02 162501s1i.qxd 9/7/06 11:04 AM Page 1 …

1 CHAPTER 1 vulnerabilities , threats , and AttacksUpon completion of this chapter,you should be able to answer the following questions: What are the basics concepts of network security? What are some common network security vul-nerabilities and threats ? What are security attacks ? What is the process of vulnerability analysis?Key TermsThis chapter uses the following key terms. You can find the definitions in the glossary at the end of the threats page 20 Structured threats page 20 External threats page 20 Internal threats page 21 Hacker page 21 Cracker page 21 Phreaker page 21 Spammer page 21 Phisher page 21 White hat page 21 Black hat page 21 Dictionary cracking page 28 Brute-force computation page 28 Trust exploitation page 28 Port redirection page 29 Man-in-the-middle attack page 30 Social engineering page 30 Phishing page 9/7/06 11:04 AM Page 12 network Security 1 and 2 Companion GuideThe Internet continues to grow exponentially.

2 Personal, government, and business applicationscontinue to multiply on the Internet, with immediate benefits to end users. However, these net-work-based applications and services can pose security risks to individuals and to the informa-tion resources of companies and governments. Information is an asset that must be adequate network security, many individuals, businesses, and governments risk losingthat security is the process by which digital information assets are protected. The goals of network security are as follows: Protect confidentiality Maintain integrity Ensure availabilityWith this in mind, it is imperative that all networks be protected from threats and vulnerabilitiesfor a business to achieve its fullest potential. Typically, these threats are persistent because of vulnerabilities , which can arise from the fol-lowing: Misconfigured hardware or software Poor network design Inherent technology weaknesses End-user carelessness Intentional end-user acts (that is, disgruntled employees)This chapter provides an overview of essential network security concepts, common vulnerabili-ties, threats , attacks , and vulnerability to network SecurityThis chapter consists of an overview of what network security is all about.

3 The sections thatfollow cover the following aspects of network security: The need for network security Identifying potential risks to network security Open versus closed security models Trends driving network security Information security organizationsNoteIt is highly recommendedthat you study the com-mands covered in the chap-ters using the labs and theCommand Reference(Cisco Security ApplianceCommand ReferenceGuide, Version , ; and Cisco IOSS ecurity CommandReference, Release ,at ).Not all required commandsare covered in sufficientdetail in the text completion of thiscourse requires a thoroughknowledge of command syn-tax and application. 9/7/06 11:04 AM Page 2 The Need for network SecuritySecurity has one purpose: to protect assets. For most of history, this meant building strongwalls to stop the enemy and establishing small, well-guarded doors to provide secure access forfriends.

4 This strategy worked well for the centralized, fortress-like world of mainframe comput-ers and closed networks, as seen in Figure 1-1. Figure 1-1 Closed NetworkThe closed network typically consists of a network designed and implemented in a corporateenvironment and provides connectivity only to known parties and sites without connecting topublic networks. Networks were designed this way in the past and thought to be reasonablysecure because of no outside the advent of personal computers, LANs, and the wide-open world of the Internet, the net-works of today are more open, as shown in Figure e-business and Internet applications continue to grow, the key to network security lies indefining the balance between a closed and open network and differentiating the good guys fromthe bad guys. With the increased number of LANs and personal computers, the Internet began to createuntold numbers of security risks.

5 Firewall devices, which are software or hardware that enforcean access control policy between two or more networks, were introduced. This technology gavebusinesses a balance between security and simple outbound access to the Internet, which wasmostly used for e-mail and web 1: vulnerabilities , threats , and attacks 3 Closed NetworkPSTNPSTNF rame Leased LineRemote 9/7/06 11:04 AM Page 3 Figure 1-2 Open network : The network TodayThis balance was short-lived as the use of extranets began to grow, which connected internaland external business processes. Businesses were soon realizing tremendous cost savings byconnecting supply-chain management and enterprise resource planning systems to their busi-ness partners, and by connecting sales-force automation systems to mobile employees, and byproviding electronic commerce connections to business customers and consumers.

