Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
CCNA Security 210-260 Certification Guide
CCNA Security 210-260 Certification Guide

CCNA Security 210-260 Certification Guide: Build your knowledge of network security and pass your CCNA Security exam (210-260)

Arrow left icon
Profile Icon Glen D. Singh Profile Icon Anandh Profile Icon Vinod
Arrow right icon
$43.99
Full star icon Full star icon Full star icon Full star icon Half star icon 4.1 (22 Ratings)
Paperback Jun 2018 518 pages 1st Edition
eBook
$24.99 $35.99
Paperback
$43.99
Subscription
Free Trial
Renews at $19.99p/m
Arrow left icon
Profile Icon Glen D. Singh Profile Icon Anandh Profile Icon Vinod
Arrow right icon
$43.99
Full star icon Full star icon Full star icon Full star icon Half star icon 4.1 (22 Ratings)
Paperback Jun 2018 518 pages 1st Edition
eBook
$24.99 $35.99
Paperback
$43.99
Subscription
Free Trial
Renews at $19.99p/m
eBook
$24.99 $35.99
Paperback
$43.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Table of content icon View table of contents Preview book icon Preview Book

CCNA Security 210-260 Certification Guide

Exploring Security Threats

As networks grow and technology advances, so does the cyber threats landscape. Every hour a new threat emerges, and cybersecurity companies are battling to mitigate and prevent such malicious attacks from invading our computers and networks. This has been a challenge for all, from the evolution of a simple batch virus script to Advanced Persistent Threats (APTs). Cisco has created a certification that allows you to begin your career in network security, the Cisco Certified Network Associate (CCNA) security designation.

This certification focuses on understanding threats to secure your network using Cisco routers and switches and even configuring and setting up the Cisco Adaptive Security Appliance (ASA). After completion, you'll be able to function as a network security engineer and mitigate and prevent such threats from entering your network. This chapter covers the basic principles of implementing network security in an enterprise network.

Security is very important and if no proper security principles are followed, it will lead to financial risks, legal risks, and negative public relations implications. In some cases, the overall business may be placed at risk due to the noncompliance of security policies. The security of an enterprise network can be viewed from different perspectives. For a management team, the network is a tool that enables the business goals of the company. For end users, a network is just a tool for them to complete their job. Unfortunately, if an end user or a management team is not maintaining their data safely, it may lead to several vulnerabilities and security threats. If the hacker compromises and gains access to the data and applications, the security component of the network fails.

The following topics are the three basic concepts of network security:

  • Confidentiality: The privacy of the data in the network. The data on the network should be protected from unauthorized users and they should not access the data by any means. The data can be protected by encrypting it.
  • Integrity: The changes made to the data should only be made by the authorized users. If the data in transit is corrupted, it leads to a failure of integrity and a loss of revenue.
  • Availability: A network, or data, should be available to its authorized users. The term availability refers to the provision of services that are dependent on networks, systems, and data. Any impact on the availability of the data leads to heavy loss of business and revenue.

The following diagram illustrates the working mechanism of the network security concept better known as the CIA triad:

After completing this chapter, you will:

  • Understand the basics of network security
  • Understand the different security terminologies
  • Understand different types of attack
  • Understand the different types of security tools

Important terms in network security

Network security is a very broad concept; it starts with authenticating users and authorizing resources. It deals with security threats analysis and vulnerability checks.

Threats

A threat is the potential for an attacker to take advantage of a vulnerability on a system. An example of a threat can be a disgruntled employee who has been given a warning letter in an organization. This person may want to inflict harm to the company's network and has decided to research exploitation.

Some further examples of threats include malware, Denial of Service (DoS), and phishing.

Let's now discuss risk and countermeasure:

  • Risk: A risk is the likelihood of a threat actor taking advantage of a vulnerability that can attack a network system, which leads to damage to the network
  • Countermeasure: A countermeasure can be a combination of a process and a device that can act together as a safeguard against potential attacks, thereby reducing security risks
A firewall is configured with an access control list, and a server with security policies.

