Saturday, March 13, 2010

CCNA Security 1

Confidentiality, Integrity and Availability constitutes the elements in the C-I-A triad. This is recognized industry wide and security policies build upon these three components.
According to Cisco, there are tow major categories of threats: internal and external threats. Examples of internal threats are unauthorized access and network misuse, while examples of external threats are viruses and social engineering.

The best definition for integrity safeguards is ensuring that only authorized entities can change sensitive data. Confidentiality is ensuring that only authenticated users have access to those data. Ensuring that the data is available to authorized users is part of maintaining availability.

There are 5 classification levels for the public sector:
1) Unclassified - Data with minimum CIA. Little effort is made to secure it.
2) Secret - Data that requires concerted effort to keep secure.
3) Confidentiality - First level of classified data. This data must comply with confidentiality requirements.
4) Sensitive but Unclassified - Data that would cause some embarrassment if revealed, but not enough to constitute a security breach.
5) Top Secret - Greatest effort is used to secure this data and to ensure its secrecy.

There are three broad categories of security controls:
1) Administrative - Security policies, education, patches
2) Technical - Device hardening, encryption, passwords
3) Physical - Physical access, environmental regulation

These security controls can be further divided into types:
1) Deterrent
2) Preventive
3) Detective

There are three types of laws found in most countries:
1) Civil - Concerned with righting wrongs that do not concern crime. Usually ends with monetary compensation.
2) Criminal - Concerned with crimes. Typically ends with a fine, imprisonment, or both.
3) Administrative - Typically government agencies in the course of enforcing regulations. Monetary awards are divided between the government agencies and the victim of the contravened regulation.

An exploit is an attack that takes advantage of a vulnerability. A risk is the likelihood of the exploit being executed.

The steps for compromising targets and applications are:
1) Perform footprint analysis
2) Enumerate applications and operating systems
3) Manipulate users to gain access
4) Escalate privileges
5) Gather additional passwords and secrets
6) Install back doors
7) Leverage the compromised system

If an attacker were simply guessing at connection sequence numbers, usually using tools to calculate them, this attack is known as blind spoofing. Physical access to the network is not required.

MiTM or MiM stands for Man-in-the-Middle. It describes an attack where an attacker compromises a network's integrity and confidentiality. Attacks against availability are DoS attacks.

Trust attacks are attacks whereby an attacker leverages on a trust relationship between the devices in a network. An example of this type of attack is port redirection. Mitigation against these attacks involve installing firewalls and IPS in the network. HIPS should also be installed wherever possible. ACLs should also be in place to make sure devices that don't need to communicate aren't communicating.


  1. HI,

  2. Oh actually CCNA is a prerequisite for CCNA Security, so you'll need to take that first :D