CCNA Security

CCNA Security (210-260 IINS – Implementing Cisco IOS Network Security)

The Cisco CCNA Security certification title is an Associate level network security certification offered by Cisco Systems. The Cisco CCNA Security certification provides a stepping stone for IT Security professionals who want to enhance their CCNA-level skills can fill the huge demand for network security professionals.

The Cisco CCNA Security certification curriculum provides an introduction to the core security concepts. The Cisco CCNA Security certification also provides the tools and skills needed for an IT security beginner for installation, troubleshooting, and monitoring of network devices to maintain the integrity, confidentiality, and availability of data and devices.

The candidates who wish to attend CCNA Security training and examination should have a thorough knowledge in Basic Networking, TCP/IP, CCNA and basics of Network Security.

CCNA Security (210-260 IINS – Implementing Cisco IOS Network Security) covers the following main topics.

1-Security Fundamentals

  • Describe common security terms, tools, threats, attacks & countermeasures

2-Security and Cisco Routers

  • Implement security on Cisco routers
    • Describe securing the control, data, and management plane
    • Describe Cisco Security Manager
    • Describe IPv4 to IPv6 transition

3-AAA on Cisco Devices

  • Implement AAA (authentication, authorization, and accounting)
    • Describe TACACS+
    • Describe RADIUS
    • Describe AAA
    • Verify AAA functionality

4-IOS ACLs

  • Describe standard, extended, and named IP IOS access control lists (ACLs) to filter packets
    • Describe considerations when building ACLs
    • Implement IP ACLs to mitigate threats in a network

5-Secure Network Management and Reporting

  • Describe secure network management
    • Implement secure network management

6-Common Layer 2 Attacks

  • Describe Layer 2 security using Cisco switches
    • Describe VLAN security
    • Implement VLANs and trunking
    • Implement spanning tree

7-Cisco Firewall Technologies

  • Describe operational strengths and weaknesses of the different firewall technologies
    • Describe stateful firewalls
    • Describe the types of NAT used in firewall technologies
    • Implement zone-based policy firewall using CCP
    • Implement the Cisco Adaptive Security Appliance (ASA)
    • Implement Network Address Translation (NAT) and Port Address Translation (PAT)

8-Cisco IPS

  • Describe Cisco Intrusion Prevention System (IPS) deployment considerations
    • Describe IPS technologies
    • Configure Cisco IOS IPS using CCP

9-VPN Technologies

  • Describe the different methods used in cryptography
    • Describe VPN technologies
    • Describe the building blocks of IPSec
    • Implement an IOS IPSec site-to-site VPN with pre-shared key authentication
    • Verify VPN operations
    • Implement Secure Sockets Layer (SSL) VPN using ASA device manager

What is Network Security and Why we need Network Security?

Network security is now an integral part of computer networking. Network security involves protocols, technologies, devices, tools, and techniques to secure data and mitigate threats. Network security solutions emerged in the 1960s but did not mature into a comprehensive set of solutions for modern networks until the 2000s.

Network Security is a branch of computer science that involves in securing a computer network and network infrastructure devices to prevent unauthorized access, data theft, network misuse, device and data modification. Another function of Network Security is in preventing DoS (Denial of Service) attacks and assuring continuous service for legitimate network users. Network Security involves proactive defense methods and mechanisms to protect data, network and network devices from external and internal threats.

Data is the most precious factor of today’s businesses. Top business organizations spend billions of dollars every year to secure their computer networks and to keep their business data safe. Imagine the loss of all important research data on which the company has invested millions of dollars and working for years!!!

We are dependent on computers today for controlling large money transfers between banks, insurance, markets, telecommunication, electrical power distribution, health and medical fields, nuclear power plants, space research and satellites. We cannot negotiate security in these critical areas.

Network security organizations have been created to establish formal communities of network security professionals. These organizations set standards, encourage collaboration, and provide workforce development opportunities for network security professionals. Network security professionals should be aware of the resources provided by these organizations.

The complexity of network security makes it difficult to master all it encompasses. Different organizations have created domains that subdivide the world of network security into more manageable pieces. This division allows professionals to focus on more precise areas of expertise in their training, research, and employment.

Network security policies are created by companies and government organizations to provide a framework for employees to follow during their day-to-day work. Network security professionals at the management level are responsible for creating and maintaining the network security policy. All network security practices relate to and are guided by the network security policy.

Network security is divided into domains of network security, and network attacks are organized into classifications so that it is easier to learn about them and address them appropriately. Viruses, worms, and Trojan horses are specific types of network attacks. More generally, network attacks are classified as reconnaissance, access, or denial of service (DoS) attacks.

Mitigating network attacks is the job of a network security professional. In this chapter, you will master the underlying theory of network security, which is essential before beginning an in-depth practice of network security. The methods of network attack mitigation are introduced here, and the implementation of these methods comprises the remainder of this course.

Vectors of Network Attacks

An attack vector is a path or other means by which an attacker can gain access to a server, host, or network. Many attack vectors originate from outside the corporate network. For example, attackers may target a network, through the Internet, in an attempt to disrupt network operations and create a denial of service (DoS) attack.

Note: A DoS attack occurs when a network is incapacitated and no longer capable of supporting requests from legitimate users.

Attack vectors can also originate from inside the network.

An internal user, such as an employee, can accidently or intentionally:

  • Steal and copy confidential data to removable media, email, messaging software, and other media.
  • Compromise internal servers or network infrastructure devices.
  • Disconnect a critical network connection and cause a network outage.
  • Connect an infected USB drive into a corporate computer system.

Internal threats also have the potential to cause greater damage than external threats because internal users have direct access to the building and its infrastructure devices. Employees also have knowledge of the corporate network, its resources, and its confidential data.