Vulnerability

Vulnerability is a weakness of the system, data, or any application, by which unauthorized persons can exploit it. Vulnerability on the network may occur due to various reasons:

  • Result of a malicious attack
  • Failure of a policy
  • Weakness of the system or a policy
  • Weakness of a protocol

Vulnerabilities are found in operating systems, routers, switches, firewalls, applications, antivirus software, and so on. An attacker uses these vulnerabilities to create a threat to the network. Generally, vulnerabilities arise due to high complexity or human error while developing an application and designing a network.

Analyzing vulnerability

Vulnerability analysis is the process of identifying security weaknesses on a computing platform or network. This aids the internal security team (blue team) in remediating any flaws that have been discovered. A security team is also responsible for conducting a vulnerability assessment to evaluate the cybersecurity risk and try to minimize/mitigate it as much as possible. Vulnerability assessments are usually conducted before and after applying any countermeasures within the organization. This helps with the evaluation process to determine whether the attack surfaces are reduced; it also ensures the proper practices are used and applied correctly.

The blue team is a group of individuals who's responsibilities are to perform security analysis on the information systems of an organization.

When an administrator dealing with security installs a patch on the endpoint security tool, there are chances of manual errors or misconfigurations in the tool that may open a door for a hacker to attack the node.

Periodic vulnerability testing/analysis is essential in such situations.

Vulnerability assessments have the following advantages:

  • Help administrators to keep their data safe from hackers and attackers, which eliminates business risks.
  • Vulnerability assessment tools help administrators to check for loopholes in the network architecture. These tools also examine whether there are any possible destructive actions that can cause damage to your application, software, or network.
  • Vulnerability assessment tools detect attack pathways that may get missed in manual assessment, which increases the ROI.

Before performing a vulnerability assessment, the administrators should create a test plan, develop a threat model and verify the URLs, and access credentials.

There are two ways of conducting a vulnerability assessment. The first one is the automated dynamic scanning and the other is the manual Vulnerability and Penetration Testing (VAPT).

In the automated method, a tool, such as Burp Suite Pro, IBM Rational AppScan, is used to scan the application and find security flaws. The manual testing is performed in the following steps:

  1. Check SQL injection, XML injection, and LDAP injection flaws
  2. Inspect poor authentication methods and cracked login processes
  3. Inspect cookies and other session details
  4. Inspect the default settings in the security configurations in the devices
  5. Inspect broken encryption algorithms and other ciphers to secure the communications

Choose either automatic or manual testing methods to verify the scan results, collect evidence, and complete the reports.

Introduction to an attack

An attack is the process of attempting to steal data, destroy data, gain unauthorized access to a device, or even shut down/disable a system, preventing legitimate users from accessing the resources. An attack can be local, where a malicious user has physical access to the system and either executes a malicious payload or is attempting to gain access into the device. A remote attack requires the malicious user to send a payload over a network connection to the victim device in the hope that the attack would be successful and it would either gain control of the victim device or cause service interruptions (denial of service).

Attacks are mainly distinguished as either:

  • Passive attacks
  • Active attacks

Passive attacks

In a passive attack, the attacker is considered to be in a learning (monitoring) state to understand the details about the potential victim's device, how it performs and operates. This allows the attacker to have a better attack strategy. An example of a passive attack is where an attacker is sniffing the network traffic between a victim machine and its default gateway.

Types of passive attack:

  • Sniffing: Capturing packets unknown to users on the network. The goal is to obtain any sensitive information sent across the network.
  • Port scanning: Checking for open TCP and UDP ports. This will aid the attacker in determining the services running on the target/victim machine.

Active attacks

In an active attack, the attacker may have already done enough reconnaissance on the target device and is ready to execute its exploit against the victim. Sometimes, the attack can be a direct attack, meaning the exploit is sent from the attacker's machine to the target, or an indirect attack, where the attacker compromises another machine, making it a zombie, and using the zombie to pivot all the attacks through it. Therefore, the zombie would seem to be the attacker machine from the view of the victim.

