Cloud & Networking
Reader small image

You're reading from  Implementing and Administering Cisco Solutions: 200-301 CCNA Exam Guide

Product typeBook
Published inNov 2020
PublisherPackt
ISBN-139781800208094
Edition1st Edition
Tools
Cisco UCS
Concepts
Network Security
Right arrow
Author (1)
Glen D. Singh
Glen D. Singh
author image
Glen D. Singh

Glen D. Singh is a cybersecurity author, educator and SecOps professional. His areas of expertise are cybersecurity operations, offensive security tactics and techniques, and enterprise networking. He holds a Master of Science (MSc) in cybersecurity and many industry certifications from top awarding bodies such as EC-Council, Cisco, and Check Point. Glen loves teaching and mentoring others while sharing his wealth of knowledge and experience as an author. He has written many books, which focus on vulnerability discovery and exploitation, threat detection, intrusion analysis, incident response, network security, and enterprise networking. As an aspiring game changer, Glen is passionate about increasing cybersecurity awareness in his homeland, Trinidad and Tobago.
Read more about Glen D. Singh

Right arrow

Chapter 11: Exploring Network Security

Designing and implementing a network without security in mind is like leaving all of the windows and doors open at home when you go out. An unauthorized visitor can simply access your personal space and remove your valuables, simply because all points of entry are open. The same concepts should be applied to a network; security is one of the most important factors a network engineer should always remember when designing any network.

During the course of this chapter, we'll look at how to identify various threat actions and attacks, understand the need for network security on an enterprise network, and understand how to develop a security program to improve user awareness and training.

In this chapter, we will cover the following topics:

  • Security concepts (threats, vulnerabilities, and exploits)
  • Password management
  • Vulnerability assessment tools
  • Authentication, Authorization, and Accounting (AAA)
  • Wireshark 101...

Technical requirements

To follow along with the exercises in this chapter, please ensure that you meet the following hardware and software requirements:

The code files for this chapter are available at https://github.com/PacktPublishing/Implementing-and-Administering-Cisco-Solutions/tree/master/Chapter%2011.

Check out the following video to see the Code in Action:https://bit.ly/361vb7B

Security concepts

As a network professional, our primary responsibility is to ensure all devices have end-to-end connectivity. However, with the rise of cyber-crime, organizations must ensure their assets are well protected from cybercriminals trying to compromise systems and networks.

When designing a security network, it's important to first identify all assets within the organization. An asset is simply anything that is valuable to an organization. Assets are usually broken down into the following categories:

  • Tangible
  • Intangible
  • People

Tangible assets are items that are physically within the organization such as furniture, computers, servers, network devices, and components. These assets usually store data about the organization and sometimes contain system logs that are useful during an incident. Intangible assets are items that are non-physical—these include intellectual property, procedures, data, and anything digital that is worth value...

Authentication, Authorization, and Accounting

Implementing AAA within a network is very important to ensure authorized persons can access a system or network. The appropriate privileges or user rights are granted to the user, and each action performed by the user is accounted for. Let's imagine your organization has multiple network devices such as switches, routers, and firewalls at various remote branches and at headquarters locations. Your team of IT professionals is responsible for ensuring the IT infrastructure of the organization is well maintained and operating efficiently. Since each IT professional may be required to log in to various network devices, a user account containing the appropriate privileges is required for each user.

Creating individual user accounts for each user for each device is a tedious and redundant task. Imagine a user has to change their password; this means the password for the user account has to be manually changed on each individual device...

Elements of a security program

Often when designing a security network, we forget to train all users within the organization on cybersecurity awareness. Not all corporate users are able to identify threats and attacks or perhaps understand what procedures should be taken if their computer gets infected with a virus. Therefore, it's important to design a proper security program to train all users within the organization.

User awareness is a key factor of any security program. This element teaches a user about the importance of confidentiality to keep data safe and secure it from unauthorized persons. Users should be taught about potential threats and attacks and procedures on how to report a security incident within the organization.

