Why Network Security?
By increasing network security techniques, you decrease the chance of unauthorized access, data theft, network misuse, wasting assets and so on.
Goals of an Information Security Program:
Prevent the disclosure of sensitive information from unauthorized people or attacks.
The protection of system information or processes from intentional or accidental modification.
The assurance that systems , data or resources accessible by authorized users when needed.
Risk Management Terms “Key Definitions”:
- Vulnerability: A system, network or device weakness.
- Threat: potential danger posed by a vulnerability.
- Threat Agent: the entity that identifies a vulnerability and uses it to attack the victim.
- Risk: likelihood of a threat agent taking advantage of a vulnerability and the corresponding business impact.
- Exposure: potential to experience losses from a threat agent.
- Countermeasure: put into place to mitigate the potential risk.
Specific Network Attacks:
ARP Attack “ٍSpoofing”:
ARP spoofing is a type of attack in which a malicious actor sends fake ARP (Address Resolution Protocol) messages over a local area network, which results in the linking of an attacker’s MAC address with the IP address of a legitimate computer or server on the network.
Brute Force Attack:
A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data.
A spoofing attack is when a malicious party impersonates another device or user on a network in order to launch attacks against network hosts, There are several different types of spoofing attacks such as :
Protocol (IP) Spoofing
A sniffer is an application that can capture network packets, it used by hackers to have a capture from packets, which if it isn’t encrypted, it can be read using a sniffer.
Distributed Denial of Service (DDoS) attack:
The idea of DOS attack is to reduce the availability of a certain network device by crash it with a heavy work load, it’s characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service.
where attackers intrude into an existing communication between two hosts to monitor, capture, and manipulate the traffic.
How to secure a device?
NFP (Network Foundation Protection) is a framework used to break the infrastructure down into smaller components, and then systematically focusing on how to secure each of those components.
NFP is broken down into three basic planes/sections:
Cisco NFP (Network Foundation Protection) framework provides the technologies and tools which are required to secure Management plane, Control plane and Data plane.
Management plane: The management plane includes traffic that a network administrator uses to configure network devices. Management plane traffic is usually consists protocol traffic like telnet (in an insecure network), SSH or SNMP.
Control plane: Control plane traffic includes the traffic that the network devices send between each other for automatic network discovery and configuration. Example of Control plane traffic is routing protocol update and Address Resolution Protocol (ARP) traffic.
Data plane: Data plane traffic is the real end user traffic happening in the network. Example of Data plane traffic is the network traffic generated by a user sitting inside the company network and browsing a website.
By: Hatem Farag | CCIE#54446