Security Threats and Vulnerabilities CCNA
Security Threats and Vulnerabilities CCNA

Security Threats and Vulnerabilities

Security Threats and Vulnerabilities
5

Summary

This topic explain why basic security measure are necessary on network devices.. Start learning CCNA 200-301 for free right now!!

Note: Welcome: This topic is part of Chapter 16 of the Cisco CCNA 1 course, for a better follow up of the course you can go to the CCNA 1 section to guide you through an order.

Types of Threats

Wired and wireless computer networks are essential to everyday activities. Individuals and organizations depend on their computers and networks. Intrusion by an unauthorized person can result in costly network outages and loss of work. Attacks on a network can be devastating and can result in a loss of time and money due to damage, or theft of important information or assets.

Intruders can gain access to a network through software vulnerabilities, hardware attacks, or through guessing someone’s username and password. Intruders who gain access by modifying software or exploiting software vulnerabilities are called threat actors.

After the threat actor gains access to the network, four types of threats may arise.

Click each button for information about each threat.

Information theft is breaking into a computer to obtain confidential information. Information can be used or sold for various purposes. Example: stealing an organization’s proprietary information, such as research and development data.

Information theft

Data loss and manipulation is breaking into a computer to destroy or alter data records. An example of data loss is a threat actor sending a virus that reformats a computer hard drive. An example of data manipulation is breaking into a records system to change information, such as the price of an item.

Data loss and manipulation
Data loss and manipulation

Identity theft is a form of information theft where personal information is stolen for the purpose of taking over someone’s identity. Using this information, a threat actor can obtain legal documents, apply for credit, and make unauthorized online purchases. Identify theft is a growing problem costing billions of dollars per year.

Identity theft
Identity theft

Disruption of service
Disruption of service

Types of Vulnerabilities

Vulnerability is the degree of weakness in a network or a device. Some degree of vulnerability is inherent in routers, switches, desktops, servers, and even security devices. Typically, the network devices under attack are the endpoints, such as servers and desktop computers.

There are three primary vulnerabilities or weaknesses: technological, configuration, and security policy. All three of these sources of vulnerabilities can leave a network or device open to various attacks, including malicious code attacks and network attacks.

Click each button for a table with examples and a description of each type of vulnerability.

Vulnerability Description
TCP/IP Protocol Weakness
  • Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Internet Control Message Protocol (ICMP) are inherently insecure.
  • Simple Network Management Protocol (SNMP) and Simple Mail Transfer Protocol (SMTP) are related to the inherently insecure structure upon which TCP was designed.
Operating System Weakness
  • Each operating system has security problems what must be addressed.
  • UNIX, Linux, Mac OS, Mac OS X, Windows Server 2012, Windows 7, Windows 8
  • They are documented in the Computer Emergency Response Team (CERT) archives at ht​tp://www.cert.org
Network Equipment Weakness Various types of network equipment, such as routers, firewalls, and switches have security weaknesses that must be recognized and protected against. Their weaknesses include password protection, lack of authentication, routing protocols, and firewall holes.

Vulnerability Description
Lack of written security policy A security policy cannot be consistently applied or enforced if it is not written down.
Politics Political battles and turf wars can make it difficult to implement a consistent security policy.
Lack of authentication continuity Poorly chosen, easily cracked, or default passwords can allow unauthorized access to the network.
Logical access controls not applied Inadequate monitoring and auditing allow attacks and unauthorized use to continue, wasting company resources. This could result in legal action or termination against IT technicians, IT management, or even company leadership that allows these unsafe conditions to persist.
Software and hardware installation and changes do not follow policy Unauthorized changes to the network topology or installation of unapproved application create or enable holes in security.
Disaster recovery plan is nonexistent The lack of a disaster recovery plan allows chaos, panic, and confusion to occur when a natural disaster occurs or a threat actor attacks the enterprise.

Vulnerability Description
Lack of written security policy A security policy cannot be consistently applied or enforced if it is not written down.
Politics Political battles and turf wars can make it difficult to implement a consistent security policy.
Lack of authentication continuity Poorly chosen, easily cracked, or default passwords can allow unauthorized access to the network.
Logical access controls not applied Inadequate monitoring and auditing allow attacks and unauthorized use to continue, wasting company resources. This could result in legal action or termination against IT technicians, IT management, or even company leadership that allows these unsafe conditions to persist.
Software and hardware installation and changes do not follow policy Unauthorized changes to the network topology or installation of unapproved application create or enable holes in security.
Disaster recovery plan is nonexistent The lack of a disaster recovery plan allows chaos, panic, and confusion to occur when a natural disaster occurs or a threat actor attacks the enterprise.

Physical Security

An equally important vulnerable area of the network to consider is the physical security of devices. If network resources can be physically compromised, a threat actor can deny the use of network resources.

The four classes of physical threats are as follows:

  • Hardware threats – This includes physical damage to servers, routers, switches, cabling plant, and workstations.
  • Environmental threats – This includes temperature extremes (too hot or too cold) or humidity extremes (too wet or too dry).
  • Electrical threats – This includes voltage spikes, insufficient supply voltage (brownouts), unconditioned power (noise), and total power loss.
  • Maintenance threats – This includes poor handling of key electrical components (electrostatic discharge), lack of critical spare parts, poor cabling, and poor labeling.

A good plan for physical security must be created and implemented to address these issues. The figure shows an example of physical security plan.

Plan Physical Security to Limit Damage to Equipment

Physical Security Plan
  • Secure computer room.
  • Implement physical security to limit damage to the equipment.

Step 1. Lock up equipment and prevent unauthorized access from the doors, ceiling, raised floor, windows, ducts, and vents.

Step 2. Monitor and control closet entry with electronic logs.

Step 3. Use security cameras.

Glossary: If you have doubts about any special term, you can consult this computer network dictionary.

Ready to go! Keep visiting our networking course blog, give Like to our fanpage; and you will find more tools and concepts that will make you a networking professional.

More Goodies
The Command Structure Cisco IOS
The Command Structure