Continual user training is important to make sure each user is made aware of any updates to the security training program and ensuring they are familiar with the security policies and procedures within the organization.

Physical access control...

Wireshark 101

Wireshark is one of the most popular network protocol analyzers and sniffers within the networking and cybersecurity industry. This tool allows a network engineer to dissect each message and determine whether it's a frame or packet as it passes through a network, hence allowing network engineers and cybersecurity professionals to perform various tasks such as packet analysis and network forensics.

Tip

To download Wireshark, please visit the URL: https://www.wireshark.org/.

Furthermore, Wireshark allows you to see all the details contained within a message, such as source and destination IP addresses, MAC addresses, and Transport layer information such as ports and protocols. Such information is very useful whether you're troubleshooting an issue on the network or looking for any abnormal behavior on network traffic.

The following is a brief list of how to's with Wireshark:

  • To capture network packets between your computer and their...

Summary

In this chapter, you have learned about the importance of information security and the need to protect all assets within an organization. We have covered the various types of threats, vulnerabilities, and attacks. Furthermore, we've discussed the importance of implementing AAA within an organization to help manage user access on a corporate network.

I hope this chapter has been informative for you and is helpful in your journey toward learning how to implement and administrate Cisco solutions and prepare for the CCNA 200-301 certification. In the next chapter, Configuring Device Access Controls and VPNs, you will learn how to secure your network devices and learn about Virtual Private Networks (VPNs).

Questions

The following is a short list of review questions to help to reinforce your learning and identify which areas you might need to work on:

  1. Which of the following is an example of an intangible asset?

    A. Computer

    B. Operation procedures

    C. Customer

    D. Employee

  2. Ensuring a message is not altered during transmission between a source and destination is referred to as which of the following?

    A. Hashing

    B. Confidentiality

    C. Integrity

    D. Availability

  3. Which of the following best describes a person who doesn't fully understand how to perform hacking techniques but follows the instructions given by real hackers?

    A. Hobbyist

    B. Disgruntled employee

    C. Insider threat

    D. Script kiddie

  4. A hacker is attempting to trick people into clicking a malicious link with a text message. What type of attack is this?

    A. Smishing

    B. Vishing

    C. Phishing

    D. Spear phishing

  5. An attacker decided to compromise a DNS server to redirect all users to a malicious domain in the hope the unsuspecting user...
lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 17 of 26
Next Chapter
You have been reading a chapter from
Implementing and Administering Cisco Solutions: 200-301 CCNA Exam Guide
Published in: Nov 2020Publisher: PacktISBN-13: 9781800208094
© 2020 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Author (1)

author image
Glen D. Singh

Glen D. Singh is a cybersecurity author, educator and SecOps professional. His areas of expertise are cybersecurity operations, offensive security tactics and techniques, and enterprise networking. He holds a Master of Science (MSc) in cybersecurity and many industry certifications from top awarding bodies such as EC-Council, Cisco, and Check Point. Glen loves teaching and mentoring others while sharing his wealth of knowledge and experience as an author. He has written many books, which focus on vulnerability discovery and exploitation, threat detection, intrusion analysis, incident response, network security, and enterprise networking. As an aspiring game changer, Glen is passionate about increasing cybersecurity awareness in his homeland, Trinidad and Tobago.
Read more about Glen D. Singh

Other recommended products

Related to this chapter

CCENT/CCNA: ICND1 100-105 Certification Guide

CCENT/CCNA: ICND1 100-105 Certification Guide

CCENT is the entry-level certification for those looking to venture into the networking world. This book is designed to help you prepare for the ICND Part 1 (100 – 105) exam, thus obtaining the CCENT certification. Apart from learning computer network essentials, you will be able to enhance your networking skills by learning switching and routing, troubleshooting, security, and more

BookApr 2018362 pages
Cisco Certified CyberOps Associate 200-201 Certification Guide

Cisco Certified CyberOps Associate 200-201 Certification Guide

The Cisco Certified CyberOps Associate 200-201 certification exam helps you gain the skills and knowledge needed to prevent, detect, analyze, and respond to cybersecurity incidents. This book offers complete up-to-date coverage of the 200-201 exam so you can confidently pass first time while getting hands-on cybersecurity experience.

