Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
CCNA Security 210-260 Certification Guide
CCNA Security 210-260 Certification Guide

CCNA Security 210-260 Certification Guide: Build your knowledge of network security and pass your CCNA Security exam (210-260)

Arrow left icon
Profile Icon Glen D. Singh Profile Icon Anandh Profile Icon Vinod
Arrow right icon
$24.99 $35.99
Full star icon Full star icon Full star icon Full star icon Half star icon 4.1 (22 Ratings)
eBook Jun 2018 518 pages 1st Edition
eBook
$24.99 $35.99
Paperback
$43.99
Subscription
Free Trial
Renews at $19.99p/m
Arrow left icon
Profile Icon Glen D. Singh Profile Icon Anandh Profile Icon Vinod
Arrow right icon
$24.99 $35.99
Full star icon Full star icon Full star icon Full star icon Half star icon 4.1 (22 Ratings)
eBook Jun 2018 518 pages 1st Edition
eBook
$24.99 $35.99
Paperback
$43.99
Subscription
Free Trial
Renews at $19.99p/m
eBook
$24.99 $35.99
Paperback
$43.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Table of content icon View table of contents Preview book icon Preview Book

CCNA Security 210-260 Certification Guide

Exploring Security Threats

As networks grow and technology advances, so does the cyber threats landscape. Every hour a new threat emerges, and cybersecurity companies are battling to mitigate and prevent such malicious attacks from invading our computers and networks. This has been a challenge for all, from the evolution of a simple batch virus script to Advanced Persistent Threats (APTs). Cisco has created a certification that allows you to begin your career in network security, the Cisco Certified Network Associate (CCNA) security designation.

This certification focuses on understanding threats to secure your network using Cisco routers and switches and even configuring and setting up the Cisco Adaptive Security Appliance (ASA). After completion, you'll be able to function as a network security engineer and mitigate and prevent such threats from entering your network. This chapter covers the basic principles of implementing network security in an enterprise network.

Security is very important and if no proper security principles are followed, it will lead to financial risks, legal risks, and negative public relations implications. In some cases, the overall business may be placed at risk due to the noncompliance of security policies. The security of an enterprise network can be viewed from different perspectives. For a management team, the network is a tool that enables the business goals of the company. For end users, a network is just a tool for them to complete their job. Unfortunately, if an end user or a management team is not maintaining their data safely, it may lead to several vulnerabilities and security threats. If the hacker compromises and gains access to the data and applications, the security component of the network fails.

The following topics are the three basic concepts of network security:

  • Confidentiality: The privacy of the data in the network. The data on the network should be protected from unauthorized users and they should not access the data by any means. The data can be protected by encrypting it.
  • Integrity: The changes made to the data should only be made by the authorized users. If the data in transit is corrupted, it leads to a failure of integrity and a loss of revenue.
  • Availability: A network, or data, should be available to its authorized users. The term availability refers to the provision of services that are dependent on networks, systems, and data. Any impact on the availability of the data leads to heavy loss of business and revenue.

The following diagram illustrates the working mechanism of the network security concept better known as the CIA triad:

After completing this chapter, you will:

  • Understand the basics of network security
  • Understand the different security terminologies
  • Understand different types of attack
  • Understand the different types of security tools

Important terms in network security

Network security is a very broad concept; it starts with authenticating users and authorizing resources. It deals with security threats analysis and vulnerability checks.

Threats

A threat is the potential for an attacker to take advantage of a vulnerability on a system. An example of a threat can be a disgruntled employee who has been given a warning letter in an organization. This person may want to inflict harm to the company's network and has decided to research exploitation.

Some further examples of threats include malware, Denial of Service (DoS), and phishing.

Let's now discuss risk and countermeasure:

  • Risk: A risk is the likelihood of a threat actor taking advantage of a vulnerability that can attack a network system, which leads to damage to the network
  • Countermeasure: A countermeasure can be a combination of a process and a device that can act together as a safeguard against potential attacks, thereby reducing security risks
A firewall is configured with an access control list, and a server with security policies.

Vulnerability

Vulnerability is a weakness of the system, data, or any application, by which unauthorized persons can exploit it. Vulnerability on the network may occur due to various reasons:

  • Result of a malicious attack
  • Failure of a policy
  • Weakness of the system or a policy
  • Weakness of a protocol

Vulnerabilities are found in operating systems, routers, switches, firewalls, applications, antivirus software, and so on. An attacker uses these vulnerabilities to create a threat to the network. Generally, vulnerabilities arise due to high complexity or human error while developing an application and designing a network.

Analyzing vulnerability

Vulnerability analysis is the process of identifying security weaknesses on a computing platform or network. This aids the internal security team (blue team) in remediating any flaws that have been discovered. A security team is also responsible for conducting a vulnerability assessment to evaluate the cybersecurity risk and try to minimize/mitigate it as much as possible. Vulnerability assessments are usually conducted before and after applying any countermeasures within the organization. This helps with the evaluation process to determine whether the attack surfaces are reduced; it also ensures the proper practices are used and applied correctly.

The blue team is a group of individuals who's responsibilities are to perform security analysis on the information systems of an organization.

When an administrator dealing with security installs a patch on the endpoint security tool, there are chances of manual errors or misconfigurations in the tool that may open a door for a hacker to attack the node.

Periodic vulnerability testing/analysis is essential in such situations.

Vulnerability assessments have the following advantages:

  • Help administrators to keep their data safe from hackers and attackers, which eliminates business risks.
  • Vulnerability assessment tools help administrators to check for loopholes in the network architecture. These tools also examine whether there are any possible destructive actions that can cause damage to your application, software, or network.
  • Vulnerability assessment tools detect attack pathways that may get missed in manual assessment, which increases the ROI.

Before performing a vulnerability assessment, the administrators should create a test plan, develop a threat model and verify the URLs, and access credentials.

There are two ways of conducting a vulnerability assessment. The first one is the automated dynamic scanning and the other is the manual Vulnerability and Penetration Testing (VAPT).

In the automated method, a tool, such as Burp Suite Pro, IBM Rational AppScan, is used to scan the application and find security flaws. The manual testing is performed in the following steps:

  1. Check SQL injection, XML injection, and LDAP injection flaws
  2. Inspect poor authentication methods and cracked login processes
  3. Inspect cookies and other session details
  4. Inspect the default settings in the security configurations in the devices
  5. Inspect broken encryption algorithms and other ciphers to secure the communications

Choose either automatic or manual testing methods to verify the scan results, collect evidence, and complete the reports.

Introduction to an attack

An attack is the process of attempting to steal data, destroy data, gain unauthorized access to a device, or even shut down/disable a system, preventing legitimate users from accessing the resources. An attack can be local, where a malicious user has physical access to the system and either executes a malicious payload or is attempting to gain access into the device. A remote attack requires the malicious user to send a payload over a network connection to the victim device in the hope that the attack would be successful and it would either gain control of the victim device or cause service interruptions (denial of service).

Attacks are mainly distinguished as either:

  • Passive attacks
  • Active attacks

Passive attacks

In a passive attack, the attacker is considered to be in a learning (monitoring) state to understand the details about the potential victim's device, how it performs and operates. This allows the attacker to have a better attack strategy. An example of a passive attack is where an attacker is sniffing the network traffic between a victim machine and its default gateway.

Types of passive attack:

  • Sniffing: Capturing packets unknown to users on the network. The goal is to obtain any sensitive information sent across the network.
  • Port scanning: Checking for open TCP and UDP ports. This will aid the attacker in determining the services running on the target/victim machine.

Active attacks

In an active attack, the attacker may have already done enough reconnaissance on the target device and is ready to execute its exploit against the victim. Sometimes, the attack can be a direct attack, meaning the exploit is sent from the attacker's machine to the target, or an indirect attack, where the attacker compromises another machine, making it a zombie, and using the zombie to pivot all the attacks through it. Therefore, the zombie would seem to be the attacker machine from the view of the victim.

Examples of active attacks include:

  • Denial of Service: This attack focuses on exhausting the resources of a system, therefore legitimate users are not given access to the resource
  • Botnet: The attacker sets up a Command and Control (CnC) server to control all its infected machines (zombies) to carry out malicious activities

Spoofing attacks

In a spoofing attack, the attacker uses false information to pretend to be a legitimate or authorized user/machine. When an attacker attempts to exploit a system or deliver a payload, they have to try to trick the user into falling victim to the attack. Sometimes, changing the source IP address and source MAC address of the packets originating from the attacking machine may trick the potential victim into thinking it's from a legitimate user and may disguise the attack's origins.

Internet protocol – the heart of internet communication

Internet Protocol (IP) is a connection protocol that exists at the Network layer (layer 3) of the Open Systems Interconnection (OSI) reference model. Internet protocol is used to assist routers or any layer 3 devices to forward packets to their corresponding destinations. One main characteristic of internet protocol is its nature of being a connectionless protocol, which means it provides delivery using best effort and is not guaranteed to be delivered to the recipient. Since IP is said to be connectionless, it depends on the upper layers to assist with the delivery of data. The layer above the Network layer is known as the Transport layer. There are two sub protocols, which are used primarily for delivery; these are known as the User Datagram Protocol (UDP) and the Transmission Control Protocol (TCP). An IP packet contains the following: source and destination IP addresses, version (IPv4 or IPv6), Time to Live (TTL) value, protocol (TCP, UDP, or ICMP), and flags.

It is through the forging of this source address that hackers are able to break into the network and mislead communication between the source and the destination. Almost all networks use routers as intermediate devices for the transmission of data. When the data is sent via routers, they identify the destination IP address from the header of the IP datagram to forward the packets to that destination. The source address is ignored by the routers. The source address is used only by the destination machine when a reply is sent back for the received packets.

How is an IP datagram spoofed?

In an IP packet/datagram, the header contains the addressing information, such as the sender's source and the destination's IP address. An IP packet is usually unencrypted, therefore if someone is sniffing the traffic between the sender and the receiver, the contents of the packet and its header information are captured. A malicious user or an attacker can modify the IP address on the IP packets originating from the attacker machine, making it seem to originate from somewhere else, which is known as IP spoofing. It tricks a potential victim into believing the IP packet came from a legitimate or trusted source, but is actually from a malicious user. The operating system has no way of determining whether the IP addresses actually belong to the legitimate machine or not. When the internet protocol was built, security was not a concern at the time, hence IP lacks security features.

There are different types of spoofing attacks:

  • Address Resolution Protocol spoofing
  • DNS spoofing

IP spoofing

Using the following scenario, an attacker sends a specially crafted packet to the web server (200.1.1.1). Within the IP header of the specially crafted packet, it has a source IP address of 203.155.182.1, which belongs to the potential victim machine and not the real IP address of the attacker. When the web server receives the packet and has to respond, it sees the sender's IP address is 203.155.182.1 and sends its response to the victim machine instead of the attacker:

Attackers primarily use IP spoofing as a technique to bypass any filters, access lists, or even security appliances that act as countermeasures for spoofing attacks. The goal is to find a way into a network by tricking the system into believing it's a legit packet.

In this method, the attacker creates IP packets with a fake source IP address to hide the identity of the sender. Attackers use IP spoofing to overcome security measures, such as authentication-based IP networks. Attackers use randomly chosen IP address and spoof the original IP address to perform the DoS attack.

When two computers communicate, information about the IP address is placed on the source field of the packet. In an IP spoofing attack, the source IP address in the packet is not the original IP address of the source computer. By modifying the source IP address, the original sender can make the victim machine think the message originated from another source and therefore the sending machine or the attacker will be protected from being tracked.

Various options where IP spoofing can be used:

  • Scanning
  • Hijacking an online session
  • Flooding

Scanning

Scanning is a process in which a malicious user sends probes to a victim machine to determine TCP/UDP open ports, the type of operating system and version, services running on the victim machine, and vulnerabilities:

During the scanning phase, the attack may notice whether port 80 is open or not on the target device. If port 80 is open, we can determine there is a web server daemon running on the target device. The attacker can then use the Telnet protocol to perform banner-grabbing on the victim using port 80 as the destination port. This will determine the type and version of the web server, whether it's Microsoft IIS, Apache, or even nginx. Knowing this information will aid the attacker in fine-tuning their payload for the target device.

Hijacking an online session

In a session hijacking attack, an attacker can capture the cookie from a user who has logged on to a website and uses data found inside the cookie to also log on to the same website without having to enter a username and password combination. This would allow the attacker to gain access to the user (victim) account details.

The cookie can be captured using either sniffing or man-in-the-middle (MITM) attacks.

Flooding

In a flooding attack, the attacker sends unsolicited packets to the target continuously until the target is overwhelmed. The target will need to process each packet it receives, but due to the high influx of packets received, the target would eventually be unable to respond to a legitimate request from users or perform any further action.

ARP spoofing attacks

In an ARP spoofing attack, the attacker tries to map the MAC address with the IP address of a victim. The attacker can then intercept, steal, or delete the data. An ARP spoofing attack targets the nodes, layer 2 switches, and routers by disturbing the ARP caches of the connected systems:

Hosts A, B, and C are connected to the switch. Host A broadcasts a request (ARP) asking for the MAC address of host B, after host A sends data to host B. The switch receives the broadcast and forwards the request, and when host B receives the ARP request, it fills the ARP cache with the ARP entry and the IP address of host A (10.1.1.1 ) and the MAC address of A (aaaa.aaaa.aaaa.aaaa). When host B replies, host A fills their ARP cache with the IP address of host B (10.1.1.2) and the MAC address of B (bbbb.bbbb.bbbb.bbbb). At the same time, host C tries to poison the ARP cache of hosts A and B by sending some fake ARP messages with the IP address of B and the MAC address of host C (cccc.cccc.cccc.cccc).

Now the ARP cache is poisoned and it uses the destination MAC address of host C (cccc.cccc.cccc.cccc) for the traffic intended for host B. The attacker on host C interrupts the traffic flow between host A and host B, as host C knows the MAC addresses of host A and host B.

Mitigating ARP spoofing attacks

ARP attacks cannot be mitigated straightforwardly; however, proactive measures can be taken against ARP-cache poisoning on your network.

Statically mapping the MAC addresses to the IP address is one approach against the unsolicited dynamic ARP requests sent by an attacker. You can see the ARP cache of a Windows system by simply opening a Command Prompt and typing the arp -a command, as shown:

In situations where network arrangements do not change often, static ARP entries can still be used. This will guarantee that devices will depend on their local ARP cache, as opposed to depending on ARP requests and responses:

  • Monitoring ARP traffic: The other method of protecting against the ARP cache is monitoring the network traffic of hosts. This should be possible with a couple of interruption-based identification frameworks and utilities.
  • Dynamic ARP inspection: This is one of the security features that verifies the ARP packet. Dynamic ARP inspection verifies, stores log information, and rejects all the invalid ARP bindings. Dynamic ARP inspection will be explained in more depth in the following chapters.

The DHCP process

Whenever a client connects to a network, it automatically searches for a Dynamic Host Configuration Protocol (DHCP) server. A DHCP server is used to primarily distribute an IP address, subnet mask, default gateway, and Domain Name System (DNS) server configurations to clients. When the client connects, it broadcasts a DHCPDISCOVER message with a destination MAC address of FFFF.FFFF.FFFF and a destination port of 67

The following is the DHCP four (4) way handshake:

Port 67 is open on the DHCP server. A client uses 68 as the source port.

The DHCP server will respond, send a unicast DHCP Offer message back to the client with potentially usable IP configurations. The client will return a DHCPREQUEST back to the DHCP server, letting the server know it's going to accept the IP configurations from the previous message. They will send a DHCP Acknowledgement message to confirm the IP information the client is going to use for network communication.

A simple method to remember the DHCP process is to use an acronym. So D from Discover, O from Offer, R from Request, and A from Acknowledgement. Putting it all together, it spells DORA.

Why DHCP snooping?

DHCP snooping is a feature that exists on a switch. It creates two types of ports: trusted and untrusted. When DHCP snooping is enabled on a switch, all ports are labeled as untrusted, and this prevents any DHCP Offer and DHCP ACK messages from entering the switch. However, the port that is connected to the DHCP server should be configured manually as a trusted port. The trusted port allows the DHCP Offer and DHCP ACK messages to enter the switch.

The DHCP snooping feature is a countermeasure against any rogue DHCP server that may be attached to the network infrastructure.

DHCP snooping is enabled on the VLAN level on a switch.

Trusted and untrusted sources

At times, a malicious user may attempt to install a rogue DHCP server on the network in the hope that potential client devices become victims. We need to remember a few things about the DHCP server: it provides the IP address, subnet mask, default gateway, and DNS server configurations to clients. The default gateway is used to forward traffic destined for a network outside of the LAN, and the DNS server resolves hostnames and IP address. What if the clients are using another default gateway and/or a compromised DNS server with false DNS entries? The following table shows the switches and the classification of ports as trusted/untrusted:

Switches

Ports

F1/3 of switch

Trusted port

F1/1 of switch

Untrusted port

F1/2 of switch

Untrusted port

When the DHCP snooping features are configured on a Cisco switch, it immediately converts all ports to become untrusted ports. An untrusted port prevents any DHCP Offer and DHCP ACK messages from entering the switch port. However, the port that the DHCP server is connected to must be manually configured as a trusted port:

DHCP trust zone

The following describes how the DHCP snooping feature actually functions:

  1. The DHCP snooping is enabled with the switch, the untrusted ports will forward only DHCPDISCOVER and DHCPREQUEST packets to the DHCP Server. The trusted port would only forward DHCP Offer and DHCP Ack packets back to the DHCP client.
The DHCP server must be connected to a trusted port on the switch.
  1. When the attacker sends multiple fake DHCPDISCOVER messages to the server, the CPU utilization of the DHCP server goes up, and at some point the server will be out of IP addresses for that particular network in its pool. To avoid this, the DHCP snooping feature rate limits the DHCP traffic from trusted and untrusted sources so that only one DHCPDISCOVER message can be sent by the client.
  2. If any untrusted port exceeds the number of DHCPREQUEST messages, the port goes into an err-disabled state.
  3. When DHCP snooping is enabled and configured, the switch maintains a DHCP snooping database that is used to keep track of untrusted sources, their leased IP address, and all the other TCP/IP settings.
  4. DHCP snooping can also be enabled for a particular VLAN of the switch interface. By default, it is disabled on all the VLAN interfaces.

A DoS attack is a process by which an attacker tries to create a disturbance in the network by triggering unwanted traffic, and this disables the network. The objective of this attack is to not allow network services to be available to legitimate users.

DoS attacks look legitimate, but the size of the traffic might increase to a level that cannot be managed by the victim, for example:

  • Ping of Death (PoD): Sending continuous ICMP messages that cause the victim to crash or be unable to respond to legitimate requests
  • TCP SYN flood: Simply creating a half-open TCP session on the victim server, thereby halting the services offered by the victim

Ping of Death

The Internet Control Message Protocol (ICMP) can be used to check basic network connectivity between two devices. Attacks can manipulate the size of the ICMP message to be greater than the normal size. A simple utility that uses the ICMP is known as ping.

If an attacker sends a ping of 65,536 bytes or greater to another device on a network, it will cause the recipient machine (victim) to crash. This type of attack is known as Ping of Death.

Let's take a look at the following diagram to better understand what takes place:

In this diagram, the victim that receives the fragmented packets will do the reassembly only to find that the final packet is greater than 65,536 bytes. Not knowing what to do with the packet, the system crashes or malfunctions, resulting in its inability to provide service to the legitimate users.

TCP SYN flood attacks

In most instances, whenever two devices want to communicate, they use the TCP protocol to ensure the message reaches both devices. The first process is known as the TCP three-way handshake. Once the handshake is completed, then data is allowed to flow between both devices. In a TCP SYN flood attack, the attacker sends a constant stream of SYN packets to the victim:

On the victim's end, for every SYN packet received, it must reply with an SYN/ACK packet. The attacker would receive this SYN/ACK packet but would not respond to it, therefore creating a lot of half-open connections on the victim machine. Remember, the attacker is continuously sending TCP SYN packets, which would eventually cause the victim's machine to exhaust its resources and not be able to create any future connections with other devices as long as the attack continues.

Password attacks

In a password attack, the attacker tries to obtain the password of a user account, an encrypted file, or even a network. The purpose can vary based on the attacker's intent. In doing so, there are a variety of different methods for attempting to gain the password of another person:

  • Brute force attack: In a brute force attack, every possible combination of characters is attempted against the protected data until the correct combination is found. A brute force attack has the highest possibility of cracking the password; however, the downside is the length of time it may take before the password is found.
  • Dictionary attack: This attack uses a password list to reference when attempting to crack the password. This attack may not always be a good choice since the success of the attack is only as good as the words that are in the actual wordlist of the password file.
  • Keylogger: A keylogger can be either software- or hardware-based. The primary purpose of a keylogger is to capture keystrokes. This can be useful in capturing an unsuspecting user's password for a secure website, such as their online banking user account information.
  • Trojan Horse: A Trojan Horse is a type of malware that disguises itself to look like a trusted program/software to trick its potential victims into installing it. Once installed, the actual malicious payload installs itself in the background and stays hidden from the victim. The payload can also be a software keylogger configured to send logs of data remotely back the attacker.

The main concept behind this attack is the weakness of the human mind in creating a strong password which contains alphanumeric characters, upper and lower cases with number(s) and a special character. This is sometimes an amateur way of obtaining critical information from users, such as bank account details, credit card PIN, or other confidential data. As a prerequisite, the attacker tries to look legitimate and provides information that looks real from a victim's perspective.

Different types of social engineering attacks can be seen:

  • Phishing: This attack uses email as the mechanism through which an attacker disguised as a legitimate organization tries to get critical details, such as banking passwords.
  • Vishing: This attack uses phones, through which the attacker tries to converse like a person from a legitimate organization and get critical details from the victim.
  • Spear phishing: This attack is similar to phishing, but it focuses on a particular target from whom the attacker will steal information. It is important to note that the attacker gathers some information about the particular victim prior to launching this attack so that it looks like a particular email sent to the victim is legitimate, for example, targeting the CEO of an organization.
  • Pharming: This is an attack where a rogue DNS server provides the wrong DNS IP for a particular URL, which leads the victim to a malicious site. Also, this can be done by injecting some incorrect DNS mappings into the host file on the Windows machine.
  • Smishing: This attack uses SMS instead of email.

Buffer overflow attacks

In programming, a buffer is an area that is used to store data temporarily during program execution. The size of the buffer is usually fixed. Once the program closes, the contents of the buffer are also cleared. In a buffer overflow attack, the buffer is filled with more data than it can handle, causing the program to behave abnormally. Attackers use this attack to gain reverse shells into a victim machine by injecting shellcode as the payload.

Malware

Malware is any malicious software that can cause harm to any computing system or network. A piece of malware may have multiple functions, such as wiping data from a hard drive, capturing screenshots of the victim's monitor, or even creating a backdoor.

Some types of malware include:

  • Viruses
  • Crypto-malware, ransomware
  • Worms
  • Trojan Horse
  • Rootkit
  • Keylogger
  • Adware/spyware
  • Botnet

Network security tools

A tool is only as good as its wielder. There are many network security tool out there; some categories include tools for reconnaissance to help gather information on DNS, email addresses, and SNMP. At our fingertips, there's Nmap (Network Mapper), https://nmap.org, for exploitation development; the famous Metasploit from Rapid 7 (https://www.rapid7.com/products/metasploit/), for sniffing; Wireshark (https://www.wireshark.org/); and most importantly, one of the most advanced penetration platforms, Kali Linux (https://www.kali.org/) from Offensive Security.

We always need to remember hackers, network administrators, and cyber security professionals use network tools for different purposes. A white-hat hacker may use it to find vulnerabilities on a network before the black-hat hacker finds and exploits them. A penetration tester is trying to find and exploit any weakness in a network because it's their job.

Wireshark

Wireshark is referred to as the best protocol analyzer/sniffer. It has the ability to display all the Protocol Data Units (PDUs) for the four layers of the TCP/IP stack. Wireshark is a free tool for both Windows and Linux operating systems. It has the ability to see all the conversations/network traffic passing along a network segment:

To start a capture on Wireshark, simply open it and click on Capture | Options, then select the interface you want to capture traffic on. Now, click on Start.

Wireshark can be found at https://www.wireshark.org/.

Metasploit

Metasploit is an exploitation development framework. This is a free tool for students and people who want to learn hacking in an ethical manner. The tool can be used with both Windows and Linux:

This is the Command Prompt from which Metasploit can be used. The console is referred to as msf.

Kali Linux

Kali Linux is a penetration testing Linux distribution. It was created by Offensive Security as the successor to the famous BackTrack. Kali Linux is a single operating system with all the possible tools and utilities needed for conducting a penetration test and forensics.

The amazing benefit of this distro is that it can be installed on a virtual machine, on a hard drive, it can be live-booted via USB, and can be installed on mobile devices, such as the Google Nexus, OnePlus smartphones, and the Raspberry Pi computer.

There are many categories of tools, such as information-gathering, scanners, password-cracking, exploitation development, post-exploitation, and forensics. The possibilities with Kali Linux are endless.

Summary

In this chapter, we took a look at the CIA triad and its importance, network security terminologies, types of attacks, how IP works and its vulnerabilities to network attack, and some security tools.

In the next chapter, we will look at the uses of different types of firewall and the significance of IPS in network security.

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • •Enhance your skills in network security by learning about Cisco’s device configuration and installation
  • •Unlock the practical aspects of CCNA security to secure your devices
  • •Explore tips and tricks to help you achieve the CCNA Security 210-260 Certification

Description

With CCNA Security certification, a network professional can demonstrate the skills required to develop security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats. The CCNA Security 210-260 Certification Guide will help you grasp the fundamentals of network security and prepare you for the Cisco CCNA Security Certification exam. You’ll begin by getting a grip on the fundamentals of network security and exploring the different tools available. Then, you’ll see how to securely manage your network devices by implementing the AAA framework and configuring different management plane protocols. Next, you’ll learn about security on the data link layer by implementing various security toolkits. You’ll be introduced to various firewall technologies and will understand how to configure a zone-based firewall on a Cisco IOS device. You’ll configure a site-to-site VPN on a Cisco device and get familiar with different types of VPNs and configurations. Finally, you’ll delve into the concepts of IPS and endpoint security to secure your organization’s network infrastructure. By the end of this book, you’ll be ready to take the CCNA Security Exam (210-260).

Who is this book for?

CCNA Security 210-260 Certification Guide can help you become a network security engineer, a cyber security professional, or a security administrator. You should have valid CCENT or CCNA Routing and Switching certification before taking your CCNA Security exam.

What you will learn

  • •Grasp the fundamentals of network security
  • •Configure routing protocols to secure network devices
  • •Mitigate different styles of security attacks using Cisco devices
  • •Explore the different types of firewall technologies
  • •Discover the Cisco ASA functionality and gain insights into some advanced ASA configurations
  • •Implement IPS on a Cisco device and understand the concept of endpoint security

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Jun 15, 2018
Length: 518 pages
Edition : 1st
Language : English
ISBN-13 : 9781787124585
Vendor :
Cisco

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Product Details

Publication date : Jun 15, 2018
Length: 518 pages
Edition : 1st
Language : English
ISBN-13 : 9781787124585
Vendor :
Cisco

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 120.97
CCNA Routing and Switching 200-125 Certification Guide
$43.99
CCNA Security 210-260 Certification Guide
$43.99
CCENT/CCNA: ICND1 100-105 Certification Guide
$32.99
Total $ 120.97 Stars icon
Banner background image

Table of Contents

18 Chapters
Exploring Security Threats Chevron down icon Chevron up icon
Delving into Security Toolkits Chevron down icon Chevron up icon
Understanding Security Policies Chevron down icon Chevron up icon
Deep Diving into Cryptography Chevron down icon Chevron up icon
Implementing the AAA Framework Chevron down icon Chevron up icon
Securing the Control and Management Planes Chevron down icon Chevron up icon
Protecting Layer 2 Protocols Chevron down icon Chevron up icon
Protecting the Switch Infrastructure Chevron down icon Chevron up icon
Exploring Firewall Technologies Chevron down icon Chevron up icon
Cisco ASA Chevron down icon Chevron up icon
Advanced ASA Configuration Chevron down icon Chevron up icon
Configuring Zone-Based Firewalls Chevron down icon Chevron up icon
IPSec – The Protocol that Drives VPN Chevron down icon Chevron up icon
Configuring a Site-to-Site VPN Chevron down icon Chevron up icon
Configuring a Remote-Access VPN Chevron down icon Chevron up icon
Working with IPS Chevron down icon Chevron up icon
Application and Endpoint Security Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.1
(22 Ratings)
5 star 54.5%
4 star 18.2%
3 star 18.2%
2 star 0%
1 star 9.1%
Filter icon Filter
Top Reviews

Filter reviews by




rasheed mohammed Jan 14, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book is well written. it is clear, concise and provides a step-by-step approach administering Cisco security features on their devices. It is clear that the authors were pragmatic in their approach. From beginners to advanced users, i think every user can appreciate such a thoughtful and thorough approach to helping you better understand CCNA Security principles.
Amazon Verified review Amazon
vik Jul 18, 2018
Full star icon Full star icon Full star icon Full star icon Full star icon 5
great guide on network security in's and out's
Amazon Verified review Amazon
Eric DJ Oct 24, 2018
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Love it
Amazon Verified review Amazon
ravi seetaram Jul 21, 2018
Full star icon Full star icon Full star icon Full star icon Full star icon 5
very good book. Topics are very easy to understand with this book
Amazon Verified review Amazon
Chris Oct 25, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Keep up the good work!!!
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.