Network Security Fundamentals Overview

Welcome back to the CCNA Cisco Netacad Introduction to Networks lecture series. If you are interested in previous lectures, I will leave a link in the description for the playlist. Today, we will be focusing on module number 16 which is Network Security Fundamentals. In this lecture, we will learn how we can configure switches. and routers with device hardening features to enhance security. We will cover security threats and vulnerabilities, network attacks, network attack mitigation and device security. Security threats and vulnerabilities Types of threats Attacks on a network can be devastating and can result in a loss of time and money due to damage. or theft of important information or assets. Intruders can gain access to a network through software vulnerabilities, hardware attacks, or through guessing someone's username and password. Intruders who gain access by modifying software or exploiting software vulnerabilities are called threat actors. After the threat actors gain access to the network, four types of threats may rise. They include information theft, data loss and manipulation, identity theft and disruption of services. So if you look at the information theft, information theft is breaking into a computer to obtain confidential information such as for example social insurance numbers with government systems for example. Information can be used or solved for various purposes. Stealing an organization's proprietary information for example such as patent license information that can be then sold to another company or can be used to develop the same product by a different entity. So that's what defined as this information theft. Data loss and manipulation. Data loss and manipulation is breaking into a computer to destroy or alter Data records. An example of data loss is a threat actor sending a virus that reformats a computer hard drive for example. An example of data manipulation is breaking into a record system to change information such as a piece of an item, sorry price of an item. Another good example of this is if you break into your school network to change your grade, for example, that is considered as a data loss or manipulation, type of manipulation, or breaking into a system instead of destroying the entire hard drive by reformatting it, you are destroying a specific piece of information that you don't want somebody to have, for example. Identity theft. Identity theft is a form of information theft where personal information is stolen for the purpose of taking over someone's identity. Using this information, a threat actor can obtain legal documents, apply for credit, and make unauthorized online purchases. Identity theft is a growing problem costing billions of dollars every year, and there are millions of families suffer due to identity theft. And one of the major problem with identity theft is that it's not only just impacting corporations and major companies. The identity theft also have a very direct, very strong direct impact on all of us. Everybody can be affected by identity theft. Disruption of services. Disruption of services is a prevention. legitimate users from accessing services to which they are entitled to. An example of this should be DDoS attacks which are like a distributed denial of service attacks on servers, network devices or network communication links. There are other types of disruption of services as well such as it could be a program that would keep closing certain ports. I have seen that on my home servers. There are some viruses and programs that can be used to manipulate the port availability of a server, for example, that would also cause a disruption of service. So the well known example would be the DDoS attacks where the attacker would attack a specific server or network device to break access to the communication. by other users. Types of vulnerabilities Vulnerability is the degree of weakness in a network or device. This is a very important definition that you should remember for your CCNA and CCNP exams. The definition of vulnerability of a network or system is the degree of weakness in a network or device. Some degree of vulnerability is inherited in routers such as desktop servers and even security devices. Typically, the network devices under attack are endpoints such as servers and desktop computers. However, the hacker or the threat actor could attack any devices in between. There are three primary vulnerabilities or weaknesses. They are technological, configuration, and security policy. Technological vulnerabilities might include TCP IP protocol weaknesses, operating system weaknesses, network equipment weaknesses, etc. Configuration vulnerabilities might include unsecured user accounts, system accounts with easily guessable passwords, misconfigured internet services, unsecured default settings, min- misconfigures network equipment etc etc. Security policy vulnerabilities might include lack of written security policy, politics, lack of authenticated continuity. What that means is basically you may be authenticating into a system but the system may be transferring that data to another remote system that may not have the same SSL certificate and security attached to it. So even though you are using proper authentication, that authentication in the next authentication between you and the next device is not. So that there is a break in authentication continuity. Logical access controls are not applied, software and hardware installation and changes not following policies. For example, if somebody just walk into your office and plug in a random device they bought from home and that could cause a issue a security issue on your network because that device doesn't have the proper you know the policies installed for that kind of hardware installation and non-existent disaster recovery plan that's another issue so if you have a security vulnerability that created a major issue on your network or data and you don't have a data backup off-site away from your network or separated from your network then basically that's another problem with your security vulnerabilities all three of these sources of vulnerabilities can leave a network or device open to various attacks including malicious code attacks and network attacks for your exams you should be able to know the differences of technological configuration and security policies they are very easy just remember what they actually means so let's look at the technological vulnerabilities um in terms of like and like like a basic overview so for example tcp ip protocol weaknesses uh um unsecured protocols for example On my website, sanuja.com, about five years ago, used to be http://sanuja.com. But now it's HTTPS, which is a SSL TLS certificate. It's actually a TLS certificate. So hypertext transfer protocol, the file transfer protocol, and the internet message protocol, they all have insecurities. So simple network management protocol, SNMP, and simple mail transfer protocol, SMTP, are related to... Sorry. you know related to the you know insecurities that associated with the tcp right so there are some mitigations for this for example instead of using http to access the website a website can use the https the port 443 which is much more secure than port 80 with http another vulnerability technological vulnerability would be the operating system weaknesses each operating system has security problems that must be addressed unix linux you know the mac os mac windows server windows desktop clients they all have some security vulnerabilities that are documented in the computer emergency response team cert archives can be found on the cert.org website there are some vulnerabilities documented there this is one of the reason why your mac os or windows 10 computer would receive security patches and security updates every so often because these companies are trying to keep up this operating system manufacturers and designers and programmers are trying to keep up with fixing these technological vulnerabilities with the operating system network equipment weaknesses so there are various types of network equipment such as routers firewalls switches they have security weaknesses associated with their own configurations as well as the designs their weaknesses include password protection lack of authentication router protocols firewall holes and many many many more Another example of a network equipment weakness would be that if you have multiple network vendors and devices, so Cisco, D-Link, IBM, whole bunch of network switches and routers everywhere. And if your network administrators and IT technicians don't know how to work with those kind of different devices, they might misconfigure something due to lack of knowledge. So that will result in, you know, network equipment weaknesses. So imagine you are a Cisco expert but you suddenly have an IBM router or switch or something like that then well you should be either learn how to do that properly or get someone who can make sure that it is properly installed. So that's an example that I have seen you know in the field where you know security issues with the network equipments. Configuration vulnerabilities. So the configuration vulnerabilities are like how you configure those devices, right, in your network. So there could be unsecured user accounts where user account information may not be transmitted using encryption, exposing the username and password to threat actors. System accounts with easily guessable password, like if you have your username as admin and your password is Canada 2020 or something like that. that's an easily guessable password. I mean it's okay for a temporary short term like a quick password for like a reset something but it is not good to have it there right. And I also have seen some wireless access points in major companies and even malls and you know like restaurants where the the admin password is username root or admin and the password is admin which is basically the default password. so that is a horrible thing to do so make sure that those passwords are properly secured with a very strong password and if we if it is possible change those root and admin users or something else. Misconfigured internet services turning on javascript in web browsers enable attacks by the way of javascript control by threat actors when accessing untrusted sites. And this is an interesting point because this type of JavaScript injection and JavaScript control attacks were actually used by even government agencies to gather information about criminals or bad guys. So criminal would visit the government website and the government can use that JavaScript file to actually to do good. So it's not just used like, you know, but the threat actors use this JavaScript. but it's also good guys like white hacked hackers like the government to try to secure internet from like internet fraud and stuff like that they also use javascript by disabling javascript on your web browser may have an impact on some of the user experience on some website but it will increase your security other potential sources of weaknesses include the misconfiguration of terminal services such as ftp or web services you know having a port 80 open when your entire website is on port 443 makes no sense to me unless there is a reason for port 80 to be open or you haven't updated your microsoft internet information services iis or apache http server that would also could create a issue with the your system because all the versions may have misconfigured um stuff in there that you can reconfigure on a newer version for example that's another thing i see that a lot of people miss like it's not just misconfiguration of the system you have but not updating your system to the newest configuration is also a issue Another one would be unsecured default settings within products as I mentioned before leaving admin as a username and password. Misconfigured network equipment again misconfiguration on equipment itself can cause significant security problems for example having the router protocols SNMP things like that enabled with security holes in it or having your management IP addresses. and management ports completely open to the public facing networks of a Cisco device could also can cause some issues with security. Policy vulnerabilities. So the policy vulnerabilities mostly has to do with how management and the IT professionals handle the company's network systems and IT systems. So they could include lack of written security policies, internal or external politics because different people have different ideas in your company or an organization, the lack of authentication continuity, poorly chosen, easily cracked default passwords, or as I mentioned before, you and the service that you try to reach may have a secure connection, but the service itself... the server that holding that service may be communicating to a remote service with unsecured line so it doesn't matter you have the authentication and security done on your part the server is basically leaking everything to the internet right so that's an example of a authentication continuity issues logical access controls not applied such as inadequate monitoring auditing uh you know not auditing your system You know, this could result in sometimes legal action or termination against IT technicians, IT management or even company leadership. If there is a huge leak of data because there is no logical access control, that could be a huge problem, a headache for your organization. Software and hardware installation and changes that do not follow particular policies. As I mentioned before, if somebody bring a device in from home and just plug it into the network. with no security checks are done that is really bad so that's another one and the other one is a disaster recovery plan as i mentioned before you have to have some form of a disaster recovery plan that allows you know not only a you know recover from natural and other disasters but also threat actors so let's look at the physical security so if network resources can be physically compromised that means I basically walk into a server room with no security at all, a threat actor can deny the use of the network resources. So this is why companies like Microsoft and Google and everybody have like armed guards on their server farms. This is exactly the same reason governments does the same thing as well. The four classes of physical threats are hardware threats, environmental threats, electrical threats and maintenance threats. Hardware threats include physical damage