSv Review Questions (cont.) 3. What resources are available to learn network attack types and methods to thwart them? A.Publications such as Maximum Security, Internet Security for Business B.Web sites such as CERT, COAST, Cisco CCO C.Newsgroups such as alt.2600 D.Each of the resources points to still more resources

© 1999, Cisco Systems, Inc. MCNSv