Examples of active attacks include:

  • Denial of Service: This attack focuses on exhausting the resources of a system, therefore legitimate users are not given access to the resource
  • Botnet: The attacker sets up a Command and Control (CnC) server to control all its infected machines (zombies) to carry out malicious activities

Spoofing attacks

In a spoofing attack, the attacker uses false information to pretend to be a legitimate or authorized user/machine. When an attacker attempts to exploit a system or deliver a payload, they have to try to trick the user into falling victim to the attack. Sometimes, changing the source IP address and source MAC address of the packets originating from the attacking machine may trick the potential victim into thinking it's from a legitimate user and may disguise the attack's origins.

Internet protocol – the heart of internet communication

Internet Protocol (IP) is a connection protocol that exists at the Network layer (layer 3) of the Open Systems Interconnection (OSI) reference model. Internet protocol is used to assist routers or any layer 3 devices to forward packets to their corresponding destinations. One main characteristic of internet protocol is its nature of being a connectionless protocol, which means it provides delivery using best effort and is not guaranteed to be delivered to the recipient. Since IP is said to be connectionless, it depends on the upper layers to assist with the delivery of data. The layer above the Network layer is known as the Transport layer. There are two sub protocols, which are used primarily for delivery; these are known as the User Datagram Protocol (UDP) and the Transmission Control Protocol (TCP). An IP packet contains the following: source and destination IP addresses, version (IPv4 or IPv6), Time to Live (TTL) value, protocol (TCP, UDP, or ICMP), and flags.

It is through the forging of this source address that hackers are able to break into the network and mislead communication between the source and the destination. Almost all networks use routers as intermediate devices for the transmission of data. When the data is sent via routers, they identify the destination IP address from the header of the IP datagram to forward the packets to that destination. The source address is ignored by the routers. The source address is used only by the destination machine when a reply is sent back for the received packets.

How is an IP datagram spoofed?

In an IP packet/datagram, the header contains the addressing information, such as the sender's source and the destination's IP address. An IP packet is usually unencrypted, therefore if someone is sniffing the traffic between the sender and the receiver, the contents of the packet and its header information are captured. A malicious user or an attacker can modify the IP address on the IP packets originating from the attacker machine, making it seem to originate from somewhere else, which is known as IP spoofing. It tricks a potential victim into believing the IP packet came from a legitimate or trusted source, but is actually from a malicious user. The operating system has no way of determining whether the IP addresses actually belong to the legitimate machine or not. When the internet protocol was built, security was not a concern at the time, hence IP lacks security features.

There are different types of spoofing attacks:

  • Address Resolution Protocol spoofing
  • DNS spoofing

IP spoofing

Using the following scenario, an attacker sends a specially crafted packet to the web server (200.1.1.1). Within the IP header of the specially crafted packet, it has a source IP address of 203.155.182.1, which belongs to the potential victim machine and not the real IP address of the attacker. When the web server receives the packet and has to respond, it sees the sender's IP address is 203.155.182.1 and sends its response to the victim machine instead of the attacker:

Attackers primarily use IP spoofing as a technique to bypass any filters, access lists, or even security appliances that act as countermeasures for spoofing attacks. The goal is to find a way into a network by tricking the system into believing it's a legit packet.

In this method, the attacker creates IP packets with a fake source IP address to hide the identity of the sender. Attackers use IP spoofing to overcome security measures, such as authentication-based IP networks. Attackers use randomly chosen IP address and spoof the original IP address to perform the DoS attack.

When two computers communicate, information about the IP address is placed on the source field of the packet. In an IP spoofing attack, the source IP address in the packet is not the original IP address of the source computer. By modifying the source IP address, the original sender can make the victim machine think the message originated from another source and therefore the sending machine or the attacker will be protected from being tracked.