to servers, routers, switches, cable implant and workstations. Environment threats include temperature extremes, too hot, too cold, humidity extreme, too wet, too dry or you putting a server room in a basement that always get floods. That does happen in Calgary by the way. I'm not going to mention the name. but one of the major organizations in calgary put their server room in the basement and in an area where we have a lot of floods in calgary and then during one of the major floods their entire server rooms got flooded costing millions or millions of dollars finally they moved the server room to like the fourth or fifth floor so the new server room will not get flooded electrical threats this include voltage spikes insufficient voltage supply which are brownouts, unconditioned powers which is caused by noise like the sine wave noises for example and total power losses. Maintenance threats, this includes poor handling of key electrical components electrostatic discharge for example, lack of critical spare parts. If you are running a server room you should have like additional extra PSUs uh power supply units ram etc etc hard drives on hand in case something goes out let's say an intel network card goes out you should be able to have spare parts right away where you can replace that network card so there is less downtime poor cabling and poor labeling also another problem you have whole bunch of wires going down your network structures and if you don't know how to tell one wire from the other because you did a poor job in labeling that's going to create more time for the you wasted on your side when maintenance issues comes up also it could result in uh you know you basically cutting into a wire that you should not have a good plan for physical security must be created and implemented to address these issues so lock up equipment and prevent unauthorized access from door, ceiling, raised floors, windows, ducts and vents. Monitoring and control closet entry with electronic logs is a really good another option. And use security cameras wherever it's possible. Network attacks. Types of malware. Malware is short for malicious software. It is code or software specifically designed to damage, disrupt, steal, or inflict bad or illegitimate action on data, host, or networks. The following are types of malware malicious code attacks. One of them is viruses. What viruses does is a computer virus is a type of malware that propagates by inserting a copy of itself. into and becoming part of another program and it's spread from one computer to another leaving infections as it travels so that's the the fundamental definition of a virus for at least for this class so in most classes it should be the same so the definition of a virus is a computer it is a type of malware that propagates by inserting a copy of itself into and becoming part of another program. It spreads from one computer to another leaving infections as it travels. Almost all viruses are attached to an executable file which means the virus may exist on a system but will not be able to be spread it until the user runs or opens the malicious host file or program. so user has to execute that executable file. viruses spread when the software or document they are attached to is transferred from one computer to another using the network, a disk, file sharing or infected email attachments. so remember you understand exactly what viruses are because reason for that is next we're going to talk about things like worms and you might get confusion between viruses worms and torgens and etc etc. So make sure that you understand this part. So another one would be the worms. So they include computer worms that are similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage. However in contrast to viruses which require the spreading of an infected infected host file Worms are standalone software that do not require a host program or human help to propagate. A worm does not need to attach to a program to infect a host and enter a computer through a vulnerability in the system. Worms take advantage of system features to travel through the network unneeded. So what that means is basically this is a very key. distinguishing factor between a virus and a worm. So the viruses has to be executed and it actually uses the user interaction to do its job. But worms in contrast to viruses it is a standalone software that do not require a host program or human interaction to propagate and it use already already in use system features to travel through a network. So those are key features, differences between. So if you go back to the viruses, it become part of another program and it spread from one computer to another, leaving infections as it travels. And it certainly need to be executed, which means the virus has to be, that virus file has to spread with the help of humans. But worms are standalone software that do not require a host or program or human help to propagate and it takes advantage of the system features to travel through a network. Like for example if you have a port open and using an unsecured protocol that can be used by the worms automatically propagate through a network. Another one of those malware would be the torgent horses. And torgent horses include a harmful piece of software that looks legitimate. So it's like a torgent horse, right? But unlike those viruses and worms, torgent horses do not reproduce by infecting other files. attachment or downloading and running a file from the internet. After it is activated, it can achieve any number of attacks on the host from irritating the user with excessive popup ads and stuff like that to damaging the host. which is basically deleting data, stealing your information, activating and spreading other malware such as viruses. So Trojan Horses can be used by viruses to spread its malicious code using the Trojan Horses as a mechanism to do that. Like for example, you may be you have installed now this illegal copy of Microsoft Office with the malicious software software code in it. and then whoever wrote that code then can use that to steal your data whatever you type on your word for example they can have a key logger where they are collecting your passwords username social insurance numbers and etc torgent horses are also known to create backdoors to give malicious users users access to the system so that's that's that's one of the key problems with torgent horses so that software that you are typing your information there may be some key loggers they are taking you know backdoors to get your user information using that what you need to remember for your exams is to you need to remember should be able to differentiate between torsion horses worms and viruses and if you are confused about any of these things like if you don't know how to separate a virus from a worms if somebody give you a description You should read these slides and make sure you know the differences between all of these three items like back of your hand because I guarantee you this will show up on your CCNA and CCNP exams. They can give you a paragraph where you read something that is happening on a system, network or some kind of a end device and they will ask you whether it is more likely a Trojan horse, a virus, or it could be a worm so you should be able to be able to separate those things for your exams next we're going to look at the reconnaissance attacks in addition to malicious code attacks it is also possible for networks to fall prey to various network attacks network attacks can be classified into three major categories reconnaissance attacks Access attacks, Denial of service attacks. So, the reconnaissance attacks are the discovery and mapping of systems, services or vulnerabilities. For reconnaissance attacks, external threat actors can use internet tools such as the NSLookup and HOOS utility to easily determine the IP address space assigned to a given corporation or entity. After the IP address space is determined. a threat actor can then ping the publicly available IP address to identify the addresses that are active. This also can be, you know, some people target specific companies because they want to, you know, figure out all the vulnerabilities of those IP addresses that those companies are using. So that's a reconnaissance attack. Access attacks are the unauthorized manipulation of data system access or user privileges so basically a threat actor will get unauthorized access to your system and then use it to do data manipulation. Denial of service or sometimes distributed denial of service DDoS is a method of disabling or corruption of network systems or services by using a botnet which is a that will you know keep pinging or keep trying to access one single port of your network or one single service of your network, hence preventing authorized users from accessing that system. So a botnet is a number of internet connected devices, each of which is running one or more bots. And those botnets can be used to perform something what I mentioned before, called the distributed denial of service or DDoS attacks, steal data, send spam and allow the attacker to access the device and its connections. So these are like three major categories of networks attacks. So let's look at the access attacks. Access attacks exploit known vulnerabilities in authentication services such as FTP services and web services to gain entry to web accounts confidential databases or other sensitive information. Access attacks can be classified into four types. Those are password attacks, trust exploitation, port redirection and man-in-the-middle attacks. Password attacks are basically implemented using brute force, sometimes sturgeon, horse and packet sniffers. Brute force is basically they keep trying to guess the password or username or both. of a system by keep sending those multiple dictionaries that has those key phrases and passwords and keep attacking the system until it figure out the correct password and username and then torgen host is as i mentioned before i described what it is so it looks like a legitimate program but it is actually gathering password and username information and packet sniffers is basically the sniffing or looking at the packets of your network as it goes through the system and the threat actor then can use that information to figure out how to access your system unauthorized in unauthorized ways trust exploitation a threat actor uses unauthorized privileges to gain access to a system possibly compromising the target port redirection a threat actor uses a compromise system as a base for attacks against another other targets An example of this would be a threat actor using SSH port number 22 to connect to a compromised host A and then the host A is trusted by host B because host B thinks host A has a secure connection and therefore the threat actor can then use the telnet port 23 to access the host B because host B just trusts host A because it's believed that it is secure. Man in the middle attack which is a very common attack nowadays. and it is a threat actor is positioned in between two legitimate entities in order to read or modify the data that passes between two parties. So you could be accessing your banking information but you may be using a VPN tunnel thinking it is secure but in fact the someone in the middle in the VPN connection is actually gathering your data because you bank and you don't now don't have a direct connection for example. and next we will look at how the man in the middle attack works so the man in the middle attack how it works is the step one when a victim requests a web page as i mentioned the request is directed to a threat actor like a computer we could call them a hacker a step two the threat actor computer receives the request and we retrieve the real page from a legitimate website like a banking website the threat actor then changes the legitimate web page and make changes to the data and the threat actor forwards that request page to the victim and the victim thinking that it is accessing the real banking website but in fact in the man in the middle attack there is someone in the middle the bad guy the threat actor that are reading both information coming from your bank as well as the information that you are sending to the bank so that's a man in the middle attack explanation denial of service attacks Denial of service attack or DOS attacks are the most publicized form of attack and among the most difficult to eliminate. These type of attacks had happened almost everywhere in the world and sometimes you see it on BBC, CBC News services. However, because of their ease of implementation and potentially significant damage, DOS attacks deserve special attention from security administrators. So while it is very difficult to eliminate DOS or DDoS attacks because it is such an one of the you know ease of implementation type like very easy to implement and then some bad guy can easily Use the DOS attacks or DOS attacks as security administrators We need to pay a lot more attention to this type of attack. DOS attacks take many forms ultimately, they prevent and the ultimately it prevents the authorized people from using a service by consuming system resources and To help prevent DOS attacks. It is important to stay up to date with the latest security updates for operating systems, applications as well as devices such as Cisco routers and switches. DOS attacks are a major risk because they interrupt communication and cause significant loss of time and money because your legitimate authorized users don't have access to the data because of the DOS attacks. An example would be let's say a hospital with the hospital records. Well, if the doctor can access because of the DOS attack that's not only time and money but it could actually a threat to life. So these attacks are relatively simple to conduct even by an unskilled threat actor. A DDoS uses the botnet which is similar to a DOS attack but it originates from multiple coordinator sources. and for example a threat actor may build a network of infected host all over the world or all over your network known as zombies and a network of zombies is called a botnet so having all those infected machines together are known as a botnet and then the threat actor uses a command and control cnc program to instruct the botnet of zombies to carry out a DDoS attack. So this is also a very common problem. You probably heard that on the news about DDoS attacks. So the threat actor doesn't have to have all of these devices to attack your network. The threat actor can basically