tailieunhanh - Lecture CCNA security partner - Chapter 1: Network security concepts and policies

This chapter discusses how to develop a comprehensive network security policy to counter threats against information security. It also teaches you about possible threats and how to describe and implement the process of developing a security policy. It covers the identification of common vulnerabilities and threats, mitigation strategies, and the implementation of a security architecture using a lifecycle approach. | Network Security Concepts and Policies 1 To protect assets! Historically done through physical security and closed networks. Purpose of Security With the advent of personal computers, LANs, and the wide-open world of the Internet, the networks of today are more open. The Network Today To provide adequate protection of network resources, the procedures and technologies that you deploy need to guarantee three things : Confidentiality Integrity Availability of systems and data Basic Security Requirements An asset is anything of value to an organization. A vulnerability is a weakness in a system or its design that could be exploited by a threat. A threat is a potential danger to information or systems. A risk is the likelihood that a particular vulnerability will be exploited. An exploit is an attack performed against a vulnerability. A countermeasure (safeguard) is the protection that mitigates the potential risk. Data, Vulnerabilities, and Countermeasures 5 Need for Network Security . | Network Security Concepts and Policies 1 To protect assets! Historically done through physical security and closed networks. Purpose of Security With the advent of personal computers, LANs, and the wide-open world of the Internet, the networks of today are more open. The Network Today To provide adequate protection of network resources, the procedures and technologies that you deploy need to guarantee three things : Confidentiality Integrity Availability of systems and data Basic Security Requirements An asset is anything of value to an organization. A vulnerability is a weakness in a system or its design that could be exploited by a threat. A threat is a potential danger to information or systems. A risk is the likelihood that a particular vulnerability will be exploited. An exploit is an attack performed against a vulnerability. A countermeasure (safeguard) is the protection that mitigates the potential risk. Data, Vulnerabilities, and Countermeasures 5 Need for Network Security Business goals and risk analysis drive the need for network security Dealing with Risk : Reduce Limitation/avoidance Assurance Detection Recoverry Need for Network Security Adversaries, Methodologies, and Classes of Attack Adversaries : To defend against attacks on information and information systems, organizations must begin to define the threat by identifying potential adversaries. These adversaries can include the following: Nations or states Terrorists Criminals Hackers Corporate competitors Disgruntled employees Government agencies, such as the National Security Agency (NSA) and the Federal Bureau of Investigations (FBI) 8 Adversaries, Methodologies, and Classes of Attack Methodologies : Step 1. Perform footprint analysis (reconnaissance). Step 2. Enumerate applications and operating systems. Step 3. Manipulate users to gain access. Step 4. Escalate privileges. Step 5. Gather additional passwords and secrets. Step 6. Install back doors. Step 7. Leverage the compromised system. .

• An ninh - Bảo mật
• CCNA Security Partner
• Network Security
• Purpose of security
• Basic security requirements
• Managing the risk
• Risk analysis
• Security strategy
• Cisco borderless Network
• Cisco borderless Network architecture
• Borderless Networks
• Threat control strategy
• Network security threats
• Threat control design
• Security intelligence analysis
• Network Foundation Protection
• Cisco Configuration Professional
• Cisco NFP Framework
• Secure management
• Securing the management plane
• Cisco IOS devices
• Network Time Protocol
• Simple Network Management Protocol
• Native VLANs
• Configuring VLANs
• Configuring Inter VLAN routing
• Spanning Tree
• IPv6 environments
• IPv6 headers
• IPv6 address types
• Configure IPv6 addressing
• Access Control Lists
• Threat mitigation
• Operational framework
• VLSM environments
• Firewall Fundamentals
• Network Address Translation
• Firewall technologies
• Application layer firewalls
• Cisco IOS Zone Based Firewall
• Cisco IOS Zone Based Policy Firewall
• Intrusion Prevention Systems
• IPS fundamentals
• IPS attack responses
• IPS Anti Evasion techniques
• Fundamentals of cryptography
• VPN technologies
• Public Key Infrastructure
• IPsec fundamentals
• IPsec protocol
• IPsec’s main components
• Site to Site IPsec VPNs
• Cisco IOS Routers
• VPN configuration
• Cisco SSL VPNs
• Protocol framework
• Cisco VPN clientless mode
• Cisco full tunnel mode