Szerkesztő:LinguisticMystic/ru/безопасность/1

01.1. Current

🌍 1. Networks Are Targets

• Networks are routinely under attack, with frequent news about breaches.
• Tools like the Kaspersky Cyberthreat Real-Time Map provide live tracking of ongoing attacks globally.
• Other cyberthreat maps and monitoring tools are available for real-time insights.

🔒 2. Reasons for Network Security

• Network security is crucial for business continuity and protecting sensitive information.
• Breaches can disrupt e-commerce, cause data loss, compromise privacy, and lead to financial losses and legal issues.
• Security tools and intelligence platforms like the Cisco Talos Intelligence Group provide resources for identifying and mitigating threats.
• Cisco’s Product Security Incident Response Team (PSIRT) investigates and addresses vulnerabilities in Cisco products.

⚔️ 3. Vectors of Network Attacks

• Attack vectors are paths used by threat actors to gain access to a network.
• These attacks can originate from external sources (internet) or internal sources (employees).
• External threats: Denial-of-Service (DoS) attacks, malware, phishing.
• Internal threats: Unauthorized data access, misuse of privileges, connecting infected devices.
• Internal threats can be more damaging due to direct access to the network and sensitive data.

📉 4. Data Loss

• Data is one of the most valuable assets for an organization.
• Data loss (or exfiltration) occurs when sensitive data is intentionally or unintentionally leaked.
• Consequences include:
  • Brand damage and loss of reputation.
  • Loss of competitive advantage.
  • Loss of customers and revenue.
  • Legal penalties and significant recovery costs.
• Common vectors for data loss:
  • Email/Social Networking: Intercepted messages can reveal sensitive information.
  • Unencrypted Devices: Stolen devices without encryption can expose valuable data.
  • Cloud Storage: Poorly secured cloud environments can lead to data breaches.
  • Removable Media: Unauthorized transfers to USB drives or lost drives.
  • Hard Copy: Improper disposal of physical documents.
  • Improper Access Control: Weak or compromised passwords provide easy access.

🎬 5. Video - Anatomy of an Attack

• This section includes a video illustrating how a threat actor gains access to a network, steals data, and damages systems due to weak security measures.

01.2. Network Topology Overview

---

🏫 1. Campus Area Networks (CANs)

• Definition: Interconnected LANs within a limited geographic area, typically an enterprise or school campus.
• Defense-in-Depth: Multiple layers of defense to secure the network from outside and inside threats.
• Key Security Features:
  • VPN: Cisco ISRs protect data in transit by establishing secure VPNs for confidentiality and integrity.
  • ASA Firewall: Cisco Adaptive Security Appliance performs stateful packet filtering.
  • IPS: Intrusion Prevention Systems monitor and block malicious activities.
  • Layer 3 Switches: Secured distribution switches with features like ACLs, DHCP snooping, Dynamic ARP Inspection (DAI), and IP Source Guard.
  • Layer 2 Switches: Access switches hardened with port security and 802.1X user authentication.
  • ESA/WSA: Email and Web Security Appliances provide threat defense and application control.
  • AAA Server: Manages authentication, authorization, and accounting.
  • Hosts: Secured endpoints with antivirus, antimalware, and 802.1X authentication.

---

🏠 2. Small Office and Home Office (SOHO) Networks

• Definition: Small-scale networks for remote work or home businesses.
• Key Security Features:
  • Consumer-Grade Router: Provides basic firewall and secure wireless features.
  • Wireless Encryption: WPA2 ensures secure wireless connections.
  • Layer 2 Switch: Hardened access switch with port security.
  • Endpoint Protection: Devices equipped with antivirus and antimalware software.

---

🌍 3. Wide Area Networks (WANs)

• Definition: Networks spanning large geographic areas, often over the internet.
• Key Security Features:
  • VPN Tunnels: Secure transport of data between sites using IPsec.
  • ASA Firewall: Secures the main site and establishes VPN connections with remote sites.
  • Cisco ISR: Used at branch sites for always-on VPN connections.
  • Teleworker VPN: Mobile workers use Cisco AnyConnect to establish secure VPN connections.

---

🏢 4. Data Center Networks

• Definition: Off-site facilities that store sensitive business-critical data.
• Physical Security:
  • Outside Perimeter: Security officers, fences, gates, surveillance cameras, breach alarms.
  • Inside Perimeter: Motion detectors, security traps, biometric access.
• Security Trap: An airlock-like system requiring badge ID and biometric verification for access.
• Key Security Features:
  • ASA and Virtual Security Gateway: Secure segmentation between virtual machines.
  • IPS: Threat defense using threat intelligence and contextual analysis.
  • Visibility: Cisco Security Manager provides operational visibility and compliance reporting.

---

☁️ 5. Cloud Networks and Virtualization

• Definition: Cloud computing extends capacity without adding physical infrastructure.
• Key Concepts:
  • Virtualization: Separates OS from hardware, allowing multiple virtual machines (VMs) on one server.
  • Cloud: Extends infrastructure outside the traditional network perimeter.
• Security Risks:
  • Hyperjacking: Hijacking the VM hypervisor to attack other devices.
  • Instant On Activation: Outdated security policies when dormant VMs are reactivated.
  • Antivirus Storms: Simultaneous AV updates from multiple VMs.

---

🚶 6. The Evolving Network Border

• BYOD Trend: Bring Your Own Device allows employees to use personal devices for work.
• Borderless Network: Cisco’s solution for secure access from various locations and devices.
• Mobile Device Management (MDM): Secures and monitors mobile devices, including:
  • Data Encryption: Ensures only encrypted devices access the network.
  • PIN Enforcement: Prevents unauthorized access.
  • Data Wipe: Remotely erases data from lost or stolen devices.
  • Jailbreak/Root Detection: Detects and restricts compromised devices.

---

✅ 7. Check Your Understanding - Network Topology Protection Overview

Quiz Highlights: 1. Which network type consists of interconnected LANs in a limited area? – Campus Area Network (CAN)
2. Which network type uses a consumer-grade router for basic security? – SOHO
3. Which network type includes redundant air conditioning and security traps? – Data Center

---

01.3. Securing Networks Summary

🌐 1. Current State of Affairs

• Importance of Network Security: Critical for business continuity, protecting sensitive data, privacy, and information integrity.
• Consequences of Breaches: Can lead to data loss, revenue impact, lawsuits, and compromised safety.
• Tools and Resources: Security platforms like Cisco Talos provide intelligence to mitigate threats.
• Attack Vectors: Threats can originate from external sources (e.g., DoS attacks) or internal sources (e.g., insider threats).
• Data Loss Prevention (DLP): Implementing strategic, operational, and tactical controls to prevent data exfiltration.

---

🏛️ 2. Network Topology Overview

• Types of Networks: CAN, SOHO, WAN, Data Center, and Cloud Networks.
• Defense-in-Depth: Multi-layered approach to secure networks from external and internal threats.
• Key Security Features:
  • VPN: Protects data in transit with encryption.
  • ASA Firewall: Stateful packet filtering to block unauthorized access.
  • IPS: Monitors and blocks malicious activities.
  • Layer 2 & 3 Switches: Hardened with features like ACLs, DHCP snooping, and port security.
  • AAA Server: Manages user authentication, authorization, and accounting.
  • Endpoint Protection: Antivirus, antimalware, and 802.1X authentication for devices.

---

📜 3. Key Takeaways

• Vigilance is Crucial: Constant monitoring and adaptation to new threats are necessary for network security.
• Data Protection: Using encryption, access controls, and DLP measures to protect sensitive information.
• Network Segmentation: Ensuring secure segmentation between different parts of the network.
• Secure Device Access: Implementing strong authentication and limiting administrative privileges.
• BYOD and MDM: Managing personal devices securely using Mobile Device Management (MDM) tools.

---

🎓 4. Module Quiz Highlights

1. What security measure is typically found inside and outside a data center? – Continuous video surveillance.
   
2. Which technology is commonly used by teleworkers for secure access? – VPN.
   
3. What is the most valuable asset of an organization in network security? – Data.
   
4. What technology secures and manages mobile devices? – MDM (Mobile Device Management).