infect whole bunch of devices all over the world or within your network and then use those devices which owned by other people to attack you. There's a lab called Research Network Security. If you have access to your Cisco NetAcad, please go ahead download that lab and do it right now. But if you do not have access to this particular lab, I will try to find a copy of it and post it on my website so you can do it. Network Attack Mitigations The Defense in Depth Approach To mitigate network attacks, you must first secure devices including routers, switches, servers, and hosts. Most organizations employ a defense in depth approach, also known as the layered approach, to security. This requires a combination of networking devices and services working in tandem. Several security devices and services are implemented to protect the security of the network. and organizations'users'assets against TCP IP threats includes VPN tunneling, ASA firewall, IPS, ESA, WSA, and AAA servers. And I will go over these things on my next slide. So in the defense in-depth approach, So VPN is a router that is used to provide secure VPN services to corporate sites and remote access support for remote users using secure encrypted tunnels. During COVID-19, a lot of companies, schools and institutions and organizations have multiple users accessing sensitive data from their office, sorry, from their home. but the data is located in the office right so they most of you probably came across the vpn tunnels because of this and it is a way of securing access a safe firewall is a dedicated device that provides stateful firewall services. It ensures that the internal traffic can go out and come back but external traffic cannot initiate connections to inside host. So basically you're putting a firewall on your network and making sure that it doesn't you know, it doesn't let threat actors access the internal networks from outside. The next one would be the IPS which is known as the intrusion prevention system. which monitors incoming and on outgoing traffic looking for malware network attack signatures and other Fingerprints if it recognized a threat it can immediately Stop it or like, you know, it can act on it. So that's why the intrusion prevention system does There's another one called IDS, which is the intrusion detection system that also can you know be implemented on a network security even though it's not listed here and esa and wsa the which are the email security appliances which filter spam malicious emails and web security appliances wsa are filters known as the suspicious internet malware sites filtering so if you have a corporate email address and you get an email and it says it is quarantined like Microsoft Office 365 Outlook email system does have that. That is basically using an ESA. AAA server. This server contains a secure database of who is authorized to access and manage network devices. So the network devices authenticate administrative users using a database instead of using local username and passwords. So you can have multiple. Cisco routers, switches and devices within your network and a AAA server will be containing the access control information, usernames and passwords including administrative username and password for those devices. So all your network technicians and engineers has to authenticate through that AAA server. Key backups. Packing up device configurations and data is one of the most effective ways of protecting your network. against data loss. Backups should be performed on a regular basis as identified in the security policy. Data backups are usually stored off-site to protect the backup media if anything happens to the main facility. And remember your company has to have a proper security policy that will clearly define how those backups will be maintained and how often those backups has to be done. So the table shows the backup considerations when you are writing those policies you had to think about the frequency storage security and validation so the frequency is how often you're gonna perform that backup right there so the perform backups on regular basis to as identify in the policy that you have in your company so if your company says every two weeks we're gonna backup our all our systems you should do every two weeks if it's every week you should have it done every week a full backups can be Time consuming, therefore perform monthly or weekly backups with frequent partial backups of change file is a really good option. Storage, always validate the backups to ensure that the backup file is good because if you have a corrupted backup file when something really bad happen on your real world you can't use the corrupt backup file to restore right so storage is important. and the security of those backups are really important as well so if you put it the backup on off-site or backup on a device that is weak in security well you put your entire network at risk now because basically even though your current network is highly secured your backup files that containing all the sensitive information are not secured so that's not good if the security is bad for those files and then the final the validation the backup should be protected using strong passwords and the password is required to restore those backups so that people don't randomly restore random backups onto your backup files onto your system. Upgrade, update and patch. As new malware is released enterprises need to keep current with latest versions of antivirus software. The most effective way to mitigate a worm attack is to download security updates from operating system vendor and patch all vulnerabilities of the system One solution to the management of critical security patches is to make sure all end systems automatically download updates. So on a Windows machine you can go to Windows updates and you can download the Windows update from your home computer by going into settings and Windows updates. On a corporate network, Windows servers are often used to push those Windows updates on time and get installed when the users are not active. That's why some companies will tell you to not to shut down your computer overnight because they are running some of those updates using the Microsoft ADDS and domain policies which we will will not which we will not cover in this particular module or lecture series but I will cover in my server related lecture series. Authentication, Authorization and Accounting. Authentication, Authorization and Accounting or AAA network security services provide the primary framework to set up access control on network devices. As I mentioned before, having a AAA server to get all that information is better than having it on your own device on your Cisco Switch or Router. A AAA is a way to control who is permitted to access the network in terms of authentication. what actions they perform while they are accessing the network, what they are authorized to do with their authenticated user account and making a record of what was done while they were having that access. The concept of AAA is similar to the use of a credit card. The credit card identifies who can use it, how much that user can spend, which is the credit card limit and keeps account of what items the user spend in that money on right with the credit card statements so what that basically mean is imagine you have two administrative accounts for a cisco switch or a router you can have one of those administrative account to access all the data all the information on the system can change anything they like but the other administrative account may have restricted access and only can access a particular part of the cisco device that basically means the authorization part so the authentication part is both users are allowed to access the device but one user can access anything in the device the other user only can be used part of it that's the authorization part then the accounting part is all the changes this these users are doing on that cisco or windows or whatever the device get logged saying this user has changed that that user changed that that's what where the accounting part come into play so you can look at that as like a credit card as i mentioned here and it does exactly the same thing i mean it does a similar thing as using a credit card Firewalls Network firewalls reside between two or more networks, control the traffic between them, and prevent unauthorized access. A firewall could allow outside users control access to specific services. For example, servers accessible to outside users are usually located on a special network referred to as the Demilitarized Zone or DMC. The DMC enables a network administrator to apply specific policies for hosts connected to the network. So those are firewalls could be Cisco firewalls or Palo Alto firewalls and the firewall would sit between the internet and your internal network and it will basically do type of filtering of that internet connections and make sure only the authorized people can access that inside network and with a demilitarized zone or DMC within a firewall you can basically put your things like HTTP servers with HTTPS and HTTP servers with the your website or some kind of a file server where the internet access is needed so it will be a separate zone from the inside zone again in this class in this module in this particular lecture series you do not need to know in depth of firewalls you just need to know basic things which we will discuss in the next few slides as well but in my firewall class that I will be doing in the future on my youtube channel I will go into depth of how we can configure these things using various firewalls including Cisco and Palo Alto So, types of firewalls. Firewall products comes packaged in various forms. So, these products are different, I mean these products use different techniques for determining what will be permitted or denied across a network. They include the following the packet filtering, application filtering, URL filtering and stateful packet inspection. Packet filtering prevents or allow access based on ip or mac addresses application filtering prevents or allow access by specific application type based on port number url filtering prevents or allow access to websites based on specific urls or keywords and stateful packet inspection or spi what it does is incoming packets must be you know legitimate responses to a request from an internal host. So unsolicited packets are blocked unless permitted specifically. And ISP can also include the capability of recognizing and filtering out specific type of attacks such as DDoS attacks or DOS attacks. That's one of the thing about stateful packet inspection. Sometimes for example ping, ping commands are being blocked using the stateful packet inspection and these are like the key four types of firewall configurations that are mostly used in industries. Endpoint Security. An endpoint or host is an individual computer system or device that acts as a network client. Common endpoints are laptops, desktops, servers, smartphones, and tablets. Securing endpoint devices is one of the most challenging jobs of a network administrator because it involves human nature because humans are interacting with those desktops and smarts smartphones and tablets you know it create a complexity a company must have well-documented policies in place and employees must be aware of these rules employees need to be trained on proper use of the network policies often include the use of antivirus software and host intrusion prevention more comprehensive endpoint security solution rely on network access control. So we don't go too much depth into the endpoint security but in this class but something else that I can add to this an example of the a device security that can implement is like for example some companies if you plug in a an external device such as a USB key or external hard drive it will automatically erase everything on that hard drive because it doesn't want a unauthorized external device being connected to that endpoint so it has a software built into it a small program written by your administrators that will you know erase anything that get connected externally because the company doesn't want you to have access to that right so that is a really good example of that i know a few companies who have that in calgary for example and then it it has to be a human factor is the the problem you know it has to be be able to mitigate that kind of human factor you know human nature right somebody could accidentally put a usb key with a virus or a worm in it and if you have a endpoint security there can detect that and make sure that it can take you know it can use that action to mitigate it. Device security. Cisco auto secure. The security settings are set to the default values when a new operating system is installed on a device. In most cases this level of security is inadequate. For Cisco routers, the Cisco Auto Secure feature can be used to assist securing the system. So in addition to this, there are some simple steps you can take in most operating systems to make sure that your security of the device is better than what it is out of the box. One of the simplest thing you can do is to change the usernames and passwords. as soon as you install that device or ready to install and configuring that device onto a system. Sometimes you cannot change the root user or admin user username. In that case, make sure you use a very strong password or restrict some of those administrative privileges on the default admin account. Where it is possible to change the root or admin password, make sure you change it to something other than just root or admin and that will also increase the security along with the complex password. Access to system resources should be restricted to only the individuals that are authorized to use those resources. So, if there is no need for everybody in your IT department to have access to the central routers, maybe only the few IT techs and network engineers should have access to those. Any unnecessary services and applications should be turned off and uninstalled when possible. So, if you have a server and it has web and other services are running, and if you don't need some of those services you should be turning it off like for example if you don't want ftp services on the server don't keep it running and open just turn it off because it's an unnecessary application right unnecessary need and on an end device if you have a software or a program that is no need to be there you should be uninstalling them often devices