Cisco® CCNA Security Exam Notes : Common Security Threats

1. Security Concepts

1.2 Common Security threats

Attacks may be categorized as below:

1. Passive attack - The hacker will not be visible, like analysing captured packets.

2. Active attack - The hacker is online, like trying to get un-authorized access to a resource.

3. Close-in attack - The attacker is in close proximity, like direct access to the physical hardware.

4. Insider attack - The attacker is probably having the knowledge of how the network works, and its physical location. Here the attacker is usually an employee of the organization.

5. Distribution attack - Here the attacker introduces a "back door" into a piece of hardware or software.

When the same is distributed to the clients, the attacker may gain back door access to the resources in the box.

As per Cisco, the following are the commonly used Confidentiality attacks:

  • Packet capture
  • Ping sweep and port scan
  • Dumpster driving
  • EMI interception
  • Wire tapping
  • Social engineering
  • Sending information on over or covert channels

As per Cisco, Integrity attacks include the following:

  • Salami attack
  • Trust relationship exploitation
  • Data diddling
  • Password attack
  • Botnet
  • Hijacking a session

Given below are the most frequently used attacks on the availability of a resource:

  • Denial of Service
  • Distributed denial of service
  • TCPSYN flood
  • ICMP attacks
  • Electrical disturbances
  • Physical attacks on resources

The two important components of Cisco suite of security management tools are:

  • Cisco security manager, and
  • Cisco security MARS (short for Monitoring, Analysis, and Reporting System).

Attack type and Defensive mechanism

Cisco recommends "Defensive Depth" to secure against intrusion or hacking. These include multiple layers of security. For example, passive security may include encryption of data across the network as the primary security mechanism, and employing applications with integrated security as second layer of protection. Similarly, active hacker may be prevented with a primary security mechanism of Firewalls, and HIPS as second layer of security.

SIO, short for Security Intelligence Operations service provides global threat information, reputation based services, and sophisticated analysis of network attacks.

IPS Manager Express (IME) and Cisco Security Manager (CSM) are two methods where you get alerts via SDEE.

Defence in depth refers to a layered security approach, where multiple devices may have overlapping security responsibilities. The objective is to prevent any single point failure from taking down a network.

Previous   Contents   Next