Network security professionals must implement tools and apply techniques for mitigating both external and internal threats.

Vectors of Data Loss

Data is likely to be an organization’s most valuable asset. Organizational data can include research and development data, sales data, financial data, human resource and legal data, employee data, contractor data, and customer data.

Data loss or data exfiltration is when data is intentionally or unintentionally lost, stolen, or leaked to the outside world. The data loss can result in:

  • Brand damage and loss of reputation
  • Loss of competitive advantage
  • Loss of customers
  • Loss of revenue
  • Litigation/legal action resulting in fines and civil penalties
  • Significant cost and effort to notify affected parties and recover from the breach

Network security professionals must protect the organization’s data. Various Data Loss Prevention (DLP) controls must be implemented, that combine strategic, operational and tactical measures.

Campus Area Network

All networks are targets. However, the main focus of this course is on securing Campus Area Networks (CANs). Campus Area Networks consists of interconnected LANs within a limited geographic area.

Network professionals must implement various network security techniques to protect the organization’s assets from outside and inside threats. Connections to untrusted networks must be checked in-depth by multiple layers of defense before reaching enterprise resources.

Small Office and Home Office networks

It is important that all types of networks, regardless of size, are protected. Attackers are also interested in home networks and small office and home office (SOHO) networks. They may want to use someone’s Internet connection for free, use the Internet connection for illegal activity, or view financial transactions, such as online purchases.

Home networks and SOHOs are typically protected using a consumer grade router, such as a Linksys home wireless router. These routers provide basic security features to adequately protect inside assets from the outside attackers.

Wide Area Networks

Wide Area Networks (WANs) span a wide geographical area, often over the public Internet. Organizations must ensure secure transport for the data in motion as it travels between sites.

Network security professionals must use secure devices on the edge of the networks and protect networks by using an Adaptive Security Appliance (ASA), which provides state-full firewall features and establishes secure Virtual Private Network (VPN) tunnels to various destinations.

Data Center Networks

Data center networks are typically housed in an off-site facility to store sensitive or proprietary data. These sites are interconnected to corporate sites using VPN technology with ASA devices and integrated data center switches, such as a high-speed Nexus switches.

Today’s data centers store vast quantities of sensitive, business-critical information; therefore, physical security is critical to its operation. Physical security not only protects access to the premise but also protects people and equipment. For example, fire alarms, sprinklers, seismically-braced server racks, and redundant heating, ventilation, and air conditioning (HVAC) and UPS systems are in place to protect people and equipment.

  • Outside perimeter security– This can include on-premise security officers, fences, gates, continuous video surveillance, and security breach alarms.
  • Inside perimeter security– This can include continuous video surveillance, electronic motion detectors, security traps, and biometric access and exit sensors.

Cloud and Virtual Networks

The Cloud is playing an increasing role in enterprise networks. Cloud computing allows organizations to use services such as data storage or Cloud-based applications, to extend their capacity or capabilities without adding infrastructure. By its very nature, the Cloud is outside of the traditional network perimeter, allowing an organization to have a data center that may or may not reside behind the traditional firewall.

The terms “Cloud computing” and “virtualization” are often used interchangeably; however, they mean different things. Virtualization is the foundation of Cloud computing. Without it, Cloud computing, as it is most-widely implemented, would not be possible. Cloud computing separates the application from the hardware. Virtualization separates the OS from the hardware.

The actual Cloud network consists of physical and virtual servers which are commonly housed in data centers. However, data centers are increasingly using virtual machines (VM) to provide server services to their clients. Server virtualization takes advantage of idle resources and consolidates the number of required servers. This also allows for multiple operating systems to exist on a single hardware platform. However, VMs are also prone to specific targeted attacks.

For security teams, an easy to implement yet comprehensive strategy that addresses business demands and defends the data center is a necessity. Cisco developed the Secure Data Center solution to operate in this unpredictable threat landscape. The Cisco Secure Data Center solution blocks internal and external threats at the data center edge.

Common Network Security Terms

Business world is ever evolving. Many key business factors are complex in nature and unpredictable. Network Security and Enterprise Risk Management (ERM) are related. If Network Security measures are implemented properly, enterprise risks can be avoided to a large extent.

Risk assessment provides a mechanism for identifying which risks represent opportunities and which represent potential pitfalls. Enterprise risk assessments and proper security measures provide more clear view about internal or external business risks.

Key technical terms which Network Security administrators must know are!

1) Asset: Asset is anything which the organization is invested and which is valuable to the organization. Examples: Properties, Vehicles, Heavy Equipment, Plants, Buildings, Employees, Computers, Data, Intellectual Properties etc. Protecting the organization’s assets is the prime function of security (physical security or network security).

2) Vulnerability: Vulnerability can be defined as an exploitable weakness in a system or its design. Every system is human created. Chances for errors, mistakes are always there in every human created systems. Vulnerabilities are always there in Applications, Network Protocols, Operating Systems etc. Vulnerability can be exploited by an attacker to gain access to an organization’s network.

3) Exploit: An Exploit can be defined as a way, method or tool which is used by an attacker, on a vulnerability, to cause damage to the target network or system. The exploit can be software that may cause a buffer overflow or a method of social engineering to hack a password.

4) Threat: Threat can be defined as anything danger to an Asset. Threats can be accidentally triggered or intentionally exploited.

5) Attack: Attack can be defined as action taken by an attacker to harm an asset.

6) Risk: The term “Risk” can be defined as potential for loss, compromise, damage, destruction or other negative consequence of an organization’s Asset. Risk arises from a threat, multiple threats, exploiting vulnerability. Risk forms an adverse negative impact on an organization’s Asset.

Risk = Asset + Threat + Vulnerability

7) Countermeasure: Countermeasure is an action initiated by the organization (typically security professionals) to mitigate a threat.