Attacks may be categorized as below:
1. Passive attack - The hacker will not be visible, like analysing captured packets.
2. Active attack - The hacker is online, like trying to get un-authorized access to a resource.
3. Close-in attack - The attacker is in close proximity, like direct access to the physical hardware.
4. Insider attack - The attacker is probably having the knowledge of how the network works, and its physical location. Here the attacker is usually an employee of the organization.
5. Distribution attack - Here the attacker introduces a "back door" into a piece of hardware or software.
When the same is distributed to the clients, the attacker may gain back door access to the resources in the box.
As per Cisco, the following are the commonly used Confidentiality attacks:
As per Cisco, Integrity attacks include the following:
Given below are the most frequently used attacks on the availability of a resource:
The two important components of Cisco suite of security management tools are:
Attack type and Defensive mechanism
Cisco recommends "Defensive Depth" to secure against intrusion or hacking. These include multiple layers of security. For example, passive security may include encryption of data across the network as the primary security mechanism, and employing applications with integrated security as second layer of protection. Similarly, active hacker may be prevented with a primary security mechanism of Firewalls, and HIPS as second layer of security.
SIO, short for Security Intelligence Operations service provides global threat information, reputation based services, and sophisticated analysis of network attacks.
IPS Manager Express (IME) and Cisco Security Manager (CSM) are two methods where you get alerts via SDEE.
Defence in depth refers to a layered security approach, where multiple devices may have overlapping security responsibilities. The objective is to prevent any single point failure from taking down a network.