Common Security Threats - Paiet/Tech-Journal-for-Everything GitHub Wiki

  • Identify Common Security Threats

    • 1.2.a Identify common network attacks
      • Financial
      • Disruption
      • Geopolitical
      • Distributed Denial of Service Attacks
        • Direct
        • Reflected
        • Amplification
    • 1.2.b Describe social engineering
      • Attacks that rely on human vulnerability
        • manipulating people to violate physical security
        • manipulating people to give up passwords
        • manipulating people to do more than they should.
      • Common Social Engineering Tactics:
        • Phishing: Email messsage that elicits users to provide sensitive information.
        • Maladvertising: using malicious ads on websites to redirect user's browsers to malware hosting site.
        • Phone Scams: "You just won..." "Do you mind helping me with some information"
      • Social Engineering Counteractions
        • Ongoing Training about latest security threats
        • Ongoing Training about the risks of the threats and how to prevent them.
        • Ongoing Training about their role in security.
        • Official Policy about security operations and decisions.
        • Password Management
        • Two-factor Authentication
        • Antivirus/Antiphishing software
        • Change Management
        • Information Classification
        • Document Handling and Disposal
        • Physical Security
    • 1.2.c Identify malware
      • Packet Capture Tools
        • Shows raw packets
        • Generates lots of data
      • SNORT
        • Most popular IDS/IPS software
      • NetFlow
        • considers the entire data flow
        • based on a set of predefined parameters such as
          • source IP address
          • source port
          • destination IP address
          • destination port
          • IP protocol
          • ingress interface
          • type of service (ToS)
          • each parameter will create a new flow
        • See Configuration Example Below
      • IPS Events
        • Alarms triggered on IPS may alert to presence of malware
      • Cisco AMP (Advanced Malware Protection)
        • designed for Cisco Firepower appliances.
        • continuous monitoring and analyzing of traffic after traffic enters network
        • Can be centrally managed through Cisco FireSight (FMC)
      • NGIPS (Next Generation Intrusion Prevention Systems)
        • Firewall and Sourcefire IPS
        • Focus not on app control but not on threats.
        • multi layer threat protection at high throughput.
        • Centrally managed through Cisco FireSight
    • 1.2.d Classify the vectors of data loss/exfiltration
      • The majority of our network security focus has always been on preventing bad guys from getting into the network.
      • Many security measures good at identifying traffic entering into the network.
      • Not so many security measures good at identifying traffic leaving the network.
      • Targeted Assets
        • Intellectual Property: data or documentation that is considered property of the organization and created by employees of the organization.
        • Personally Identifiable Information (PII): Names, Social Security Numbers (SSN),addresses.
        • Credit/Debit Cards

  • Netflow Configuration Example R2#config t R2(config)#interface fa1/0 R2(config-if)#ip route-cache flow R2(config-if)#exit R2(config)#ip flow-export 192.168.100.200 0 R2(config)#exit R2# clear ip flow stats

! On R1 do extended ping to 192.168.100.1 change datagram size source from 209.251.159.177