BookJun 2021660 pages
CCNA Security 210-260 Certification Guide

CCNA Security 210-260 Certification Guide

With a CCNA Security certification, you can demonstrate the skills required to develop a security infrastructure, recognize threats to networks, and mitigate security threats. Geared towards Cisco Security, the practical aspects of this book will help you clear the CCNA Security Exam (210-260) by increasing your knowledge of Network Security.

BookJun 2018518 pages
CCNA Routing and Switching 200-125 Certification Guide

CCNA Routing and Switching 200-125 Certification Guide

Cisco Certified Network Associate (CCNA) Routing and Switching is one of the most important certificates in order to stay up-to-date with networking skills. This Certification Guide covers everything you need to know in order to pass the CCNA Routing and Switching 200-125.

BookOct 2018504 pages
CompTIA Network+ Certification Guide

CompTIA Network+ Certification Guide

CompTIA Network+ Certification Guide makes the most complex Network+ concepts easy to understand despite having no prior knowledge. It offers exam tips in every chapter along with access to practical exercises and exam checklist that map to the exam objectives and it is the perfect study guide to help you pass CompTIA Network+ exam.

BookDec 2018422 pages
Implementing Cisco Networking Solutions

Implementing Cisco Networking Solutions

Most enterprises use Cisco networking equipment to design and implement their networks. However, some networks outperform networks in other enterprises in terms of performance and meeting new business demands, because they were designed for the present while keeping the future in mind. This book talks about how to design and implement enterprise networks for small to mid-size organizations efficiently and effectively, so that the network design can accommodate newer demands from the users in a seamless manner, ranging from adding more branches/ users to adding new services, and evaluating and implementing new technologies to optimize costs, or enhance the user experience.

BookSep 2017436 pages5
Networking Fundamentals

Networking Fundamentals

Networks are a collection of computers, servers, mobile devices or other computing devices connected with a view to sharing data. This book will help you get well-versed with the basic concepts of networking and will help you to pass Microsoft's MTA Networking Fundamentals Exam 98-366

BookDec 2019510 pages
Learn Kali Linux 2019

Learn Kali Linux 2019

The current trend of various hacking and security breaches displays how important it has become to pentest your environment, to ensure end point protection. This book will take you through the latest version of Kali Linux to efficiently deal with various crucial security aspects such as confidentiality, integrity, access control and authentication.

BookNov 2019550 pages
MCSA Windows Server 2016 Certification Guide: Exam 70-741

MCSA Windows Server 2016 Certification Guide: Exam 70-741

This practical certification guide covers the most important exam objectives in exam 70-741. Additionally, this certification guide will come in handy when preparing to take exam 70-743.

BookApr 2019182 pages
Advanced Infrastructure Penetration Testing

Advanced Infrastructure Penetration Testing

This book is a hands-on experience and a comprehensive understanding of advanced penetration testing techniques and vulnerability assessment and management. It takes you far beyond common techniques to compromising complex network devices , modern operating systems and help you secure high security environments.

BookFeb 2018396 pages
Cisco ACI Cookbook

Cisco ACI Cookbook

Cisco ACI cookbook is a step by step guide that simplifies the complex Cisco Application Centric Infrastructure for you. Using the practical recipes in this book you can efficiently develop and adapt hybrid environments for your organisation. This book provides an all-round idea of Cisco ACI and will enable you to develop skills using which you can automate IT tasks efficiently.

BookMay 2017424 pages
Practical Network Automation

Practical Network Automation

Network automation is the process of automating the management and functionality of computer networks. Numerous tools, methodologies, and technologies are used to automate a network; this book covers all these functionalities.

BookNov 2017266 pages

Personalised recommendations for you

Based on your interests and search pattern

Designing and Implementing Microsoft Azure Networking Solutions

Designing and Implementing Microsoft Azure Networking Solutions

Designing and Implementing Microsoft Azure Networking Solutions Exam Ref AZ-700 is an all-encompassing guide to the AZ-700 exam and contains all the information you need to succeed in the world of virtual networking with Azure. With this book, you will be fully prepared for the exam and the world of cloud networking.

BookAug 2023524 pages
Microsoft 365 Security, Compliance, and Identity Administration

Microsoft 365 Security, Compliance, and Identity Administration

The Microsoft 365 Security, Compliance, and Identity Administration is a comprehensive guide that helps you employ Microsoft 365's robust suite of features and empowers you to optimize your administrative tasks.

BookAug 2023630 pages
Zero Trust Overview and Playbook Introduction

Zero Trust Overview and Playbook Introduction

Get started on Zero Trust with this step-by-step playbook and learn everything you need to know for a successful Zero Trust journey with tailored guidance for every role, covering strategy, operations, architecture, implementation, and measuring success. This book will become an indispensable reference for everyone in your organization.

BookOct 2023240 pages
The Self-Taught Cloud Computing Engineer

The Self-Taught Cloud Computing Engineer

This self-study book helps you master multiple clouds, including AWS, Azure, and GCP, and serves as a roadmap to becoming a certified cloud computing expert. The book will guide you to develop a professional cloud career by helping you build a broad cloud knowledge base, developing hands-on cloud computing skills, and getting cloud certified.

BookSep 2023472 pages
Technology Operating Models for Cloud and Edge

Technology Operating Models for Cloud and Edge

This book will help you build and create ownership of a technology operating model, as well as connect your leadership with engineering and operations, keeping your internal and external customers in mind. It provides practical tips on why, where, and how to make the cloud and edge platform paradigm sing for you, your team, and your organization.

BookAug 2023228 pages
Azure Architecture Explained

Azure Architecture Explained

Azure is the preferred platform to build mission-critical and secure apps. This book provides comprehensive coverage of essential Azure products, services, and solutions vital for every solution architect's success. Elevate your knowledge and master the critical components of Azure to excel in your role with Azure Architecture Explained.

BookSep 2023446 pages
Pentesting Active Directory and Windows-based Infrastructure

Pentesting Active Directory and Windows-based Infrastructure

This practical guide helps you explore the pentesting of Microsoft infrastructure in detail, and enhances your offensive skillset by showing you the different ways to perform security assessment. This book will help blue teamers and IT engineers get up to speed with possible security issues they may encounter in their Windows environments.

BookNov 2023360 pages
Practical Ansible

Practical Ansible

In Practical Ansible, you'll work with the latest release of Ansible and learn to solve complex issues quickly with the help of task-oriented scenarios. You'll start by installing and configuring Ansible to automate monotonous and repetitive IT tasks and get to grips with concepts such as playbooks, inventories, plugins, collections, and network modules.

BookSep 2023420 pages
Windows 11 for Enterprise Administrators

Windows 11 for Enterprise Administrators

Microsoft’s launch of Windows 11 is a step toward satisfying the enterprise administrator’s needs for better management and enhanced user experience customization. This book provides the enterprise administrator with the knowledge needed to fully utilize the advanced feature set of Windows 11 Enterprise.

BookOct 2023286 pages
The Linux DevOps Handbook

The Linux DevOps Handbook

This book is for software and IT professionals seeking knowledge on Linux systems and DevOps practices. This book will provide you with guidance and tools to learn and gain proficiency in managing Linux-based infrastructures and knowledge of DevOps.

BookNov 2023428 pages2