6 The firewallbegan to include intrusion detection, authentication, authorization, and vulnerability-assessmentsystems. Today, successful companies have again struck a balance by keeping the enemies outwith increasingly complex ways of letting friends people expect security measures to ensure the following: Users can perform only authorized tasks. Users can obtain only authorized information. Users cannot cause damage to the data, applications, or operating environment of a word securitymeans protection against malicious attack by outsiders (and by insiders).Statistically, there are more attacks from inside sources. Security also involves controlling theeffects of errors and equipment failures. Anything that can protect against an attack will proba-bly prevent random misfortunes, this book, many definitions, acronyms, and logical device symbols dealing withsecurity are introduced (see Figure 1-3).

7 Refer to the glossary for further explanation whenencountering unknown terms and acronyms. For a complete listing of all the graphic symbolsin this book, see the network Security 1 and 2 Companion GuideOpen NetworkInternetPSTNI nternet-BasedIntranet (VPN)Internet-BasedExtranet (VPN)RemoteSitePartnerSiteMobile andRemote 9/7/06 11:04 AM Page 4 Figure 1-3 Several Graphic Symbols Used in This BookLab Student Lab OrientationIn this lab, you review the lab bundle equipment and gain an understanding of thesecurity pod technology and the pod naming and addressing scheme. You then load aCisco IOS Firewall image and the default lab configurations. After that, you cable thestandard lab topology and, finally, test Potential Risks to network SecurityA risk analysis should identify the risks to the network , network resources, and data. The intentof a risk analysis is to identify the components of the network , evaluate the importance of eachcomponent, and then apply an appropriate level of security.

8 This analysis helps to maintain aworkable balance between security and required network access. The key is to identify whatneeds to be secured and at what cost. More money and assets would be allocated ensuring thesecurity of a high-priced automobile versus an old junker, for IdentificationBefore the network can be secured, you must identify the individual components that make upthe network . You need to create an asset inventory that includes all the network devices andendpoints, such as hosts and servers. Vulnerability AssessmentAfter you have identified the network components, you can assess their vulnerabilities . Thesevulnerabilities could be weaknesses in the technology, configuration, or security policy. Anyvulnerability you discover must be addressed to mitigate any threat that could take advantage ofthe vulnerability. vulnerabilities can be fixed by various methods, including applying softwarepatches, reconfiguring devices, or deploying countermeasures, such as firewalls and antivirussoftware.

9 Many websites list the vulnerabilities of network components, and the manufacturersof operating systems and components that list vulnerabilities of their products sponsor 1: vulnerabilities , threats , and attacks 5 RouterSwitchHubNetwork Access ServerPIX SecurityApplianceFirewallRouterFirewall Services Module (FWSM)Cisco IOS 9/7/06 11:04 AM Page 5 Threat IdentificationA threat is an event that can take advantage of vulnerability and cause a negative impact on thenetwork. Potential threats to the network need to be identified, and the related vulnerabilitiesneed to be addressed to minimize the risk of the Versus Closed Security ModelsWith all security designs, some trade-off occurs between user productivity and security meas-ures. The goal of any security design is to provide maximum security with minimum impact onuser access and productivity. Some security measures, such as network data encryption, do notrestrict access and productivity.

10 On the other hand, cumbersome or unnecessarily redundantverification and authorization systems can frustrate users and prevent access to critical networkresources. Remember that the network is a tool designed to enhance production. If the securitymeasures that are put in place become too cumbersome, they will actually detract rather thenenhance used as productivity tools should be designed so that business needs dictate the secu-rity policy. A security policy should not determine how a business operates. Because organiza-tions are constantly subject to change, security policies must be systematically updated toreflect new business directions, technological changes, and resource policies vary greatly in design. Three general types of security models are open,restrictive, and closed. Some important points are as follows (see Figure 1-4): Security model can be open or closed as a starting point.