Friday, July 16, 2010

CCNA Security 17

The evolution of security landscape is accelerated by the ever-changing security vulnerabilities. What was once considered secure in the past can become a security hazard in modern networks. The "corporation" has evolved.
In the past, security is implemented typically at the transport layer. Firewalls are simply IP and port filters. This, however, is no longer sufficient. Port 80 used to only be used by HTTP traffic, but nowadays Peer-to-Peer traffic go through port 80 as well. Simple protocol inspection (checking for HTTP header etc.) may not even work due to HTTP tunneling (data being sent in HTTP headers).

The way we implement security now is through a security cycle. A typical cycle looks like this:
Secure - Monitor - Test - Improve

In RFC 2196, the Security Policy is defined. According to RFC 2196, a security policy should contain:
-AUP (Acceptable Use Policy) - What are people allowed to do in an organization when they are accessing the information assets.
-Authentication Guidelines - How is someone going to prove their identity.
-Campus Network Policy - Within the LAN, what rules must people follow?
-Remote Access Policy - When people are VPNing in, what rules must people abide?
-Internet Access Policy - What types of resources are accessible from the campus?
-Misuse Guidelines - The list of penalties if people break guidelines.
-Statement of Authority - A statement to legally bind the document.

There are two structures attacks follow. Theses are:
-Structured Threats - A targeted attack
-Unstructured Threats - A random attack aimed at masses

There are two vectors of attack, which are:
-Internal Threats - An attack from within the network
-External Threats - An attack from outside the network

Together, they form four major attack sources:
-Internal Structured
-Internal Unstructured
-External Structured
-External Unstructured

The 4 most common attacks are:
-Reconnaissance attacks - Scouting for information, either active or passive
-Access attacks - Compromising of information
-DoS attacks - Denial of an important service. Able to be performed by one host or multiple hosts (Distributed DoS).
-Viruses and worms - Infection of a host, either to open backdoors or to turn them into DDoS zombies.

No comments :

Post a Comment