2 Security Concepts

Security Concepts
Gabe Rivas
Bachelor of Computer Science
CCNP Routing and Switching
linkedin.com/in/gaberivas CCDP
CCNA Security
CCNA Wireless
Prerequisites
Basic Network Fundamentals
Basic Knowledge of Infrastructure Devices

Course Overview
What is Security Concepts?
It is…
One of eight topic domains found in the
Implementing Cisco Network Security
(IINS) course, which helps you complete
the CCNA Security certification
curriculum. The exam code is 210-260.
Course Topics
Security Concepts
Common Security Principles
Common Security Threats
Cryptography Concepts
Network Topologies
Additional Help and Resources
INE’s Online Community at ieoc.com
Cisco’s Learning Network at learningnetwork.cisco.com
CCNA Security 210-260 Official Cert Guide
How to Schedule a Cisco Exam
Visit cisco.com and navigate to the exam
Go directly to vue.com/cisco and register
Thanks for watching!
Common Security
Principles
Overview
Common Security Terms
CIA Triad
Security Information Event Management (SIEM)
Network Security Zones
Common Security Terms
Asset: Anything being protected
Vulnerability: Weakness of a physical or logical component
Threat: Attack vector
Risk: Likelihood of exploiting vulnerability
Countermeasure: Corrective action to eliminate vulnerability
Risk? Asset
Vulnerability
Countermeasure? Threat
Triad for Company Security Policies (CIA)
Confidentiality
Physical: Door access, security system
Logical: Data encryption, authentication policies
Integrity
Physical: Door access, security system
Logical: Hashing algorithm
Availability
Physical: Infrastructure redundancy and availability
Logical: Properly tuned security mechanisms
Technological Evolution
Security Information Management (SIM): Centralized log collection,
forensics, historical reporting, and archiving
Security Event Management (SEM): Log collection, normalization and
correlation, aggregation, and real-time reporting
Security Information Event Management (SIEM)
Centralized Log Collection
Normalization and Correlation (Forensics)
Aggregation
Real-time Reporting
Archiving
Network Security Zones
Inside
Outside
Demilitarized Zone (DMZ)
Copyright ©
www.ine.com
Part 1
Overview
Social Engineering
Social Engineering
Pretexting
Phishing
Baiting
Tailgating
Diversion and Theft
Copyright ©
www.ine.com
Part 2
Copyright ©
www.ine.com
Overview
Common Network Attacks
Common Network Attacks
Reconnaissance
Passive: Google, social media
Active: Social engineering, ping sweep, port scanner, vulnerability scanner
Access Attack
Password
Man-in-the-Middle
Trust Exploitation
Denial of Service (DoS)
Distributed Denial of Service (DDoS)
Copyright ©
www.ine.com
Part 3
Copyright ©
www.ine.com
Overview
Common Network Attacks Demo
Copyright ©
www.ine.com
Part 4
Copyright ©
www.ine.com
Overview
Malware
Malware
Virus
Worm
Trojan Horse
Ransomware
Scareware
Spyware
Adware
Part 5
Overview
Data Loss
Data Loss
Process for Day-to-Day Handling of Data
Electronic
Encryption
Clear Text
Storage and Access Control
Hard Copy
Secure Printing
Secure Disposal
Data Loss
Disk Failure
Backup and Recovery
Data Loss
Data Protection Mechanisms
Intentional Data Exfiltration
Monitor outbound e-mail quota
Log e-mail address destinations
Block certain e-mail domains
Disable USB port on computers with sensitive data
Adjust file permissions
Unintentional Data Exfiltration
User education
Encryption
Data Loss
Vector for Data Loss
System or Hardware
Third-Party Cloud Storage
Human
Part 1
Cryptography Concepts Part 1
Overview
Cryptography
Encryption
Cipher
Ciphertext
Cryptanalysis
Cryptography
Encryption
Cipher
Ciphertext
Cryptanalysis
Copyright ©
www.ine.com
Part 2
Copyright ©
www.ine.com
Overview
Symmetric Encryption
Asymmetric Encryption
Key Exchange
Symmetric Encryption