shipped from the manufacturer have been sitting in a warehouse for a period of time and do not have the most up-to-date patches installed. It is important to update any software and install any security patches prior to implementation. So if you take a Cisco or Windows or any other computer or a switching or other networking device out of the box before you put it into the network you should run all the updates security patches and make sure it is up to date and good to go because the device may not may not have been updated since it came out of the manufacturing center. Passwords. To protect network devices, it is important to use strong password as I mentioned before. Here are standard guidelines to follow. They are typically recommended by most computer professionals. So, use a password length at least 8 characters, preferably 10 or more. Make sure the password is complex. Include a mix of uppercase and lowercase letters, numbers, symbols and spaces. Avoid passwords based on repetition, common dictionary words, letter or number sequences in username and relatives or pet names, biographical information such as birthdays, ID numbers, ancestors'names or easily identifiable pieces of information should not be in your passwords. deliberately misspell like you know intentionally misspell a password like for example instead of smith using s m y t h would be a good one like it should you know put a letter or a number in there and it's another one change passwords often so if a password is unknowingly compromised the window of opportunity for the threat actor to use that password is limited if you keep changing your password every couple of weeks to couple of months for example like in your company probably there is already a policy that you had to change your lan access which is the your windows network access password every couple of months for example that this is the reason why and do not write passwords down and leave them in obvious places such as a desktop monitors or sticky notes everywhere that's a really bad idea on cisco routers leading spaces are ignored for passwords but spaces after the first character are not. Therefore one method to create a strong password is to use spacebar and create a phrase made of many words. This is called a passphrase. A passphrase is often easier to remember than a simple password. It is also longer and harder to guess. Unfortunately, some of the devices that we use today other than the cisco routers don't have this ability so you can use something like i live in canada for example as a password because you can put spaces in between but cisco routers have the ability to do that but if you're going to do that don't you know if you live in canada don't use the passphrase as i live in canada maybe use a like you know monkeys are funny or something like that something very not true identify your location for example right but the key here i want to you know deliver here is that it is not always possible to use spaces on password but its cisco routers allow that to happen Additional password security. There are several steps that can be taken to help secure that the password remains secret on Cisco routers and switches. This includes encrypt all plain text passwords with the service password encryption command. I will go through them in one of my lab lectures where I will be demonstrating these labs how you can use a service password encryption command. Set a minimum acceptable password. password length with security password minimum length command. Deter brute force password guessing attacks with the logging block for number of after number of atoms within the number of time period and disable an inactive privilege executive mode access after a specific time with the executive timeout command. You can see these commands being used on the right hand side of your screen right here But however on a on a lab a lab, you know lab demonstration I will go over them one thing however, I should point out which Cisco don't actually highlight is the password So the the service password encryption while it encrypts the plaintext password the Cisco use the same algorithm for encrypting all those plain text passwords at least now as of 2022 that basically means even with the service password encryption there are ways to you can decrypt it without even going into without entering all the usernames and password because they use the same algorithm you can backward do it so it's not a very highly secured in is still better than having just a plain text password so keep that in mind so the service password encryption does encrypt your passwords in Cisco devices. However, they use the same algorithm and you can actually read the encrypted password and use backward algorithm to decrypt it if you really want to know what the password of an encrypted Cisco device. So they're not highly secured. They don't use random encryption methodology. Another way to secure your device is to enable SSH. So it is possible To configure a Cisco device to support SSH, using the following steps. Configure a unique device hostname. A device must have a unique hostname other than the default. Configure the IP domain name. Configure the IP domain name of the network by using the global configuration mode command ip-domainname and then you can use ip-domainname sanuja.com for example. Then generate a key to encrypt ssh traffic. So this is actually using a key for securing ssh traffic and the ssh traffic, the ssh encrypts the traffic between source and destination. However, To do so, a unique authentication key must be generated by using the global configuration command which is going to be crypto key generate rsa general keys module and then you put the bits in there. The bits module modulus determines the size of the key and can be configured from 360 bits all the way to 2048 bits. The larger the bit value the more secure the key going to be. However Larger bit values also take longer to encrypt and decrypt information. The minimum recommended modulus length is around 1024 bits. Verify or create a local database entry. To create a local database entry, you just basically go username and then global configuration command. Authenticate against the local database. So use logging local command in the configuration of your cisco device to authenticate the yty lines against local database and then enable yty inbound ssh sessions how to do that what you do is transport input ssh and then you put the telnet or ssh command and All of these commands, as I mentioned before, I will go through a Cisco Lab live demo and I will post it on my YouTube channel. Then you can go ahead and watch that and how you go through these commands. For now just remember there is a way to enable SSH on your Cisco devices and this is how you do it. Disable unused services. So Cisco routers and switches start with a list of active services that may or may not be required in your network. Disable any unused services to preserve system resources such as CPU cycles, RAM and prevent threat actors from exploiting these services. The types of services that are... on by default will vary depending on the ios version of your cisco device for example ios dash xc typically will have only https and dscp ports open you can verify this with the show ip ports command ios versions prior to ios xc use the show control plane host open ports command and if you are looking at a device that is not a cisco router let's say a windows computer for example uh if or as windows server for another example is that you know if you have services and programs that are running that doesn't need to be there you should be getting rid of them as i mentioned before like if you have a ftp and http service on a server and you don't need the ftp service just shut it down and uninstall it or don't use you know make sure you make sure it's not running in the background there is a packet tracer file called configure secure password and ssh if you have access to cisco netacad as i mentioned before you should go ahead download it and do them i'll try to get hold of those files and post it so that you will get hands-on training so and for now if you have access just go ahead and do them there is also a lab called configure network devices with ssh again if you have access to please go ahead download from cisco netacad and do them if you don't i will try to get hold of it and post it onto my website so that will bring us to the end of this module and i will quickly go over what we have learned in this lecture however before that again there is another packet tracer file called secure network devices that will go over most of the stuff we learn here if you have access to it please go ahead and do them same goes for the secure networks devices lab it makes sure that you know you can do them because that will help you write the ccna and ccnp exams and if we look back at what we have learned in this lecture we learn after the threat actor gains access to the network four types of threat may arise that include information theft data loss and manipulation identity theft you and disruption of services. There are three primary vulnerabilities or weaknesses. There are technological configuration and security policy. There are four classes of physical threats that include hardware, environmental, electrical, and maintenance. Malware is a short for malicious software, and it is a code or software specifically designed to damage, disrupt, steal, or inflict bad or bad things. or illegitimate action on data, host, or networks. Network attacks can be classified into three major categories. They are reconnaissance, access, and denial of service attacks. To mitigate network attacks, You must first secure devices including routers, switches, servers, and hosts. Most organizations employ a defense-in-depth approach to security. This requires a combination of networking devices and services working together. Several security devices and services are implemented to protect an organization's users and assets against TCP IP threats. such as VPN, SAA firewall, IPS, ESA, WSA, and AAA servers. You should roughly know what they are and how to define them, but you don't need to know go into depth of how they can be implemented because that is not part of this introductory course. We also learn infrastructure devices should have backups of configuration files and iOS images on an FTP or similar file server. We learn if the computer on a router hardware fails, the data or configuration should be able to get restored using one of those backup copies. We also learned the most effective way to mitigate a worm attack is to download security updates from the operating system vendor such as if you are using a Windows computer it would be from Microsoft and patch all vulnerable systems. To manage critical security patches, you need to make sure all end systems automatically download these updates. So if you are a network administrator and you have multiple Cisco devices, you may be able to use sometimes servers and apis to access those devices to push those updates and if you are a windows administrator you should be able to push those updates to your windows end clients using windows server for example aaa is a way to control who is permitted to access a network architecture what they can do while they are there which is authorization and what actions they perform while accessing those networking devices. So make sure you know what the AAA server does but also what is the difference between authentication, authorization and accounting. So authentication means you do have access to the device because you have a username and password that is valid and recognized. Authorization is how much of the data and how much you can do with that user account. So you may not have access to certain areas of the syscode or a microsoft device but you do have access to other areas that is where the authorization come into play and the accounting is whatever you do with that user account username and password that you use to authenticate will be logged that is where the accounting comes in so make sure you know those things that's why i'm repeating that again because they do show up on your syscode ccna as well as the ccnp exams The network firewalls reside between two or more networks, control the traffic between them, and help prevent unauthorized access. We learned securing endpoint devices is critical to network security. A company must have well-documented policies in place, which may include the use of antivirus software and host intrusion prevention. More comprehensive endpoint security solutions depend on the network access control. We also launched Cisco routers. We have the Cisco Auto Secure feature which can be used to assist securing the system. For most operating systems by default there is a username and password and that should be changed immediately when you are installing those devices on networks and the access to the resources should be restricted to only the individuals that are authorized to use those. resources and any unnecessary services and applications should be turned off and uninstalled when possible such as you know if there is no need to have HTTP access just close the HTTP access and all services and just have the SSH access open and if you have network technicians who shouldn't be accessing certain devices only that network administrator should be accessing you restrict that those people from accessing it so that's what this is about We also learn to protect network devices. It is important to use strong passwords. A paraphrase is often easier to remember than a simple password. And we also learn it is also better to use a longer password because they are harder to guess. For routers and switches, encrypt all plaintext passwords, setting a minimum acceptable password length and deter brute force password guessing attacks. and disable any inactive privilege executive mode access and specify the amount of time of password resetting as well as the access times finally configure appropriate devices to support SSH and disable unused services so usually when you enable SSH on a device you don't need telnet so I would just get rid of that and just use ssh when if it is available and suitable that would bring us to the end of this lecture if you like these modules and lectures please thumbs up this video and subscribe to my channel if you have any questions or concerns related to this particular topic or any other topic you are feel free to contact me by leaving a comment below until next time good luck with and have a nice day.

