Добавил:
Опубликованный материал нарушает ваши авторские права? Сообщите нам.
Вуз: Предмет: Файл:
CCIE Self Study CCIE Security Exam Certification Guide - Cisco press.pdf
Скачиваний:
172
Добавлен:
24.05.2014
Размер:
10.23 Mб
Скачать

Foundation Summary 381

Foundation Summary

The Foundation Summary is a condensed collection of material for a convenient review of key concepts in this chapter. If you are already comfortable with the topics in this chapter and decided to skip most of the Foundation Topics material, the “Foundation Summary” section can help you recall a few details. If you just read the “Foundation Topics” section, this review should help further solidify some key facts. If you are doing your final preparation before the exam, the “Foundation Summary” section offers a convenient way to do a quick final review.

Table 8-2 summarizes the key reasons that networks should be secured.

Table 8-2

Security Policies

 

 

 

 

 

Policy Reason

Meaning

 

 

 

 

Inherent technology

All network devices and operating systems have inherent

 

weaknesses

vulnerabilities.

 

 

 

 

Configuration weaknesses

Common configurations mistakes can be exploited to open

 

 

weaknesses.

 

 

 

 

Network policy vulnerabilities

The lack of network policies can lead to vulnerabilities such as

 

 

password security.

 

 

 

 

Outside/inside intruders

There are always internal and external people wanting to exploit

 

 

network resources and retrieve sensitive data.

 

 

 

Table 8-3 summarizes the key motivation factors behind intruders attacking secure and unsecured networks.

Table 8-3

Intruder/Hackers Motivations

 

 

 

 

 

Intruder/Hackers Motivation

Explanation

 

 

 

 

Cash profit

To make money from attacks, such as by transferring funds

 

 

 

 

Revenge

To get back at employers or individuals

 

 

 

 

Vandalism

To cause damage for personal satisfaction

 

 

 

 

Cyber terrorism

To gain an advantage or notoriety for an organization’s ideology

 

 

 

 

For a challenge

Peer pressure or challenges set by other hackers to gain notoriety

 

 

 

 

Curiosity

Learning the tools of trade, possibly to gain experience for bigger

 

 

challenges

 

 

 

382 Chapter 8: Network Security Policies, Vulnerabilities, and Protection

Table 8-4 summarizes the actions taken by incident response teams.

Table 8-4

Incident Response Team Actions

 

 

 

 

 

 

Step

 

Explanation

 

 

 

 

 

1

Verify the incident.

Verify and gather details on the incident.

 

 

 

 

 

2

Determine the magnitude of the problem.

Verify hosts and how they might have been

 

 

 

affected.

 

 

 

 

 

3

Assess the damage.

Determine what data has been manipulated.

 

 

 

 

 

4

Gather and protect the evidence.

Restore the data and any software patches.

 

 

 

 

Table 8-5 summarizes the methods used in common network attacks.

Table 8-5

Network Attacks

 

 

 

 

 

Attack

Meaning

 

 

 

 

Ping of death

Attack that sends an improperly large ICMP echo request packet with the

 

 

intent of overflowing the destination machine’s input buffers and causing it

 

 

to crash. The IP protocol header field is set to 1, the last fragment bit is set,

 

 

and the data length is greater than 65,535, greater than the maximum

 

 

allowable IP packet size.

 

 

 

 

TCP SYN Flood attacks

This DoS attack randomly opens a number of TCP ports ensuring that

 

 

network devices are using CPU cycles for bogus requests and denying

 

 

other legitimate users access.

 

 

 

 

Teardrop

Exploits an overlapping IP fragment implementation bug in various

 

 

operating systems. The bug causes the TCP/IP fragmentation re-assembly

 

 

code to improperly handle overlapping IP fragments, causing the host to

 

 

hang or crash.

 

 

 

 

Land.C attacks

A program designed to send TCP SYN packets (remember TCP SYN is

 

 

used in the TCP connection phase) that specifies the target’s host address

 

 

as both source and destination. This program can use TCP port 113 or 139

 

 

(source/destination), which can also cause a system to stop functioning.

 

 

 

 

DNS poisoning

The attacker exploits the DNS server, causing the server to return a false IP

 

 

address to a domain name query.

 

 

 

 

UDP Bomb

Sends illegal length field in the packet header, causing Kernel panic and

 

 

crash.

 

 

 

 

E-mail attacks

This DoS attack sends a random number of e-mails to a host.

 

 

 

 

CPU-Intensive attacks

This DoS attack ties up systems resources by using programs, such as

 

 

TROJAN (a program designed to capture username or passwords from a

 

 

network) or enables viruses to disable remote systems.

 

 

 

 

Chargen attacks

Establishes UDP services by producing a high character input. This can

 

 

cause congestion on a network.

 

 

 

 

 

 

 

Foundation Summary 383

 

 

 

 

Table 8-5

Network Attacks (Continued)

 

 

 

 

 

 

 

Attack

 

Meaning

 

 

 

 

 

 

Attacks via dialup (out of

 

Applications, such as Windows 95, have built-in vulnerabilities on data

 

band)

 

port 139 (known as WinNuke), if the intruders can ascertain the IP address.

 

 

 

 

 

 

Distributed Denial of

 

A DDoS attack is a DoS attack run by multiple hosts. The attacker first

 

Service

 

compromises vulnerable hosts using various tools and techniques. Then,

 

 

 

the actual DoS attack on a target is run from the pool of all these

 

 

 

compromised hosts.

 

 

 

 

 

Table 8-6 summarizes some of the critical IOS commands used to protect IOS-enabled routers.

Table 8-6

Protecting Cisco IOS Routers

 

 

 

 

 

 

IOS Command

 

Meaning

 

 

 

 

 

service nagle

 

Enables the Nagle algorithm.

 

 

 

 

no service udp-small-servers and

By default, the TCP/UDP servers for Echo, Discard, Chargen,

 

no service tcp-small-servers

and Daytime services are disabled.

 

 

 

 

service password-encryption

Ensures that all passwords are encrypted and not viewable when

 

 

 

 

viewing the IOS configuration file.

 

 

 

 

 

service timestamps debug

 

Enables the router to log any debug output and define each entry

 

service timestamps log

 

with a timestamp.

 

 

 

 

 

 

 

service sequence-numbers

Allows the syslog entries to be numbered to ensure that they are

 

 

 

 

not tampered with.

 

 

 

 

 

384 Chapter 8: Network Security Policies, Vulnerabilities, and Protection

Q & A

The Q & A questions are designed to help you assess your readiness for the topics covered on the CCIE Security written exam and those topics presented in this chapter. This format is intended to help you assess your retention of the material. A strong understanding of the answers to these questions can help you on the CCIE Security written exam. You can also look over the questions at the beginning of the chapter again for additional review. As an additional study aid, use the CD-ROM provided with this book to take simulated exams, which draw from a database of over 300 multiple-choice questions—all different from those presented in the book.

Select the best answer. Answers to these questions can be found in Appendix A, “Answers to Quiz Questions.”

1Define four reasons networks should be secured.

2What is the function of the CERT/CC organization, and what are its primary objectives?

3What are the primary steps completed by incident response teams?

4Name common methods used by intruders to disrupt a secure network.

5In security, what is session hijacking?

Q & A 385

6In security terms, what is a man in the middle attack?

7What is a Signature Engine?

8What is social engineering?

9Describe a ping of death attack.

10What is a Land.C attack?

11What does the following IOS code accomplish on a Cisco IOS router?

no service udp-small-servers

no service tcp-small-servers

386 Chapter 8: Network Security Policies, Vulnerabilities, and Protection

12 What is the secret password for the following IOS configuration?

enable secret %$@$%&^$@*$^*@$^*

enable pass cisco

13 What is the purpose of the command service sequence-numbers?

Соседние файлы в предмете Сети и Телекоммуникации