Various options where IP spoofing can be used:

  • Scanning
  • Hijacking an online session
  • Flooding

Scanning

Scanning is a process in which a malicious user sends probes to a victim machine to determine TCP/UDP open ports, the type of operating system and version, services running on the victim machine, and vulnerabilities:

During the scanning phase, the attack may notice whether port 80 is open or not on the target device. If port 80 is open, we can determine there is a web server daemon running on the target device. The attacker can then use the Telnet protocol to perform banner-grabbing on the victim using port 80 as the destination port. This will determine the type and version of the web server, whether it's Microsoft IIS, Apache, or even nginx. Knowing this information will aid the attacker in fine-tuning their payload for the target device.

Hijacking an online session

In a session hijacking attack, an attacker can capture the cookie from a user who has logged on to a website and uses data found inside the cookie to also log on to the same website without having to enter a username and password combination. This would allow the attacker to gain access to the user (victim) account details.

The cookie can be captured using either sniffing or man-in-the-middle (MITM) attacks.

Flooding

In a flooding attack, the attacker sends unsolicited packets to the target continuously until the target is overwhelmed. The target will need to process each packet it receives, but due to the high influx of packets received, the target would eventually be unable to respond to a legitimate request from users or perform any further action.

ARP spoofing attacks

In an ARP spoofing attack, the attacker tries to map the MAC address with the IP address of a victim. The attacker can then intercept, steal, or delete the data. An ARP spoofing attack targets the nodes, layer 2 switches, and routers by disturbing the ARP caches of the connected systems:

Hosts A, B, and C are connected to the switch. Host A broadcasts a request (ARP) asking for the MAC address of host B, after host A sends data to host B. The switch receives the broadcast and forwards the request, and when host B receives the ARP request, it fills the ARP cache with the ARP entry and the IP address of host A (10.1.1.1 ) and the MAC address of A (aaaa.aaaa.aaaa.aaaa). When host B replies, host A fills their ARP cache with the IP address of host B (10.1.1.2) and the MAC address of B (bbbb.bbbb.bbbb.bbbb). At the same time, host C tries to poison the ARP cache of hosts A and B by sending some fake ARP messages with the IP address of B and the MAC address of host C (cccc.cccc.cccc.cccc).

Now the ARP cache is poisoned and it uses the destination MAC address of host C (cccc.cccc.cccc.cccc) for the traffic intended for host B. The attacker on host C interrupts the traffic flow between host A and host B, as host C knows the MAC addresses of host A and host B.

Mitigating ARP spoofing attacks

ARP attacks cannot be mitigated straightforwardly; however, proactive measures can be taken against ARP-cache poisoning on your network.

Statically mapping the MAC addresses to the IP address is one approach against the unsolicited dynamic ARP requests sent by an attacker. You can see the ARP cache of a Windows system by simply opening a Command Prompt and typing the arp -a command, as shown:

In situations where network arrangements do not change often, static ARP entries can still be used. This will guarantee that devices will depend on their local ARP cache, as opposed to depending on ARP requests and responses:

  • Monitoring ARP traffic: The other method of protecting against the ARP cache is monitoring the network traffic of hosts. This should be possible with a couple of interruption-based identification frameworks and utilities.
  • Dynamic ARP inspection: This is one of the security features that verifies the ARP packet. Dynamic ARP inspection verifies, stores log information, and rejects all the invalid ARP bindings. Dynamic ARP inspection will be explained in more depth in the following chapters.

The DHCP process

Whenever a client connects to a network, it automatically searches for a Dynamic Host Configuration Protocol (DHCP) server. A DHCP server is used to primarily distribute an IP address, subnet mask, default gateway, and Domain Name System (DNS) server configurations to clients. When the client connects, it broadcasts a DHCPDISCOVER message with a destination MAC address of FFFF.FFFF.FFFF and a destination port of 67

The following is the DHCP four (4) way handshake:

Port 67 is open on the DHCP server. A client uses 68 as the source port.

The DHCP server will respond, send a unicast DHCP Offer message back to the client with potentially usable IP configurations. The client will return a DHCPREQUEST back to the DHCP server, letting the server know it's going to accept the IP configurations from the previous message. They will send a DHCP Acknowledgement message to confirm the IP information the client is going to use for network communication.

