Follow me on twitter: https://twitter.com/CCNADailyTIPS
1.0 Security Concepts
1.2 Common security threats
Reconnaissance – find information about the network
Social engineering – It attacks the weakest part, users with Phishing, Spear Phishing, and more.
Privilege escalation – This is the process of taking some level of access (whether authorized or not) and achieving an even greater level of access. (Lab Next)Back doors – When attackers gain access to a system, they usually want future access, as well, and they want it to be easy. A backdoor application can be installed to either allow future access or to collect information to use in further attacks.
1.2.a Identify common network attacks
Code execution – When attackers can gain access to a device, the most devastation action available for a hack is to execute code.
Man-in-the-Middle – When attackers place themselves in line between two devices that are communicating, to perform recon or manipulate data
Trust exploitation – If the firewall has three interfaces, and the outside interface allows all traffic to the DMZ but not to the inside network, and the DMZ allows access to the inside network from the DMZ, an attacker could use the DMZ to attack your private network.
Brute Force – guessing the password as many times as we can (Scripts)
Botnet – Millions of infected computers, normally used to launch DDoSDoS vs DDoS – DoS is using one IP and DDoS uses multiple (Botnets) sometimes not intentional
1.2.b Describe social engineering
Malicious actors employ social engineering by relying on the human element of networking to find and create holes in the fortress known as cyber security USUALLY FROM NIGERIA:
Common Forms of Social Engineering:
Phishing: Phishing elicits secure information through an e-mail message that appears to come from a legitimate source.
Malvertising: This is the act of incorporating malicious ads on trusted websitesPhone scams: It is not uncommon for someone to call up an employee and attempt to convince employees to divulge information about themselves or others within the organization.
1.2.c Identify malware
Packet captures: Collecting, storing, and analyzing the raw packets that are traversing the network is certainly one way of inspecting traffic for the presence of malware
Snort: Snort is an open source intrusion detection and prevention technology developed by the founder of Sourcefire (now a part of Cisco).
NetFlow: Packet capture is often referred to as micro-analytical in terms of the granularity of data being analyzed.
IPS events: When using IPS devices on your network, it is possible to leverage the alarms triggered on the IPS device as an emergency
Advanced Malware Protection: Cisco Advanced Malware Protection (AMP) is designed for Cisco FirePOWER network security appliances.NGIPS: The Cisco FirePOWER next-generation intrusion prevention system (NGIPS) solution provides multiple layers of advanced threat protection
1.2.d Classify the vectors of data loss/exfiltration
Major network attacks are now conducted by sophisticated, well-funded teams that can evade corporate security measures and steal millions of records from all types of organizations all over the world.
Traditional security measures are good at identifying suspect traffic that is coming inbound, but many organizations lack the visibility into traffic that is leaving their internal networks.
This outbound traffic, if being controlled by malicious actors with a foothold inside the corporate network, often includes company trade secrets, customer data, or other proprietary information that should not be seen by anyone outside of the organization.
This Traffic can compromise intellectual property, loss of sensitive customer and financial data, and high costs from disrupted operations and remediation efforts.
Types of data:Intellectual property (IP): refers to the designs, drawings, and documents that support the development, sale, and support of an organization’s products. Personally identifiable information (PII): includes names, dates of birth, addresses, and Social Security numbers (SSN). Credit/debit cards