Network Security

Network Security Overview

One of the main duties of the network administrator is to protect the network and its data against all kinds of threats and attacks. Network threats and attacks can originate outside of the network but they can also be launched from within the network. A networking department needs many tools to defend the network. This can take the form of firewall routers and specialized security devices but it also means developing documents that define a network security policy, that outlines and defines the rules and boundaries of an organization’s computer network and its users.

Domains of Network Security

The CCNA Security curriculum mentions the 12 domains of network information security as published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission ISO/IEC 27002. The domains are a code of best practices for information security management. The 12 domains are like questions that every network administrator and IT department should be able to answer:

  1. Risk assessment – step one analyze what information is at risk.
  2. Security policy – create a company security policy that defines the rules and expectations for the employees behaviors and access of information.
  3. {loadposition adposition6}Organization of information security – how will the security policy be governed?
  4. Asset management – how will information assets be inventoried and classified?
  5. Human resources security – security rules for employees joining, moving or separating from the organization.
  6. Physical and environmental security – how will the technology be physically protected?
  7. Communications and operations management – who and what, will manage security controls with regards to the network and information system.
  8. Access control – who will have access and what will they have access to?
  9. Information systems acquisition, development and maintenance – how software applications and systems will be integrated into the network with a focus on security?
  10. Information security incident management – the protocols for anticipating and responding to information security breaches.
  11. Business continuity management – backup and recovery plans for computer information systems.
  12. Compliance – how does the company comply with current information security policies, standards, laws and regulations?

Viruses, Worms, and Trojans

  • Virus – a computer virus is a malicious program that attaches or embeds itself to a legitimate program, executable file or system file. Once infected the virus attempts to execute and replicate itself across multiple files and even hosts. Viruses variously damage, alter and destroy computer files. Viruses are typically spread by USB thumb drives, and most commonly through email attachments. See: http://en.wikipedia.org/wiki/Computer_virus
  • Worm – a computer worm is a malicious program that, when accessed, immediately installs itself in memory and spreads itself across a computer network. Worms do not need to attach themselves to legitimate programs like viruses in order to run. Although a worm does not alter computer files like a virus, they can deliver executable payloads, often back-doors, Trojan horses or simply drain system resources and bandwidth. See: http://en.wikipedia.org/wiki/Computer_worm
  • Trojan Horse – a Trojan horse is a computer program that masquerades as a legitimate program, but in actuality does something far different. A common form of Trojan horse is software or malware, that claims to be a legitimate antivirus program, but once downloaded, actually downloads viruses onto a user’s computer. Though Trojan horses do not replicate themselves as a virus does they are often piggy-backed with computer worms in order to spread. See: http://en.wikipedia.org/wiki/Trojan_horse_(computing)

There are five distinct stages in a virus or worm attack

  • Probe –  involves scanning network hosts for operating system or software vulnerabilities.
  • Penetrate –  launch an attack or exploit through an attack vector like program buffer overflow, email attachment or malicious webpage code injection.
  • Persist – the code may attempt to maintain a level of control over the target system by installing a backdoor or creating additional executable system files that will launch on startup.
  • Propagate – in this stage the virus or worm attempts to target additional computer systems in order to expand the number of infected systems.
  • Paralyze – viruses will criple or shutdown computer systems by corrupting system files, launching denial of service (DoS) and distributed denial of service (DDoS) attacks, and/or draining system and network resources like CPU time and available bandwidth.

Video Tutorials

Follow along with the video below, in Packet Tracer, with this file: OSPF-authentication_begin.zip

 In this video tutorial, I demonstrate configuring encrypted routing protocol authentication with OSPF

In this video, I show how to backup a router IOS image with TFTP and restore a deleted IOS image using Xmodem 

In this video, I show how to and restore a deleted Cisco router’s IOS image using a TFTP server

In this tutorial, I show how to recover a forgotten or lost password on a Cisco router

Author: Dan

Dan teaches computer networking and security classes at Central Oregon Community College.

Leave a Reply

Your email address will not be published. Required fields are marked *