Data Encryption Standard (DES)
Triple Data Encryption Standard (3DES)
Advanced Encryption Standard (AES)
Asymmetric Encryption
RSA
Key Exchange
Diffie-Hellman
Copyright ©
www.ine.com
Part 3
Copyright ©
www.ine.com
Overview
Hash Algorithms
Hash Algorithms
Message Digest 5 (MD5)
Input: 512-Bit Blocks of Data
Output: 128-Bit Value
Secure Hash Algorithm 1 (SHA-1)
Input: 512-Bit Blocks of Data
Output: 160-Bit Value
SHA-224, SHA-256, SHA-384, SHA-512
Input of 512-Bit or 1024-Bit Blocks of Data
Output Matches Value in Name
Hash Algorithms
Released on August 5, 2015
Not Supported by Cisco*
Hashed Message Authentication Code (HMAC)
Copyright ©
www.ine.com
Part 4
Copyright ©
www.ine.com
Overview
Digital Signatures
Digital Certificates
Digital Signatures
Authentication
Non-Repudiation
Integrity
Authenticate a Certificate Authority (Root Certificate – Root CA)
Authenticate an Entity (Identity Certificate – Intermediate CA)
Require Asymmetric Keys
Hierarchical System
Root CA
Issues Certificate to an Intermediate CA
Intermediate CA
Issues Certificate to an Organization
Organization is Issued a Digital Certificate
X.509 Standard
Issuer and Organization
Expiration Date
Version and Serial Number
Digital Signature and Public Key
Part 5
Overview
Public Key Infrastructure (PKI)
Hierarchical System
Root CA
Issues Certificate to an Intermediate CA
Intermediate CA
Issues Certificate to an Organization
Organization is Issued a Digital Certificate
X.509 Standard
Issuer and Organization
Expiration Date
Version and Serial Number
Digital Signature and Public Key
Public Key Infrastructure (PKI)
Framework for Secure Communication
Confidentiality
Integrity
Authentication
System for Key Management
Digital Certificate Management
Copyright ©
www.ine.com
Network Topologies Part 1
Copyright ©
www.ine.com
Overview
Hierarchical Network Model
Local Area Network (LAN)
Campus Area Network (CAN)
Network Topologies
Hierarchical Network Model
Modular Network
Has Three Layers
Access
Distribution
Core
Can be Collapsed
Network Topologies
Local Area Network
Layer 2/3
Security
Port Security
802.1X
VLAN Access List (VACL)
DHCP Snooping
Dynamic ARP Inspection
IP Source Guard
Quality of Service (QoS)
Classification
Marking
Network Topologies
Local Area Network
Spanning Tree Protocol
Assuming a Layer 2 Access Layer
Root Bridge
Root Guard
BPDU Guard
Efficient Link Utilization
Power over Ethernet (PoE)
Static
Dynamic
Police
Network Topologies
Campus Area Network (Distro)
Aggregation of LANs
Security
Routing
Network Summarization
Redundancy and Load Balancing
Policing
Queueing
Broadcast Domain Control
Assuming a Layer 2 Access Layer
Network Topologies
Campus Area Network (Core)
Overall Aggregation Point
High-Speed Forwarding
Routing
Reliability and Fault Tolerance
Policing
Queueing
Copyright ©
www.ine.com
Overview
Wide Area Network (WAN)
Data Center, Cloud, and Security for Virtual Environments
Small Office – Home Office (SOHO)
Network Topologies
Internet Connection
Network Topologies
Multi-Protocol Label Switching (MPLS)
Network Topologies
IPsec Virtual Private Network (IPsec VPN – Site-to-Site VPN)
Dynamic Multipoint VPN (DMVPN)
Secure Sockets Layer VPN (SSL VPN – Remote Access VPN)
Network Topologies
Data Center, Cloud, and Security for Virtual Environments
Network Topologies
Small Office – Home Office (SOHO)
Copyright ©
www.ine.com
Course Checkpoint
Copyright ©
www.ine.com
Course Checkpoint
Check that Topics were Covered Accurately
What’s Next?
Review Information
Take Notes
Ask Questions on Forums
Move on to the Next Section
Stay Focused

2 Security Concepts

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

2 Security Concepts

Uploaded by

Copyright:

Available Formats

Security Concepts

Basic Knowledge of Infrastructure Devices

You might also like