A simple method to remember the DHCP process is to use an acronym. So D from Discover, O from Offer, R from Request, and A from Acknowledgement. Putting it all together, it spells DORA.

Why DHCP snooping?

DHCP snooping is a feature that exists on a switch. It creates two types of ports: trusted and untrusted. When DHCP snooping is enabled on a switch, all ports are labeled as untrusted, and this prevents any DHCP Offer and DHCP ACK messages from entering the switch. However, the port that is connected to the DHCP server should be configured manually as a trusted port. The trusted port allows the DHCP Offer and DHCP ACK messages to enter the switch.

The DHCP snooping feature is a countermeasure against any rogue DHCP server that may be attached to the network infrastructure.

DHCP snooping is enabled on the VLAN level on a switch.

Trusted and untrusted sources

At times, a malicious user may attempt to install a rogue DHCP server on the network in the hope that potential client devices become victims. We need to remember a few things about the DHCP server: it provides the IP address, subnet mask, default gateway, and DNS server configurations to clients. The default gateway is used to forward traffic destined for a network outside of the LAN, and the DNS server resolves hostnames and IP address. What if the clients are using another default gateway and/or a compromised DNS server with false DNS entries? The following table shows the switches and the classification of ports as trusted/untrusted:

Switches

Ports

F1/3 of switch

Trusted port

F1/1 of switch

Untrusted port

F1/2 of switch

Untrusted port

When the DHCP snooping features are configured on a Cisco switch, it immediately converts all ports to become untrusted ports. An untrusted port prevents any DHCP Offer and DHCP ACK messages from entering the switch port. However, the port that the DHCP server is connected to must be manually configured as a trusted port:

DHCP trust zone

The following describes how the DHCP snooping feature actually functions:

  1. The DHCP snooping is enabled with the switch, the untrusted ports will forward only DHCPDISCOVER and DHCPREQUEST packets to the DHCP Server. The trusted port would only forward DHCP Offer and DHCP Ack packets back to the DHCP client.
The DHCP server must be connected to a trusted port on the switch.
  1. When the attacker sends multiple fake DHCPDISCOVER messages to the server, the CPU utilization of the DHCP server goes up, and at some point the server will be out of IP addresses for that particular network in its pool. To avoid this, the DHCP snooping feature rate limits the DHCP traffic from trusted and untrusted sources so that only one DHCPDISCOVER message can be sent by the client.
  2. If any untrusted port exceeds the number of DHCPREQUEST messages, the port goes into an err-disabled state.
  3. When DHCP snooping is enabled and configured, the switch maintains a DHCP snooping database that is used to keep track of untrusted sources, their leased IP address, and all the other TCP/IP settings.
  4. DHCP snooping can also be enabled for a particular VLAN of the switch interface. By default, it is disabled on all the VLAN interfaces.

A DoS attack is a process by which an attacker tries to create a disturbance in the network by triggering unwanted traffic, and this disables the network. The objective of this attack is to not allow network services to be available to legitimate users.

DoS attacks look legitimate, but the size of the traffic might increase to a level that cannot be managed by the victim, for example:

  • Ping of Death (PoD): Sending continuous ICMP messages that cause the victim to crash or be unable to respond to legitimate requests
  • TCP SYN flood: Simply creating a half-open TCP session on the victim server, thereby halting the services offered by the victim

Ping of Death

The Internet Control Message Protocol (ICMP) can be used to check basic network connectivity between two devices. Attacks can manipulate the size of the ICMP message to be greater than the normal size. A simple utility that uses the ICMP is known as ping.

If an attacker sends a ping of 65,536 bytes or greater to another device on a network, it will cause the recipient machine (victim) to crash. This type of attack is known as Ping of Death.

Let's take a look at the following diagram to better understand what takes place:

In this diagram, the victim that receives the fragmented packets will do the reassembly only to find that the final packet is greater than 65,536 bytes. Not knowing what to do with the packet, the system crashes or malfunctions, resulting in its inability to provide service to the legitimate users.

