Module 1 Flashcards
Reasons for Network Security
Network security breaches can
disrupt e-commerce,
cause the loss of business data,
threaten people’s privacy, and
compromise the integrity of information.
These breaches can result in
lost revenue for corporations,
theft of intellectual property,
lawsuits, and
can even threaten public safety.
provides comprehensive security and threat intelligence to defend customers and protect their assets.
Cisco Talos Intelligence Group website
responsible for investigating and mitigating potential vulnerabilities in Cisco products.
Cisco Product Security Incident Response Team (PSIRT)
An ___ is a path by which a threat actor can gain access to a server, host, or network. _____
originate from inside or outside the corporate network, as shown in the figure.
attack vector
An internal user, such as an employee, can accidentally or intentionally:
Steal and copy confidential data to removable media, email, messaging software, and other media.
Compromise internal servers or network infrastructure devices.
Disconnect a critical network connection and cause a network outage.
Connect an infected USB drive into a corporate computer system.
____ have the potential to cause greater damage than ___ because internal users have direct access to the building and its infrastructure devices. Employees may also have knowledge of the corporate network, its resources, and its confidential data.
Internal threats than external threats
is likely to be an organization’s most valuable asset.
Data
Organizational data can include
research and development data,
sales data,
financial data,
human resource and legal data,
employee data,
contractor data, and
customer data.
is when data is intentionally or unintentionally lost, stolen, or leaked to the outside world.
Data loss, or data exfiltration,
The data loss can result in:
Brand damage and loss of reputation
Loss of competitive advantage
Loss of customers
Loss of revenue
Litigation/legal action that results in fines and civil penalties
Significant cost and effort to notify affected parties and recover from the breach
Various ____ controls must be implemented that combine strategic, operational, and tactical measures.
Data Loss Prevention (DLP)
data loss vectors are
Email/Social Networking
Unencrypted Devices
Cloud Storage Devices
Removable Media
Hard Copy
Improper Access Control
The most common vector for data loss includes instant messaging software and social media sites. For instance, intercepted email or IM messages could be captured and reveal confidential information.
Email/Social Networking
A stolen corporate laptop typically contains confidential organizational data. If the data is not stored using an encryption algorithm, then the thief can retrieve valuable confidential data.
Unencrypted Devices
Saving data to the cloud has many potential benefits. However, sensitive data can be lost if access to the cloud is compromised due to weak security settings.
Cloud Storage Devices
One risk is that an employee could perform an unauthorized transfer of data to a USB drive. Another risk is that a USB drive containing valuable corporate data could be lost.
Removable Media
Corporate data should be disposed of thoroughly. For example, confidential data should be shredded when no longer required. Otherwise, a thief could retrieve discarded reports and gain valuable information.
Hard Copy
Passwords are the first line of defense. Stolen passwords or weak passwords which have been compromised can provide an attacker easy access to corporate data.
Improper Access Control
__ consists of interconnected LANs within a limited geographic area.
Campus Area Networks
Connections to untrusted networks must be checked in-depth by multiple layers of defense before reaching enterprise resources.
This is known as defense-in-depth.
The Cisco Integrated Services Router is secured. It protects data in motion that is flowing from the CAN to the outside world by establishing _____. ___ ensure data confidentiality and integrity from authenticated sources.
Virtual Private Networks (VPNs). VPNs
performs stateful packet filtering to filter return traffic from the outside network into the campus network.
ASA Firewall
A Cisco Adaptive Security Appliance (ASA) firewall
continuously monitors incoming and outgoing network traffic for malicious activity. It logs information about the activity, and attempts to block and report it.
IPS
A Cisco Intrusion Prevention System (IPS) device
These distribution layer switches are secured and provide secure redundant trunk connections to the Layer 2 switches. Several different security features can be implemented, such as ACLs, DHCP snooping, Dynamic ARP Inspection (DAI), and IP source guard.
Layer 3 Switches
These access layer switches are secured and connect user-facing ports to the network. Several different security features can be implemented, such as port security, DHCP snooping, and 802.1X user authentication.
Layer 2 Switches
provide advanced threat defense, application visibility and control, reporting, and secure mobility to secure and control email and web traffic.
ESA/WSA
A Cisco Email Security Appliance (ESA) and Web Security Appliance (WSA)
authenticates users, authorizes what they are allowed to do, and tracks what they are doing.
AAA Server
An authentication, authorization, and accounting (AAA) server
End points are secured using various features including antivirus and antimalware software, Host Intrusion Protection System features, and 802.1X authentication features.
Hosts
physical security
fire alarms, sprinklers, seismically-braced server racks, redundant heating, ventilation, and air conditioning (HVAC), and UPS systems are in place to protect people, equipment, and data.
data center physical security can be divided into two areas:
Outside perimeter security
Inside perimeter security
This can include on-premise security officers, fences, gates, continuous video surveillance, and security breach alarms.
Outside perimeter security
This can include continuous video surveillance, electronic motion detectors, security traps, and biometric access and exit sensors.
Inside perimeter security
provide access to the data halls where data center data is stored.
is similar to an air lock.