In this lecture, we will learn how we can configure switches. and routers with device hardening features to enhance security. We will cover security threats and vulnerabilities, network attacks, network attack mitigation and device security.

Security threats and vulnerabilities Types of threats Attacks on a network can be devastating and can result in a loss of time and money due to damage. or theft of important information or assets. Intruders can gain access to a network through software vulnerabilities, hardware attacks, or through guessing someone's username and password. Intruders who gain access by modifying software or exploiting software vulnerabilities are called threat actors. After the threat actors gain access to the network, four types of threats may rise.

They include information theft, data loss and manipulation, identity theft and disruption of services. So if you look at the information theft, information theft is breaking into a computer to obtain confidential information such as for example social insurance numbers with government systems for example. Information can be used or solved for various purposes. Stealing an organization's proprietary information for example such as patent license information that can be then sold to another company or can be used to develop the same product by a different entity.

So that's what defined as this information theft. Data loss and manipulation. Data loss and manipulation is breaking into a computer to destroy or alter Data records. An example of data loss is a threat actor sending a virus that reformats a computer hard drive for example.

An example of data manipulation is breaking into a record system to change information such as a piece of an item, sorry price of an item. Another good example of this is if you break into your school network to change your grade, for example, that is considered as a data loss or manipulation, type of manipulation, or breaking into a system instead of destroying the entire hard drive by reformatting it, you are destroying a specific piece of information that you don't want somebody to have, for example. Identity theft. Identity theft is a form of information theft where personal information is stolen for the purpose of taking over someone's identity. Using this information, a threat actor can obtain legal documents, apply for credit, and make unauthorized online purchases.

Identity theft is a growing problem costing billions of dollars every year, and there are millions of families suffer due to identity theft. And one of the major problem with identity theft is that it's not only just impacting corporations and major companies. The identity theft also have a very direct, very strong direct impact on all of us. Everybody can be affected by identity theft. Disruption of services.

Disruption of services is a prevention. legitimate users from accessing services to which they are entitled to. An example of this should be DDoS attacks which are like a distributed denial of service attacks on servers, network devices or network communication links. There are other types of disruption of services as well such as it could be a program that would keep closing certain ports. I have seen that on my home servers.

There are some viruses and programs that can be used to manipulate the port availability of a server, for example, that would also cause a disruption of service. So the well known example would be the DDoS attacks where the attacker would attack a specific server or network device to break access to the communication. by other users.

Types of vulnerabilities Vulnerability is the degree of weakness in a network or device. This is a very important definition that you should remember for your CCNA and CCNP exams. The definition of vulnerability of a network or system is the degree of weakness in a network or device. Some degree of vulnerability is inherited in routers such as desktop servers and even security devices. Typically, the network devices under attack are endpoints such as servers and desktop computers.

However, the hacker or the threat actor could attack any devices in between. There are three primary vulnerabilities or weaknesses. They are technological, configuration, and security policy. Technological vulnerabilities might include TCP IP protocol weaknesses, operating system weaknesses, network equipment weaknesses, etc. Configuration vulnerabilities might include unsecured user accounts, system accounts with easily guessable passwords, misconfigured internet services, unsecured default settings, min- misconfigures network equipment etc etc.

Security policy vulnerabilities might include lack of written security policy, politics, lack of authenticated continuity. What that means is basically you may be authenticating into a system but the system may be transferring that data to another remote system that may not have the same SSL certificate and security attached to it. So even though you are using proper authentication, that authentication in the next authentication between you and the next device is not. So that there is a break in authentication continuity. Logical access controls are not applied, software and hardware installation and changes not following policies.

For example, if somebody just walk into your office and plug in a random device they bought from home and that could cause a issue a security issue on your network because that device doesn't have the proper you know the policies installed for that kind of hardware installation and non-existent disaster recovery plan that's another issue so if you have a security vulnerability that created a major issue on your network or data and you don't have a data backup off-site away from your network or separated from your network then basically that's another problem with your security vulnerabilities all three of these sources of vulnerabilities can leave a network or device open to various attacks including malicious code attacks and network attacks for your exams you should be able to know the differences of technological configuration and security policies they are very easy just remember what they actually means so let's look at the technological vulnerabilities um in terms of like and like like a basic overview so for example tcp ip protocol weaknesses uh um unsecured protocols for example On my website, sanuja.com, about five years ago, used to be http://sanuja.com. But now it's HTTPS, which is a SSL TLS certificate. It's actually a TLS certificate.

So hypertext transfer protocol, the file transfer protocol, and the internet message protocol, they all have insecurities. So simple network management protocol, SNMP, and simple mail transfer protocol, SMTP, are related to... Sorry. you know related to the you know insecurities that associated with the tcp right so there are some mitigations for this for example instead of using http to access the website a website can use the https the port 443 which is much more secure than port 80 with http another vulnerability technological vulnerability would be the operating system weaknesses each operating system has security problems that must be addressed unix linux you know the mac os mac windows server windows desktop clients they all have some security vulnerabilities that are documented in the computer emergency response team cert archives can be found on the cert.org website there are some vulnerabilities documented there this is one of the reason why your mac os or windows 10 computer would receive security patches and security updates every so often because these companies are trying to keep up this operating system manufacturers and designers and programmers are trying to keep up with fixing these technological vulnerabilities with the operating system network equipment weaknesses so there are various types of network equipment such as routers firewalls switches they have security weaknesses associated with their own configurations as well as the designs their weaknesses include password protection lack of authentication router protocols firewall holes and many many many more Another example of a network equipment weakness would be that if you have multiple network vendors and devices, so Cisco, D-Link, IBM, whole bunch of network switches and routers everywhere.

And if your network administrators and IT technicians don't know how to work with those kind of different devices, they might misconfigure something due to lack of knowledge. So that will result in, you know, network equipment weaknesses. So imagine you are a Cisco expert but you suddenly have an IBM router or switch or something like that then well you should be either learn how to do that properly or get someone who can make sure that it is properly installed.

So that's an example that I have seen you know in the field where you know security issues with the network equipments. Configuration vulnerabilities. So the configuration vulnerabilities are like how you configure those devices, right, in your network. So there could be unsecured user accounts where user account information may not be transmitted using encryption, exposing the username and password to threat actors.

System accounts with easily guessable password, like if you have your username as admin and your password is Canada 2020 or something like that. that's an easily guessable password. I mean it's okay for a temporary short term like a quick password for like a reset something but it is not good to have it there right. And I also have seen some wireless access points in major companies and even malls and you know like restaurants where the the admin password is username root or admin and the password is admin which is basically the default password. so that is a horrible thing to do so make sure that those passwords are properly secured with a very strong password and if we if it is possible change those root and admin users or something else.

Misconfigured internet services turning on javascript in web browsers enable attacks by the way of javascript control by threat actors when accessing untrusted sites. And this is an interesting point because this type of JavaScript injection and JavaScript control attacks were actually used by even government agencies to gather information about criminals or bad guys. So criminal would visit the government website and the government can use that JavaScript file to actually to do good.

So it's not just used like, you know, but the threat actors use this JavaScript. but it's also good guys like white hacked hackers like the government to try to secure internet from like internet fraud and stuff like that they also use javascript by disabling javascript on your web browser may have an impact on some of the user experience on some website but it will increase your security other potential sources of weaknesses include the misconfiguration of terminal services such as ftp or web services you know having a port 80 open when your entire website is on port 443 makes no sense to me unless there is a reason for port 80 to be open or you haven't updated your microsoft internet information services iis or apache http server that would also could create a issue with the your system because all the versions may have misconfigured um stuff in there that you can reconfigure on a newer version for example that's another thing i see that a lot of people miss like it's not just misconfiguration of the system you have but not updating your system to the newest configuration is also a issue Another one would be unsecured default settings within products as I mentioned before leaving admin as a username and password. Misconfigured network equipment again misconfiguration on equipment itself can cause significant security problems for example having the router protocols SNMP things like that enabled with security holes in it or having your management IP addresses. and management ports completely open to the public facing networks of a Cisco device could also can cause some issues with security.

Policy vulnerabilities. So the policy vulnerabilities mostly has to do with how management and the IT professionals handle the company's network systems and IT systems. So they could include lack of written security policies, internal or external politics because different people have different ideas in your company or an organization, the lack of authentication continuity, poorly chosen, easily cracked default passwords, or as I mentioned before, you and the service that you try to reach may have a secure connection, but the service itself...

the server that holding that service may be communicating to a remote service with unsecured line so it doesn't matter you have the authentication and security done on your part the server is basically leaking everything to the internet right so that's an example of a authentication continuity issues logical access controls not applied such as inadequate monitoring auditing uh you know not auditing your system You know, this could result in sometimes legal action or termination against IT technicians, IT management or even company leadership. If there is a huge leak of data because there is no logical access control, that could be a huge problem, a headache for your organization. Software and hardware installation and changes that do not follow particular policies.

As I mentioned before, if somebody bring a device in from home and just plug it into the network. with no security checks are done that is really bad so that's another one and the other one is a disaster recovery plan as i mentioned before you have to have some form of a disaster recovery plan that allows you know not only a you know recover from natural and other disasters but also threat actors so let's look at the physical security so if network resources can be physically compromised that means I basically walk into a server room with no security at all, a threat actor can deny the use of the network resources. So this is why companies like Microsoft and Google and everybody have like armed guards on their server farms.

This is exactly the same reason governments does the same thing as well. The four classes of physical threats are hardware threats, environmental threats, electrical threats and maintenance threats. Hardware threats include physical damage to servers, routers, switches, cable implant and workstations. Environment threats include temperature extremes, too hot, too cold, humidity extreme, too wet, too dry or you putting a server room in a basement that always get floods. That does happen in Calgary by the way.

I'm not going to mention the name. but one of the major organizations in calgary put their server room in the basement and in an area where we have a lot of floods in calgary and then during one of the major floods their entire server rooms got flooded costing millions or millions of dollars finally they moved the server room to like the fourth or fifth floor so the new server room will not get flooded electrical threats this include voltage spikes insufficient voltage supply which are brownouts, unconditioned powers which is caused by noise like the sine wave noises for example and total power losses. Maintenance threats, this includes poor handling of key electrical components electrostatic discharge for example, lack of critical spare parts. If you are running a server room you should have like additional extra PSUs uh power supply units ram etc etc hard drives on hand in case something goes out let's say an intel network card goes out you should be able to have spare parts right away where you can replace that network card so there is less downtime poor cabling and poor labeling also another problem you have whole bunch of wires going down your network structures and if you don't know how to tell one wire from the other because you did a poor job in labeling that's going to create more time for the you wasted on your side when maintenance issues comes up also it could result in uh you know you basically cutting into a wire that you should not have a good plan for physical security must be created and implemented to address these issues so lock up equipment and prevent unauthorized access from door, ceiling, raised floors, windows, ducts and vents. Monitoring and control closet entry with electronic logs is a really good another option.

And use security cameras wherever it's possible. Network attacks. Types of malware. Malware is short for malicious software.

It is code or software specifically designed to damage, disrupt, steal, or inflict bad or illegitimate action on data, host, or networks. The following are types of malware malicious code attacks. One of them is viruses. What viruses does is a computer virus is a type of malware that propagates by inserting a copy of itself. into and becoming part of another program and it's spread from one computer to another leaving infections as it travels so that's the the fundamental definition of a virus for at least for this class so in most classes it should be the same so the definition of a virus is a computer it is a type of malware that propagates by inserting a copy of itself into and becoming part of another program.

It spreads from one computer to another leaving infections as it travels. Almost all viruses are attached to an executable file which means the virus may exist on a system but will not be able to be spread it until the user runs or opens the malicious host file or program. so user has to execute that executable file.

viruses spread when the software or document they are attached to is transferred from one computer to another using the network, a disk, file sharing or infected email attachments. so remember you understand exactly what viruses are because reason for that is next we're going to talk about things like worms and you might get confusion between viruses worms and torgens and etc etc. So make sure that you understand this part. So another one would be the worms.

So they include computer worms that are similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage. However in contrast to viruses which require the spreading of an infected infected host file Worms are standalone software that do not require a host program or human help to propagate. A worm does not need to attach to a program to infect a host and enter a computer through a vulnerability in the system. Worms take advantage of system features to travel through the network unneeded. So what that means is basically this is a very key.

distinguishing factor between a virus and a worm. So the viruses has to be executed and it actually uses the user interaction to do its job. But worms in contrast to viruses it is a standalone software that do not require a host program or human interaction to propagate and it use already already in use system features to travel through a network. So those are key features, differences between. So if you go back to the viruses, it become part of another program and it spread from one computer to another, leaving infections as it travels.

And it certainly need to be executed, which means the virus has to be, that virus file has to spread with the help of humans. But worms are standalone software that do not require a host or program or human help to propagate and it takes advantage of the system features to travel through a network. Like for example if you have a port open and using an unsecured protocol that can be used by the worms automatically propagate through a network. Another one of those malware would be the torgent horses. And torgent horses include a harmful piece of software that looks legitimate.

So it's like a torgent horse, right? But unlike those viruses and worms, torgent horses do not reproduce by infecting other files. attachment or downloading and running a file from the internet. After it is activated, it can achieve any number of attacks on the host from irritating the user with excessive popup ads and stuff like that to damaging the host.

which is basically deleting data, stealing your information, activating and spreading other malware such as viruses. So Trojan Horses can be used by viruses to spread its malicious code using the Trojan Horses as a mechanism to do that. Like for example, you may be you have installed now this illegal copy of Microsoft Office with the malicious software software code in it. and then whoever wrote that code then can use that to steal your data whatever you type on your word for example they can have a key logger where they are collecting your passwords username social insurance numbers and etc torgent horses are also known to create backdoors to give malicious users users access to the system so that's that's that's one of the key problems with torgent horses so that software that you are typing your information there may be some key loggers they are taking you know backdoors to get your user information using that what you need to remember for your exams is to you need to remember should be able to differentiate between torsion horses worms and viruses and if you are confused about any of these things like if you don't know how to separate a virus from a worms if somebody give you a description You should read these slides and make sure you know the differences between all of these three items like back of your hand because I guarantee you this will show up on your CCNA and CCNP exams. They can give you a paragraph where you read something that is happening on a system, network or some kind of a end device and they will ask you whether it is more likely a Trojan horse, a virus, or it could be a worm so you should be able to be able to separate those things for your exams next we're going to look at the reconnaissance attacks in addition to malicious code attacks it is also possible for networks to fall prey to various network attacks network attacks can be classified into three major categories reconnaissance attacks Access attacks, Denial of service attacks.

So, the reconnaissance attacks are the discovery and mapping of systems, services or vulnerabilities. For reconnaissance attacks, external threat actors can use internet tools such as the NSLookup and HOOS utility to easily determine the IP address space assigned to a given corporation or entity. After the IP address space is determined. a threat actor can then ping the publicly available IP address to identify the addresses that are active.

This also can be, you know, some people target specific companies because they want to, you know, figure out all the vulnerabilities of those IP addresses that those companies are using. So that's a reconnaissance attack. Access attacks are the unauthorized manipulation of data system access or user privileges so basically a threat actor will get unauthorized access to your system and then use it to do data manipulation. Denial of service or sometimes distributed denial of service DDoS is a method of disabling or corruption of network systems or services by using a botnet which is a that will you know keep pinging or keep trying to access one single port of your network or one single service of your network, hence preventing authorized users from accessing that system.

So a botnet is a number of internet connected devices, each of which is running one or more bots. And those botnets can be used to perform something what I mentioned before, called the distributed denial of service or DDoS attacks, steal data, send spam and allow the attacker to access the device and its connections. So these are like three major categories of networks attacks. So let's look at the access attacks.

Access attacks exploit known vulnerabilities in authentication services such as FTP services and web services to gain entry to web accounts confidential databases or other sensitive information. Access attacks can be classified into four types. Those are password attacks, trust exploitation, port redirection and man-in-the-middle attacks.

Password attacks are basically implemented using brute force, sometimes sturgeon, horse and packet sniffers. Brute force is basically they keep trying to guess the password or username or both. of a system by keep sending those multiple dictionaries that has those key phrases and passwords and keep attacking the system until it figure out the correct password and username and then torgen host is as i mentioned before i described what it is so it looks like a legitimate program but it is actually gathering password and username information and packet sniffers is basically the sniffing or looking at the packets of your network as it goes through the system and the threat actor then can use that information to figure out how to access your system unauthorized in unauthorized ways trust exploitation a threat actor uses unauthorized privileges to gain access to a system possibly compromising the target port redirection a threat actor uses a compromise system as a base for attacks against another other targets An example of this would be a threat actor using SSH port number 22 to connect to a compromised host A and then the host A is trusted by host B because host B thinks host A has a secure connection and therefore the threat actor can then use the telnet port 23 to access the host B because host B just trusts host A because it's believed that it is secure. Man in the middle attack which is a very common attack nowadays. and it is a threat actor is positioned in between two legitimate entities in order to read or modify the data that passes between two parties.

So you could be accessing your banking information but you may be using a VPN tunnel thinking it is secure but in fact the someone in the middle in the VPN connection is actually gathering your data because you bank and you don't now don't have a direct connection for example. and next we will look at how the man in the middle attack works so the man in the middle attack how it works is the step one when a victim requests a web page as i mentioned the request is directed to a threat actor like a computer we could call them a hacker a step two the threat actor computer receives the request and we retrieve the real page from a legitimate website like a banking website the threat actor then changes the legitimate web page and make changes to the data and the threat actor forwards that request page to the victim and the victim thinking that it is accessing the real banking website but in fact in the man in the middle attack there is someone in the middle the bad guy the threat actor that are reading both information coming from your bank as well as the information that you are sending to the bank so that's a man in the middle attack explanation denial of service attacks Denial of service attack or DOS attacks are the most publicized form of attack and among the most difficult to eliminate. These type of attacks had happened almost everywhere in the world and sometimes you see it on BBC, CBC News services.

However, because of their ease of implementation and potentially significant damage, DOS attacks deserve special attention from security administrators. So while it is very difficult to eliminate DOS or DDoS attacks because it is such an one of the you know ease of implementation type like very easy to implement and then some bad guy can easily Use the DOS attacks or DOS attacks as security administrators We need to pay a lot more attention to this type of attack. DOS attacks take many forms ultimately, they prevent and the ultimately it prevents the authorized people from using a service by consuming system resources and To help prevent DOS attacks. It is important to stay up to date with the latest security updates for operating systems, applications as well as devices such as Cisco routers and switches. DOS attacks are a major risk because they interrupt communication and cause significant loss of time and money because your legitimate authorized users don't have access to the data because of the DOS attacks.

An example would be let's say a hospital with the hospital records. Well, if the doctor can access because of the DOS attack that's not only time and money but it could actually a threat to life. So these attacks are relatively simple to conduct even by an unskilled threat actor. A DDoS uses the botnet which is similar to a DOS attack but it originates from multiple coordinator sources.

and for example a threat actor may build a network of infected host all over the world or all over your network known as zombies and a network of zombies is called a botnet so having all those infected machines together are known as a botnet and then the threat actor uses a command and control cnc program to instruct the botnet of zombies to carry out a DDoS attack. So this is also a very common problem. You probably heard that on the news about DDoS attacks.

So the threat actor doesn't have to have all of these devices to attack your network. The threat actor can basically infect whole bunch of devices all over the world or within your network and then use those devices which owned by other people to attack you. There's a lab called Research Network Security.

If you have access to your Cisco NetAcad, please go ahead download that lab and do it right now. But if you do not have access to this particular lab, I will try to find a copy of it and post it on my website so you can do it. Network Attack Mitigations The Defense in Depth Approach To mitigate network attacks, you must first secure devices including routers, switches, servers, and hosts. Most organizations employ a defense in depth approach, also known as the layered approach, to security.

This requires a combination of networking devices and services working in tandem. Several security devices and services are implemented to protect the security of the network. and organizations'users'assets against TCP IP threats includes VPN tunneling, ASA firewall, IPS, ESA, WSA, and AAA servers. And I will go over these things on my next slide. So in the defense in-depth approach, So VPN is a router that is used to provide secure VPN services to corporate sites and remote access support for remote users using secure encrypted tunnels.

During COVID-19, a lot of companies, schools and institutions and organizations have multiple users accessing sensitive data from their office, sorry, from their home. but the data is located in the office right so they most of you probably came across the vpn tunnels because of this and it is a way of securing access a safe firewall is a dedicated device that provides stateful firewall services. It ensures that the internal traffic can go out and come back but external traffic cannot initiate connections to inside host.

So basically you're putting a firewall on your network and making sure that it doesn't you know, it doesn't let threat actors access the internal networks from outside. The next one would be the IPS which is known as the intrusion prevention system. which monitors incoming and on outgoing traffic looking for malware network attack signatures and other Fingerprints if it recognized a threat it can immediately Stop it or like, you know, it can act on it.

So that's why the intrusion prevention system does There's another one called IDS, which is the intrusion detection system that also can you know be implemented on a network security even though it's not listed here and esa and wsa the which are the email security appliances which filter spam malicious emails and web security appliances wsa are filters known as the suspicious internet malware sites filtering so if you have a corporate email address and you get an email and it says it is quarantined like Microsoft Office 365 Outlook email system does have that. That is basically using an ESA. AAA server. This server contains a secure database of who is authorized to access and manage network devices.

So the network devices authenticate administrative users using a database instead of using local username and passwords. So you can have multiple. Cisco routers, switches and devices within your network and a AAA server will be containing the access control information, usernames and passwords including administrative username and password for those devices.

So all your network technicians and engineers has to authenticate through that AAA server. Key backups. Packing up device configurations and data is one of the most effective ways of protecting your network. against data loss. Backups should be performed on a regular basis as identified in the security policy.

Data backups are usually stored off-site to protect the backup media if anything happens to the main facility. And remember your company has to have a proper security policy that will clearly define how those backups will be maintained and how often those backups has to be done. So the table shows the backup considerations when you are writing those policies you had to think about the frequency storage security and validation so the frequency is how often you're gonna perform that backup right there so the perform backups on regular basis to as identify in the policy that you have in your company so if your company says every two weeks we're gonna backup our all our systems you should do every two weeks if it's every week you should have it done every week a full backups can be Time consuming, therefore perform monthly or weekly backups with frequent partial backups of change file is a really good option.

Storage, always validate the backups to ensure that the backup file is good because if you have a corrupted backup file when something really bad happen on your real world you can't use the corrupt backup file to restore right so storage is important. and the security of those backups are really important as well so if you put it the backup on off-site or backup on a device that is weak in security well you put your entire network at risk now because basically even though your current network is highly secured your backup files that containing all the sensitive information are not secured so that's not good if the security is bad for those files and then the final the validation the backup should be protected using strong passwords and the password is required to restore those backups so that people don't randomly restore random backups onto your backup files onto your system. Upgrade, update and patch. As new malware is released enterprises need to keep current with latest versions of antivirus software. The most effective way to mitigate a worm attack is to download security updates from operating system vendor and patch all vulnerabilities of the system One solution to the management of critical security patches is to make sure all end systems automatically download updates.

So on a Windows machine you can go to Windows updates and you can download the Windows update from your home computer by going into settings and Windows updates. On a corporate network, Windows servers are often used to push those Windows updates on time and get installed when the users are not active. That's why some companies will tell you to not to shut down your computer overnight because they are running some of those updates using the Microsoft ADDS and domain policies which we will will not which we will not cover in this particular module or lecture series but I will cover in my server related lecture series. Authentication, Authorization and Accounting. Authentication, Authorization and Accounting or AAA network security services provide the primary framework to set up access control on network devices.

As I mentioned before, having a AAA server to get all that information is better than having it on your own device on your Cisco Switch or Router. A AAA is a way to control who is permitted to access the network in terms of authentication. what actions they perform while they are accessing the network, what they are authorized to do with their authenticated user account and making a record of what was done while they were having that access.

The concept of AAA is similar to the use of a credit card. The credit card identifies who can use it, how much that user can spend, which is the credit card limit and keeps account of what items the user spend in that money on right with the credit card statements so what that basically mean is imagine you have two administrative accounts for a cisco switch or a router you can have one of those administrative account to access all the data all the information on the system can change anything they like but the other administrative account may have restricted access and only can access a particular part of the cisco device that basically means the authorization part so the authentication part is both users are allowed to access the device but one user can access anything in the device the other user only can be used part of it that's the authorization part then the accounting part is all the changes this these users are doing on that cisco or windows or whatever the device get logged saying this user has changed that that user changed that that's what where the accounting part come into play so you can look at that as like a credit card as i mentioned here and it does exactly the same thing i mean it does a similar thing as using a credit card Firewalls Network firewalls reside between two or more networks, control the traffic between them, and prevent unauthorized access. A firewall could allow outside users control access to specific services. For example, servers accessible to outside users are usually located on a special network referred to as the Demilitarized Zone or DMC.

The DMC enables a network administrator to apply specific policies for hosts connected to the network. So those are firewalls could be Cisco firewalls or Palo Alto firewalls and the firewall would sit between the internet and your internal network and it will basically do type of filtering of that internet connections and make sure only the authorized people can access that inside network and with a demilitarized zone or DMC within a firewall you can basically put your things like HTTP servers with HTTPS and HTTP servers with the your website or some kind of a file server where the internet access is needed so it will be a separate zone from the inside zone again in this class in this module in this particular lecture series you do not need to know in depth of firewalls you just need to know basic things which we will discuss in the next few slides as well but in my firewall class that I will be doing in the future on my youtube channel I will go into depth of how we can configure these things using various firewalls including Cisco and Palo Alto So, types of firewalls. Firewall products comes packaged in various forms.

So, these products are different, I mean these products use different techniques for determining what will be permitted or denied across a network. They include the following the packet filtering, application filtering, URL filtering and stateful packet inspection. Packet filtering prevents or allow access based on ip or mac addresses application filtering prevents or allow access by specific application type based on port number url filtering prevents or allow access to websites based on specific urls or keywords and stateful packet inspection or spi what it does is incoming packets must be you know legitimate responses to a request from an internal host.

So unsolicited packets are blocked unless permitted specifically. And ISP can also include the capability of recognizing and filtering out specific type of attacks such as DDoS attacks or DOS attacks. That's one of the thing about stateful packet inspection. Sometimes for example ping, ping commands are being blocked using the stateful packet inspection and these are like the key four types of firewall configurations that are mostly used in industries.

Endpoint Security. An endpoint or host is an individual computer system or device that acts as a network client. Common endpoints are laptops, desktops, servers, smartphones, and tablets. Securing endpoint devices is one of the most challenging jobs of a network administrator because it involves human nature because humans are interacting with those desktops and smarts smartphones and tablets you know it create a complexity a company must have well-documented policies in place and employees must be aware of these rules employees need to be trained on proper use of the network policies often include the use of antivirus software and host intrusion prevention more comprehensive endpoint security solution rely on network access control.

So we don't go too much depth into the endpoint security but in this class but something else that I can add to this an example of the a device security that can implement is like for example some companies if you plug in a an external device such as a USB key or external hard drive it will automatically erase everything on that hard drive because it doesn't want a unauthorized external device being connected to that endpoint so it has a software built into it a small program written by your administrators that will you know erase anything that get connected externally because the company doesn't want you to have access to that right so that is a really good example of that i know a few companies who have that in calgary for example and then it it has to be a human factor is the the problem you know it has to be be able to mitigate that kind of human factor you know human nature right somebody could accidentally put a usb key with a virus or a worm in it and if you have a endpoint security there can detect that and make sure that it can take you know it can use that action to mitigate it. Device security. Cisco auto secure. The security settings are set to the default values when a new operating system is installed on a device.

In most cases this level of security is inadequate. For Cisco routers, the Cisco Auto Secure feature can be used to assist securing the system. So in addition to this, there are some simple steps you can take in most operating systems to make sure that your security of the device is better than what it is out of the box.

One of the simplest thing you can do is to change the usernames and passwords. as soon as you install that device or ready to install and configuring that device onto a system. Sometimes you cannot change the root user or admin user username.

In that case, make sure you use a very strong password or restrict some of those administrative privileges on the default admin account. Where it is possible to change the root or admin password, make sure you change it to something other than just root or admin and that will also increase the security along with the complex password. Access to system resources should be restricted to only the individuals that are authorized to use those resources. So, if there is no need for everybody in your IT department to have access to the central routers, maybe only the few IT techs and network engineers should have access to those. Any unnecessary services and applications should be turned off and uninstalled when possible.

So, if you have a server and it has web and other services are running, and if you don't need some of those services you should be turning it off like for example if you don't want ftp services on the server don't keep it running and open just turn it off because it's an unnecessary application right unnecessary need and on an end device if you have a software or a program that is no need to be there you should be uninstalling them often devices shipped from the manufacturer have been sitting in a warehouse for a period of time and do not have the most up-to-date patches installed. It is important to update any software and install any security patches prior to implementation. So if you take a Cisco or Windows or any other computer or a switching or other networking device out of the box before you put it into the network you should run all the updates security patches and make sure it is up to date and good to go because the device may not may not have been updated since it came out of the manufacturing center.

Passwords. To protect network devices, it is important to use strong password as I mentioned before. Here are standard guidelines to follow.

They are typically recommended by most computer professionals. So, use a password length at least 8 characters, preferably 10 or more. Make sure the password is complex.

Include a mix of uppercase and lowercase letters, numbers, symbols and spaces. Avoid passwords based on repetition, common dictionary words, letter or number sequences in username and relatives or pet names, biographical information such as birthdays, ID numbers, ancestors'names or easily identifiable pieces of information should not be in your passwords. deliberately misspell like you know intentionally misspell a password like for example instead of smith using s m y t h would be a good one like it should you know put a letter or a number in there and it's another one change passwords often so if a password is unknowingly compromised the window of opportunity for the threat actor to use that password is limited if you keep changing your password every couple of weeks to couple of months for example like in your company probably there is already a policy that you had to change your lan access which is the your windows network access password every couple of months for example that this is the reason why and do not write passwords down and leave them in obvious places such as a desktop monitors or sticky notes everywhere that's a really bad idea on cisco routers leading spaces are ignored for passwords but spaces after the first character are not.

Therefore one method to create a strong password is to use spacebar and create a phrase made of many words. This is called a passphrase. A passphrase is often easier to remember than a simple password. It is also longer and harder to guess. Unfortunately, some of the devices that we use today other than the cisco routers don't have this ability so you can use something like i live in canada for example as a password because you can put spaces in between but cisco routers have the ability to do that but if you're going to do that don't you know if you live in canada don't use the passphrase as i live in canada maybe use a like you know monkeys are funny or something like that something very not true identify your location for example right but the key here i want to you know deliver here is that it is not always possible to use spaces on password but its cisco routers allow that to happen Additional password security.

There are several steps that can be taken to help secure that the password remains secret on Cisco routers and switches. This includes encrypt all plain text passwords with the service password encryption command. I will go through them in one of my lab lectures where I will be demonstrating these labs how you can use a service password encryption command. Set a minimum acceptable password. password length with security password minimum length command.

Deter brute force password guessing attacks with the logging block for number of after number of atoms within the number of time period and disable an inactive privilege executive mode access after a specific time with the executive timeout command. You can see these commands being used on the right hand side of your screen right here But however on a on a lab a lab, you know lab demonstration I will go over them one thing however, I should point out which Cisco don't actually highlight is the password So the the service password encryption while it encrypts the plaintext password the Cisco use the same algorithm for encrypting all those plain text passwords at least now as of 2022 that basically means even with the service password encryption there are ways to you can decrypt it without even going into without entering all the usernames and password because they use the same algorithm you can backward do it so it's not a very highly secured in is still better than having just a plain text password so keep that in mind so the service password encryption does encrypt your passwords in Cisco devices. However, they use the same algorithm and you can actually read the encrypted password and use backward algorithm to decrypt it if you really want to know what the password of an encrypted Cisco device. So they're not highly secured. They don't use random encryption methodology.

Another way to secure your device is to enable SSH. So it is possible To configure a Cisco device to support SSH, using the following steps. Configure a unique device hostname. A device must have a unique hostname other than the default. Configure the IP domain name.

Configure the IP domain name of the network by using the global configuration mode command ip-domainname and then you can use ip-domainname sanuja.com for example. Then generate a key to encrypt ssh traffic. So this is actually using a key for securing ssh traffic and the ssh traffic, the ssh encrypts the traffic between source and destination. However, To do so, a unique authentication key must be generated by using the global configuration command which is going to be crypto key generate rsa general keys module and then you put the bits in there. The bits module modulus determines the size of the key and can be configured from 360 bits all the way to 2048 bits.

The larger the bit value the more secure the key going to be. However Larger bit values also take longer to encrypt and decrypt information. The minimum recommended modulus length is around 1024 bits. Verify or create a local database entry. To create a local database entry, you just basically go username and then global configuration command.

Authenticate against the local database. So use logging local command in the configuration of your cisco device to authenticate the yty lines against local database and then enable yty inbound ssh sessions how to do that what you do is transport input ssh and then you put the telnet or ssh command and All of these commands, as I mentioned before, I will go through a Cisco Lab live demo and I will post it on my YouTube channel. Then you can go ahead and watch that and how you go through these commands. For now just remember there is a way to enable SSH on your Cisco devices and this is how you do it. Disable unused services.

So Cisco routers and switches start with a list of active services that may or may not be required in your network. Disable any unused services to preserve system resources such as CPU cycles, RAM and prevent threat actors from exploiting these services. The types of services that are... on by default will vary depending on the ios version of your cisco device for example ios dash xc typically will have only https and dscp ports open you can verify this with the show ip ports command ios versions prior to ios xc use the show control plane host open ports command and if you are looking at a device that is not a cisco router let's say a windows computer for example uh if or as windows server for another example is that you know if you have services and programs that are running that doesn't need to be there you should be getting rid of them as i mentioned before like if you have a ftp and http service on a server and you don't need the ftp service just shut it down and uninstall it or don't use you know make sure you make sure it's not running in the background there is a packet tracer file called configure secure password and ssh if you have access to cisco netacad as i mentioned before you should go ahead download it and do them i'll try to get hold of those files and post it so that you will get hands-on training so and for now if you have access just go ahead and do them there is also a lab called configure network devices with ssh again if you have access to please go ahead download from cisco netacad and do them if you don't i will try to get hold of it and post it onto my website so that will bring us to the end of this module and i will quickly go over what we have learned in this lecture however before that again there is another packet tracer file called secure network devices that will go over most of the stuff we learn here if you have access to it please go ahead and do them same goes for the secure networks devices lab it makes sure that you know you can do them because that will help you write the ccna and ccnp exams and if we look back at what we have learned in this lecture we learn after the threat actor gains access to the network four types of threat may arise that include information theft data loss and manipulation identity theft you and disruption of services. There are three primary vulnerabilities or weaknesses.

There are technological configuration and security policy. There are four classes of physical threats that include hardware, environmental, electrical, and maintenance. Malware is a short for malicious software, and it is a code or software specifically designed to damage, disrupt, steal, or inflict bad or bad things. or illegitimate action on data, host, or networks. Network attacks can be classified into three major categories.

They are reconnaissance, access, and denial of service attacks. To mitigate network attacks, You must first secure devices including routers, switches, servers, and hosts. Most organizations employ a defense-in-depth approach to security.

This requires a combination of networking devices and services working together. Several security devices and services are implemented to protect an organization's users and assets against TCP IP threats. such as VPN, SAA firewall, IPS, ESA, WSA, and AAA servers.

You should roughly know what they are and how to define them, but you don't need to know go into depth of how they can be implemented because that is not part of this introductory course. We also learn infrastructure devices should have backups of configuration files and iOS images on an FTP or similar file server. We learn if the computer on a router hardware fails, the data or configuration should be able to get restored using one of those backup copies.

We also learned the most effective way to mitigate a worm attack is to download security updates from the operating system vendor such as if you are using a Windows computer it would be from Microsoft and patch all vulnerable systems. To manage critical security patches, you need to make sure all end systems automatically download these updates. So if you are a network administrator and you have multiple Cisco devices, you may be able to use sometimes servers and apis to access those devices to push those updates and if you are a windows administrator you should be able to push those updates to your windows end clients using windows server for example aaa is a way to control who is permitted to access a network architecture what they can do while they are there which is authorization and what actions they perform while accessing those networking devices. So make sure you know what the AAA server does but also what is the difference between authentication, authorization and accounting. So authentication means you do have access to the device because you have a username and password that is valid and recognized.

Authorization is how much of the data and how much you can do with that user account. So you may not have access to certain areas of the syscode or a microsoft device but you do have access to other areas that is where the authorization come into play and the accounting is whatever you do with that user account username and password that you use to authenticate will be logged that is where the accounting comes in so make sure you know those things that's why i'm repeating that again because they do show up on your syscode ccna as well as the ccnp exams The network firewalls reside between two or more networks, control the traffic between them, and help prevent unauthorized access. We learned securing endpoint devices is critical to network security.

A company must have well-documented policies in place, which may include the use of antivirus software and host intrusion prevention. More comprehensive endpoint security solutions depend on the network access control. We also launched Cisco routers. We have the Cisco Auto Secure feature which can be used to assist securing the system.

For most operating systems by default there is a username and password and that should be changed immediately when you are installing those devices on networks and the access to the resources should be restricted to only the individuals that are authorized to use those. resources and any unnecessary services and applications should be turned off and uninstalled when possible such as you know if there is no need to have HTTP access just close the HTTP access and all services and just have the SSH access open and if you have network technicians who shouldn't be accessing certain devices only that network administrator should be accessing you restrict that those people from accessing it so that's what this is about We also learn to protect network devices. It is important to use strong passwords. A paraphrase is often easier to remember than a simple password. And we also learn it is also better to use a longer password because they are harder to guess.

For routers and switches, encrypt all plaintext passwords, setting a minimum acceptable password length and deter brute force password guessing attacks. and disable any inactive privilege executive mode access and specify the amount of time of password resetting as well as the access times finally configure appropriate devices to support SSH and disable unused services so usually when you enable SSH on a device you don't need telnet so I would just get rid of that and just use ssh when if it is available and suitable that would bring us to the end of this lecture if you like these modules and lectures please thumbs up this video and subscribe to my channel if you have any questions or concerns related to this particular topic or any other topic you are feel free to contact me by leaving a comment below until next time good luck with and have a nice day.

Transcript for:Network Security Fundamentals Overview

Transcript for:
Network Security Fundamentals Overview