TCP SYN flood attacks

In most instances, whenever two devices want to communicate, they use the TCP protocol to ensure the message reaches both devices. The first process is known as the TCP three-way handshake. Once the handshake is completed, then data is allowed to flow between both devices. In a TCP SYN flood attack, the attacker sends a constant stream of SYN packets to the victim:

On the victim's end, for every SYN packet received, it must reply with an SYN/ACK packet. The attacker would receive this SYN/ACK packet but would not respond to it, therefore creating a lot of half-open connections on the victim machine. Remember, the attacker is continuously sending TCP SYN packets, which would eventually cause the victim's machine to exhaust its resources and not be able to create any future connections with other devices as long as the attack continues.

Password attacks

In a password attack, the attacker tries to obtain the password of a user account, an encrypted file, or even a network. The purpose can vary based on the attacker's intent. In doing so, there are a variety of different methods for attempting to gain the password of another person:

  • Brute force attack: In a brute force attack, every possible combination of characters is attempted against the protected data until the correct combination is found. A brute force attack has the highest possibility of cracking the password; however, the downside is the length of time it may take before the password is found.
  • Dictionary attack: This attack uses a password list to reference when attempting to crack the password. This attack may not always be a good choice since the success of the attack is only as good as the words that are in the actual wordlist of the password file.
  • Keylogger: A keylogger can be either software- or hardware-based. The primary purpose of a keylogger is to capture keystrokes. This can be useful in capturing an unsuspecting user's password for a secure website, such as their online banking user account information.
  • Trojan Horse: A Trojan Horse is a type of malware that disguises itself to look like a trusted program/software to trick its potential victims into installing it. Once installed, the actual malicious payload installs itself in the background and stays hidden from the victim. The payload can also be a software keylogger configured to send logs of data remotely back the attacker.

The main concept behind this attack is the weakness of the human mind in creating a strong password which contains alphanumeric characters, upper and lower cases with number(s) and a special character. This is sometimes an amateur way of obtaining critical information from users, such as bank account details, credit card PIN, or other confidential data. As a prerequisite, the attacker tries to look legitimate and provides information that looks real from a victim's perspective.

Different types of social engineering attacks can be seen:

  • Phishing: This attack uses email as the mechanism through which an attacker disguised as a legitimate organization tries to get critical details, such as banking passwords.
  • Vishing: This attack uses phones, through which the attacker tries to converse like a person from a legitimate organization and get critical details from the victim.
  • Spear phishing: This attack is similar to phishing, but it focuses on a particular target from whom the attacker will steal information. It is important to note that the attacker gathers some information about the particular victim prior to launching this attack so that it looks like a particular email sent to the victim is legitimate, for example, targeting the CEO of an organization.
  • Pharming: This is an attack where a rogue DNS server provides the wrong DNS IP for a particular URL, which leads the victim to a malicious site. Also, this can be done by injecting some incorrect DNS mappings into the host file on the Windows machine.
  • Smishing: This attack uses SMS instead of email.

Buffer overflow attacks

In programming, a buffer is an area that is used to store data temporarily during program execution. The size of the buffer is usually fixed. Once the program closes, the contents of the buffer are also cleared. In a buffer overflow attack, the buffer is filled with more data than it can handle, causing the program to behave abnormally. Attackers use this attack to gain reverse shells into a victim machine by injecting shellcode as the payload.

Malware

Malware is any malicious software that can cause harm to any computing system or network. A piece of malware may have multiple functions, such as wiping data from a hard drive, capturing screenshots of the victim's monitor, or even creating a backdoor.