Security traps
allows organizations to use services such as data storage or cloud-based applications, to extend their capacity or capabilities without adding infrastructure.
Cloud computing
is the foundation of cloud computing. Without it, cloud computing, as it is most-widely implemented, would not be possible.
Virtualization
separates the application from the hardware.
Cloud computing
separates the operating system from the hardware.
Virtualization
VMs are prone to attacks
Hyperjacking
Instant On Activation
Antivirus Storms
-An attacker could hijack a VM hypervisor (VM controlling software) and then use it as a launch point to attack other devices on the data center network.
Hyperjacking
- When a VM that has not been used for a period of time is brought online, it may have outdated security policies that deviate from the baseline security and can introduce security vulnerabilities.
Instant On Activation
- This happens when all VMs attempt to download antivirus data files at the same time.
Antivirus Storms
Cisco Solution to VMs attacks
Cisco Secure Data Center solution
The core components of the Cisco Secure Data Center solution provide the following services:
Secure Segmentation
Threat Defense
Visibility
ASA devices and a Virtual Security Gateway integrated into the Cisco Nexus Series switches are deployed in a data center network to provide secure segmentation. This provides granular inter-virtual-machine security.
Secure Segmentation
ASAs and IPS devices in data center networks use threat intelligence, passive OS fingerprinting, and reputation and contextual analysis to provide threat defense.
Threat Defense
Visibility solutions are provided using software such as the Cisco Security Manager which help simplify operations and compliance reporting.
Visibility
To accommodate the BYOD trend, Cisco developed the ___. ___ access to resources can be initiated by users from many locations, on many types of endpoint devices, using various connectivity methods.
Borderless Network
To support this blurred network edge, Cisco devices support ____. ____ secure, monitor, and manage mobile devices, including corporate-owned devices and employee-owned devices. ____supported and managed devices include not only handheld devices, such as smartphones and tablets, but also laptop and desktop computing devices.
Mobile Device Management (MDM) features.
Critical functions performed by MDM (Mobile Device Management
Data Encryption
PIN Enforcement
Data Wipe
Data Loss Prevention (DLP)
Jailbreak / Root Detection
Most devices have built-in ___ capabilities, both at the device and file level. MDM features can ensure that only devices that support ___ and have it enabled can access the network and corporate content.
data encryption
____ is the first and most effective step in preventing unauthorized access to a device. Furthermore, strong password policies can also be enforced by an MDM, reducing the likelihood of brute-force attacks.
Enforcing a PIN lock
Lost or stolen devices can be remotely fully- or partially-____, either by the user or by an administrator via the MDM.
wiped / data wipe
While data protection functions (like PIN locking, data encryption and remote data wiping) prevent unauthorized users from accessing data, __ prevents authorized users from doing careless or malicious things with critical data.
Data Loss Prevention (DLP)
____ (on Apple iOS devices) and __ (on Android devices) are a means to bypass the management of a device. MDM features can detect such bypasses and immediately restrict a device’s access to the network or other corporate assets.
Jailbreaking apple
rooting android
The____ network type consists of a number of LANs that are connected together across a limited geographic area.
CAN Campus Area Network
networks include a consumer grade router with basic security features to protect inside assets from outside attackers.
SOHO Small Office and Home Office
networks may use high-speed Nexus switches to connect off-site facilities to corporate sites.
Data center
is a security measure found both inside and outside a data center facility. A gate provides outside perimeter security. Security traps, biometrics access, and exit sensors provide inside perimeter security.
Continuous video surveillance
can be intentional or accidental and cause greater damage than external threats because the internal user has direct access to the internal corporate network and corporate data.
Internal threats
are commonly used between corporate sites and between mobile or remote workers that connect to and use resources on the corporate network.
VPNs
commonly have multiple LANs that have host devices attached. A SOHO topology contains wired and wireless hosts on a limited basis. Data centers and cloud topologies typically do not have PCs.
Campus area networks (CANs)
The company had a ___network with no subnets. The threat actor was able to access and destroy all kinds of corporate data due to a thermostat that was on the network, but was not scanned as part of the security procedures.
flat
use a variety of techniques for security including redundant heating, ventilation, and air conditioning (HVAC), UPS systems, fire alarms, sprinklers, video surveillance, electronic motion detectors, security traps, biometric security, security officers, fences, gates, video surveillance, and security breach alarms. Even though cloud-based virtualized servers and network devices may be housed in a data center, protection for cloud computing requires other technologies.
Data centers
is used to secure, monitor, and manage both corporate-owned and employee-owned devices such as smartphones, tablets, laptops, and desktops.
Mobile Device Management (MDM)
occurs when an attacker hijacks a virtual machine (VM) hypervisor and then uses that VM to launch an attack on other data center devices.
Hyperjacking
Data, such as research and development data, sales data, financial data, human resource and legal data, employee data, contractor data, and customer data, is likely to be the ____ for an organization.
most valuable asset
is popular and has many benefits. However data stored there could be compromised due to weak security settings.
Cloud storage
A distinguishing factor of campus area networks (CANs) are that they have ___
interconnected LANs.
