Carregar apresentação
A apresentação está carregando. Por favor, espere
1
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Enterprise Network Security Accessing the WAN – Chapter 4
2
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 2 Objectives Describe the general methods used to mitigate security threats to Enterprise networks Configure Basic Router Security Explain how to disable unused Cisco router network services and interfaces Explain how to use Cisco SDM Manage Cisco IOS devices
3
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 3 Describe the General Methods used to Mitigate Security Threats to Enterprise Networks Explain how sophisticated attack tools and open networks have created an increased need for network security and dynamic security policies
4
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 4 Describe the General Methods used to Mitigate Security Threats to Enterprise Networks Explain the concept of the Network Security Wheel
5
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 5 Describe the General Methods used to Mitigate Security Threats to Enterprise Networks Explain the concept of the Network Security Wheel
6
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 6 Describe the General Methods used to Mitigate Security Threats to Enterprise Networks Explain the concept of the Network Security Wheel
7
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 7 Describe the General Methods used to Mitigate Security Threats to Enterprise Networks Explain the concept of the Network Security Wheel As quatro classes de ameaças físicas são: 1.Ameaças ao hardware – danos físicos em servidores, routers, switches, cabos e estações de trabalho 2.Ameaças ao ambiente – temperaturas extremas (muito quente ou muito frio) ou humidade extrema (muito molhado ou muito seco) 3.Ameaças eléctricas – picos de tensão, tensão de alimentação insuficiente (quedas de energia), energia não condicionada (ruído) e perda de energia total 4.Ameaças à manutenção – mau processamento dos principais componentes eléctricos (descarga electrostática), falta de peças críticas sobressalentes, cabeamento ruim e sem rotulação
8
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 8 Describe the General Methods used to Mitigate Security Threats to Enterprise Networks Describe the most common security threats and how they impact enterprises
9
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 9 Describe the General Methods used to Mitigate Security Threats to Enterprise Networks Describe the most common types of network attacks and how they impact enterprises
10
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 10 Describe the General Methods used to Mitigate Security Threats to Enterprise Networks
11
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 11 Describe the General Methods used to Mitigate Security Threats to Enterprise Networks Ataques de acesso 1.Ataques de senha 2.Exploração de confiança 3.Redireccionamento de porta 4.Ataque de interceptação
12
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 12 Describe the General Methods used to Mitigate Security Threats to Enterprise Networks Ataques DoS 1.Ping da morte 2.Envio SYN 3.DDoS 4.Ataque Smurf
13
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 13 Describe the General Methods used to Mitigate Security Threats to Enterprise Networks Ataques de código malicioso Worms - A anatomia de um ataque de worm é a seguinte: 1.A vulnerabilidade de habilitação – um worm se instala, explorando vulnerabilidades conhecidas em sistemas, como usuários finais ingênuos que abrem anexos de executáveis não verificados em emails. 2.Mecanismo de propagação – depois de obter acesso a um host, um worm se copia para esse host e, em seguida, escolhe novos destinos. 3.Payload – depois que um host é infectado por um worm, o atacante tem acesso ao host, normalmente como um usuário privilegiado. Os atacantes poderiam utilizar uma exploração local para escalonar seu nível de privilégio até administrador.
14
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 14 Describe the General Methods used to Mitigate Security Threats to Enterprise Networks Ataques de código malicioso A atenuação de ataques de worm exige diligência por parte da equipe administradora do sistema e de rede. A coordenação entre as equipes de administração do sistema, de engenharia da rede e das operações de segurança é essencial na resposta efetiva a um incidente de worm. Estas são as etapas recomendadas para a atenuação de ataques de worm: 1.Contenção – contenha a difusão do worm na rede e dentro dela. Isole as partes não infectadas da rede. 2.Inoculação – comece aplicando patches a todos os sistemas e, se possível, verificando se há sistemas vulneráveis. 3.Quarentena – monitore todas as máquina infectadas dentro da rede. Desconecte, remova ou bloqueie máquinas infectadas na rede. 4.Tratamento – Limpe e aplique um patch a todos os sistemas infectados. Alguns worms podem exigir reinstalações completas para limpar o sistema.
15
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 15 Describe the General Methods used to Mitigate Security Threats to Enterprise Networks Ataques de código malicioso VIRUS - Vírus é um software malicioso anexado a outro programa para executar uma determinada função indesejável em uma estação de trabalho. Um exemplo é um programa anexado ao command.com (o interpretador principal de sistemas Windows) e exclui determinados arquivos, além de infectar todas as outras versões de command.com que conseguir localizar.
16
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 16 Describe the General Methods used to Mitigate Security Threats to Enterprise Networks Ataques de código malicioso CAVALO DE TROIA - Um cavalo-de-Troia é diferente apenas porque todo o aplicativo foi escrito para ser semelhante a alguma coisa, quando, na verdade, é uma ferramenta de ataque. Um exemplo de um cavalo-de-Troia é um aplicativo que executa um simples jogo em uma estação de trabalho. Enquanto o usuário está ocupado com o jogo, o cavalo-de- Troia envia uma cópia para todos os endereços na agenda de endereços do usuário. Os outros usuários recebem o jogo e o executam, o que difunde o cavalo-de-Troia para os endereços em todas as agendas de endereços..
17
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 17 Describe the General Methods used to Mitigate Security Threats to Enterprise Networks 1.Segurança baseada em host e em servidor Software antivírus Firewall pessoal Patches 2.Sistemas de detecção de invasão baseados em host (HIPS)
18
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 18 Describe the General Methods used to Mitigate Security Threats to Enterprise Networks Intrusion Detection Systems (IDSs) 1.An attack is launched on a network that has a sensor deployed in promiscuous IDS mode; therefore copies of all packets are sent to the IDS sensor for packet analysis. However, the target machine will experience the malicious attack. 2.The IDS sensor, matches the malicious traffic to a signature and sends the switch a command to deny access to the source of the malicious traffic. 3.The IDS can also send an alarm to a management console for logging and other management purposes. Switch Management Console 1 2 3 Target Sensor
19
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 19 Describe the General Methods used to Mitigate Security Threats to Enterprise Networks Intrusion Prevention Systems (IPSs) 1.An attack is launched on a network that has a sensor deployed in IPS mode (inline mode). 2.The IPS sensor analyzes the packets as they enter the IPS sensor interface. The IPS sensor matches the malicious traffic to a signature and the attack is stopped immediately. 3.The IPS sensor can also send an alarm to a management console for logging and other management purposes. 4.Traffic in violation of policy can be dropped by an IPS sensor. Sensor Management Console 1 2 3 Target 4 Bit Bucket
20
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 20 Describe the General Methods used to Mitigate Security Threats to Enterprise Networks Network-Based Implementation MARS Remote Worker Remote Branch VPN Iron Port Firewall Web Server Email Server DNS IPS CSA
21
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 21 Describe the General Methods used to Mitigate Security Threats to Enterprise Networks Host-Based Implementation MARS Remote Worker Remote Branch VPN Iron Port Firewall IPS CSA Web Server Email Server DNS CSA Agent Management Center for Cisco Security Agents
22
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 22 Describe the General Methods used to Mitigate Security Threats to Enterprise Networks Firewall Corporate Network DNS Server Web Server Management Center for Cisco Security Agents SMTP Server Application Server Agent Untrusted Network Agent Cisco Security Agent
23
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 23 Describe the General Methods used to Mitigate Security Threats to Enterprise Networks Comparing HIPS and Network IPS AdvantagesDisadvantages HIPS Is host-specific Protects host after decryption Provides application-level encryption protection Operating system dependent Lower level network events not seen Host is visible to attackers Network IPS Is cost-effective Not visible on the network Operating system independent Lower level network events seen Cannot examine encrypted traffic Does not know whether an attack was successful
24
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 24 Describe the General Methods used to Mitigate Security Threats to Enterprise Networks Describe the common mitigation techniques that enterprises use to protect themselves against threats
25
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 25 Describe the General Methods used to Mitigate Security Threats to Enterprise Networks Explain the concept of the Network Security Wheel
26
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 26 Describe the General Methods used to Mitigate Security Threats to Enterprise Networks Explain the goals of a comprehensive security policy in an organization
27
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 27 Configure Basic Router Security Explain why the security of routers and their configuration settings is vital to network operation
28
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 28 Configure Basic Router Security Describe the recommended approach to applying Cisco IOS security features on network routers
29
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 29 Configure Basic Router Security Describe the basic security measures needed to secure Cisco routers
30
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 30 Explain How to Disable Unused Cisco Router Network Services and Interfaces Describe the router services and interfaces that are vulnerable to network attack
31
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 31 Explain How to Disable Unused Cisco Router Network Services and Interfaces Explain the vulnerabilities posed by commonly configured management services
32
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 32 Explain How to Disable Unused Cisco Router Network Services and Interfaces Explain how to secure a router with the command-line interface (CLI) auto secure command
33
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 33 Explain How to Use Cisco SDM Provide an overview of Cisco SDM
34
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 34 Explain How to Use Cisco SDM Explain the steps to configure a router to use Cisco SDM
35
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 35 Explain How to Use Cisco SDM Explain the steps you follow to start SDM
36
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 36 Explain How to Use Cisco SDM Describe the Cisco SDM Interface
37
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 37 Explain How to Use Cisco SDM Describe the commonly used Cisco SDM wizards
38
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 38 Explain How to Use Cisco SDM Explain how to use Cisco SDM for locking down your router
39
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 39 Manage Cisco IOS Devices Describe the file systems used by a Cisco router
40
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 40 Manage Cisco IOS Devices Describe how to backup and upgrade a Cisco IOS image
41
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 41 Manage Cisco IOS Devices Explain how to back up and upgrade Cisco IOS software images using a network server
42
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 42 Manage Cisco IOS Devices Explain how to recover a Cisco IOS software image
43
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 43 Manage Cisco IOS Devices Compare the use of the show and debug commands when troubleshooting Cisco router configurations
44
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 44 Manage Cisco IOS Devices Explain how to recover the enable password and the enable secret passwords
45
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 45 Summary Security Threats to an Enterprise network include: –Unstructured threats –Structured threats –External threats –Internal threats Methods to lessen security threats consist of: –Device hardening –Use of antivirus software –Firewalls –Download security updates
46
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 46 Summary Basic router security involves the following: –Physical security –Update and backup IOS –Backup configuration files –Password configuration –Logging router activity Disable unused router interfaces & services to minimize their exploitation by intruders Cisco SDM –A web based management tool for configuring security measures on Cisco routers
47
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 47 Summary Cisco IOS Integrated File System (IFS) –Allows for the creation, navigation & manipulation of directories on a cisco device
48
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 48
Apresentações semelhantes