Some types of malware include:

  • Viruses
  • Crypto-malware, ransomware
  • Worms
  • Trojan Horse
  • Rootkit
  • Keylogger
  • Adware/spyware
  • Botnet

Network security tools

A tool is only as good as its wielder. There are many network security tool out there; some categories include tools for reconnaissance to help gather information on DNS, email addresses, and SNMP. At our fingertips, there's Nmap (Network Mapper), https://nmap.org, for exploitation development; the famous Metasploit from Rapid 7 (https://www.rapid7.com/products/metasploit/), for sniffing; Wireshark (https://www.wireshark.org/); and most importantly, one of the most advanced penetration platforms, Kali Linux (https://www.kali.org/) from Offensive Security.

We always need to remember hackers, network administrators, and cyber security professionals use network tools for different purposes. A white-hat hacker may use it to find vulnerabilities on a network before the black-hat hacker finds and exploits them. A penetration tester is trying to find and exploit any weakness in a network because it's their job.

Wireshark

Wireshark is referred to as the best protocol analyzer/sniffer. It has the ability to display all the Protocol Data Units (PDUs) for the four layers of the TCP/IP stack. Wireshark is a free tool for both Windows and Linux operating systems. It has the ability to see all the conversations/network traffic passing along a network segment:

To start a capture on Wireshark, simply open it and click on Capture | Options, then select the interface you want to capture traffic on. Now, click on Start.

Wireshark can be found at https://www.wireshark.org/.

Metasploit

Metasploit is an exploitation development framework. This is a free tool for students and people who want to learn hacking in an ethical manner. The tool can be used with both Windows and Linux:

This is the Command Prompt from which Metasploit can be used. The console is referred to as msf.

Kali Linux

Kali Linux is a penetration testing Linux distribution. It was created by Offensive Security as the successor to the famous BackTrack. Kali Linux is a single operating system with all the possible tools and utilities needed for conducting a penetration test and forensics.

The amazing benefit of this distro is that it can be installed on a virtual machine, on a hard drive, it can be live-booted via USB, and can be installed on mobile devices, such as the Google Nexus, OnePlus smartphones, and the Raspberry Pi computer.

There are many categories of tools, such as information-gathering, scanners, password-cracking, exploitation development, post-exploitation, and forensics. The possibilities with Kali Linux are endless.

Summary

In this chapter, we took a look at the CIA triad and its importance, network security terminologies, types of attacks, how IP works and its vulnerabilities to network attack, and some security tools.

In the next chapter, we will look at the uses of different types of firewall and the significance of IPS in network security.

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • •Enhance your skills in network security by learning about Cisco’s device configuration and installation
  • •Unlock the practical aspects of CCNA security to secure your devices
  • •Explore tips and tricks to help you achieve the CCNA Security 210-260 Certification

Description

With CCNA Security certification, a network professional can demonstrate the skills required to develop security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats. The CCNA Security 210-260 Certification Guide will help you grasp the fundamentals of network security and prepare you for the Cisco CCNA Security Certification exam. You’ll begin by getting a grip on the fundamentals of network security and exploring the different tools available. Then, you’ll see how to securely manage your network devices by implementing the AAA framework and configuring different management plane protocols. Next, you’ll learn about security on the data link layer by implementing various security toolkits. You’ll be introduced to various firewall technologies and will understand how to configure a zone-based firewall on a Cisco IOS device. You’ll configure a site-to-site VPN on a Cisco device and get familiar with different types of VPNs and configurations. Finally, you’ll delve into the concepts of IPS and endpoint security to secure your organization’s network infrastructure. By the end of this book, you’ll be ready to take the CCNA Security Exam (210-260).

Who is this book for?

CCNA Security 210-260 Certification Guide can help you become a network security engineer, a cyber security professional, or a security administrator. You should have valid CCENT or CCNA Routing and Switching certification before taking your CCNA Security exam.

What you will learn

  • •Grasp the fundamentals of network security
  • •Configure routing protocols to secure network devices
  • •Mitigate different styles of security attacks using Cisco devices
  • •Explore the different types of firewall technologies
  • •Discover the Cisco ASA functionality and gain insights into some advanced ASA configurations
  • •Implement IPS on a Cisco device and understand the concept of endpoint security
Estimated delivery fee Deliver to United States

Economy delivery 10 - 13 business days

Free $6.95

Premium delivery 6 - 9 business days

$21.95
(Includes tracking information)

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Jun 15, 2018
Length: 518 pages
Edition : 1st
Language : English
ISBN-13 : 9781787128873
Vendor :
Cisco
Tools :

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Estimated delivery fee Deliver to United States

Economy delivery 10 - 13 business days

Free $6.95

Premium delivery 6 - 9 business days

$21.95
(Includes tracking information)

Product Details

Publication date : Jun 15, 2018
Length: 518 pages
Edition : 1st
Language : English
ISBN-13 : 9781787128873
Vendor :
Cisco
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 120.97
CCNA Routing and Switching 200-125 Certification Guide
$43.99
CCNA Security 210-260 Certification Guide
$43.99
CCENT/CCNA: ICND1 100-105 Certification Guide
$32.99
Total $ 120.97 Stars icon
Banner background image

Table of Contents

18 Chapters
Exploring Security Threats Chevron down icon Chevron up icon
Delving into Security Toolkits Chevron down icon Chevron up icon
Understanding Security Policies Chevron down icon Chevron up icon
Deep Diving into Cryptography Chevron down icon Chevron up icon
Implementing the AAA Framework Chevron down icon Chevron up icon
Securing the Control and Management Planes Chevron down icon Chevron up icon
Protecting Layer 2 Protocols Chevron down icon Chevron up icon
Protecting the Switch Infrastructure Chevron down icon Chevron up icon
Exploring Firewall Technologies Chevron down icon Chevron up icon
Cisco ASA Chevron down icon Chevron up icon
Advanced ASA Configuration Chevron down icon Chevron up icon
Configuring Zone-Based Firewalls Chevron down icon Chevron up icon
IPSec – The Protocol that Drives VPN Chevron down icon Chevron up icon
Configuring a Site-to-Site VPN Chevron down icon Chevron up icon
Configuring a Remote-Access VPN Chevron down icon Chevron up icon
Working with IPS Chevron down icon Chevron up icon
Application and Endpoint Security Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.1
(22 Ratings)
5 star 54.5%
4 star 18.2%
3 star 18.2%
2 star 0%
1 star 9.1%
Filter icon Filter
Top Reviews

Filter reviews by




rasheed mohammed Jan 14, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book is well written. it is clear, concise and provides a step-by-step approach administering Cisco security features on their devices. It is clear that the authors were pragmatic in their approach. From beginners to advanced users, i think every user can appreciate such a thoughtful and thorough approach to helping you better understand CCNA Security principles.
Amazon Verified review Amazon
vik Jul 18, 2018
Full star icon Full star icon Full star icon Full star icon Full star icon 5
great guide on network security in's and out's
Amazon Verified review Amazon
Eric DJ Oct 24, 2018
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Love it
Amazon Verified review Amazon
ravi seetaram Jul 21, 2018
Full star icon Full star icon Full star icon Full star icon Full star icon 5
very good book. Topics are very easy to understand with this book
Amazon Verified review Amazon
Chris Oct 25, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Keep up the good work!!!
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is the delivery time and cost of print book? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
What is custom duty/charge? Chevron down icon Chevron up icon

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order? Chevron down icon Chevron up icon

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges? Chevron down icon Chevron up icon

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

  • If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
  • Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.
How can I cancel my order? Chevron down icon Chevron up icon

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact [email protected] with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at [email protected] using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy? Chevron down icon Chevron up icon

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on [email protected] with the order number and issue details as explained below:

  1. If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on [email protected] within one hour of placing the order and we will replace/refund you the item cost.
  2. Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on [email protected] who will be able to resolve this issue for you.
  3. You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
  4. Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
  5. If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
  6. Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on [email protected] within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged? Chevron down icon Chevron up icon

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use? Chevron down icon Chevron up icon

You can pay with the following card types:

  1. Visa Debit
  2. Visa Credit
  3. MasterCard
  4. PayPal
What is the delivery time and cost of print books? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela