Content Overview The open nature of the
Internet makes it increasingly important for growing businesses
to pay attention to the security of their networks. As
companies move more of their business functions to the public
network, they need to take precautions to ensure that attackers
do not compromise their data or that their data does not end up
being seen by the wrong people. Unauthorized network access by
an outside hacker or disgruntled employee can wreak havoc with
proprietary data, negatively affect company productivity, and
stunt the ability to compete. Unauthorized network access can
also harm relationships with customers and business partners
who may question the ability of companies to protect their
confidential information. Before learning how to defend against
attack, you need to know how the attacker operates. The theme
of the first few lessons in this module is “know thine enemy.”
You will learn how hackers operate and what attack strategies
they can employ. Once you know the nature of the threat, you
will be better able to implement the full set of security
features contained in Cisco IOS software to provide security
for your network. This module describes the best practices for
securing router administrative access using mechanisms such as
password security features, failed login attempt handling, and
role-based command-line interface (CLI). You will learn how to
mitigate attacks using access lists. You will also learn how to
design and implement a secure management system including
secure protocols such as Secure Shell (SSH), Simple Network
Management Protocol version 3 (SNMPv3), and authenticated
Network Time Protocol (NTP). The module discusses the most
ubiquitous authentication, authorization, and accounting (AAA)
protocols RADIUS and TACACS+, and explains the differences
between them. Web Links Understanding Remote Worker
Security: A Survey of User Awareness vs. Behavior
http://www.cisco.com/en/US/netsol/ns340/ns394/
ns171/ns413/networking_solutions_white_paper09
00aecd8054581d.shtml Core Elements of the Cisco
Self-Defending Network Strategy
http://www.cisco.com/en/US/netsol/ns340/ns394/
ns171/ns413/networking_solutions_white_paper09
00aecd80247914.shtml Enterprise Architecture Resiliency
At-A-Glance
http://www.cisco.com/application/pdf/en/us/guest
/
netsol/ns413/c654/cdccont_0900aecd8026a141.pdf INS WP:
Security Virtues of a Common Infrastructure
http://www.cisco.com/application/pdf/en/us/guest/
netsol/ns413/c654/cdccont_0900aecd80356d03.pdf Deploying
Firewalls Throughout Your Organization
http://www.cisco.com/en/US/netsol/ns340/ns394/
ns171/ns413/networking_solutions_white_paper09
00aecd8057f042.shtml Perceptions and Behaviors of Remote
Workers: Keys to Building a Secure Company
http://www.cisco.com/en/US/netsol/ns340/ns394/
ns171/ns413/networking_solutions_white_paper09
00aecd8056e783.shtml The Cisco ASA 5500 as a Superior
Firewall Solution
http://www.cisco.com/en/US/netsol/ns340/ns394/
ns171/ns413/networking_solutions_white_paper09
00aecd8058ec85.shtml Top 100 Network Security Tools
http://sectools.org/ Exploiting Cisco Routers: Part
1
http://www.securityfocus.com/infocus/1734
Exploiting Cisco Routers: Part 2
http://www.securityfocus.com/infocus/1749 Cisco AutoSecure
White Paper
http://www.cisco.com/en/US/products/sw/iosswrel/
ps5187/products_white_paper09186a00801dbf61.shtml
Content 5.1 Thinking Like a Hacker
5.1.1 Seven Steps to Hacking a Network In many
ways, hackers and software developers think very much alike.
They both follow a specific methodology and both carefully
document their work. However, the goals of a hacker are quite
different from those of a software developer. Knowing the
methodologies that hackers use will help you to develop an
effective security policy. Regardless of the specific attack
vector an attacker uses, the attack can be thought of as
following these seven steps as outlined in Figure : Step
1 Hackers build a footprint of an organization from which
they can launch an attack. Step 2 Hackers enumerate
information. Step 3 Hackers manipulate users to gain
access. Step 4 Hackers attempt to escalate their
privileges. Step 5 Hackers gather system passwords and
secrets. Step 6 Hackers install back doors and port
redirectors. Step 7 Hackers take advantage of
compromised systems. Hackers comprise the most well-known
outside threat to information systems. They are not geniuses,
but they are persistent people who have taken a lot of time to
learn their craft. It is often incorrect to refer to people
whose intent is to exploit a network maliciously as hackers. In
this lesson, the term hacker may refer to someone more
correctly referred to as a cracker, or black hat
hackers. These are some of the titles assigned to hackers:
- Hackers break into computer networks to learn
more about them. Some hackers generally mean no harm and do not
expect financial gain. Unfortunately, hackers may
unintentionally pass valuable information on to people who do
intend to harm the system.
- Crackers
(criminal hackers) are hackers with a criminal
intent to harm information systems. Crackers are generally
working for financial gain and are sometimes called black hat
hackers.
- Phreakers (phone
breakers) pride themselves on compromising telephone
systems. Phreakers reroute and disconnect telephone lines, sell
wiretaps, and steal long-distance services.
The goal
of any hacker is to compromise the intended target or
application. Hackers begin with little or no information about
the intended target, but by the end of their analysis, they
will have accessed the network and will have begun to
compromise their target. Their approach is always careful and
methodical—never rushed and never reckless. The seven-step
process outlined in the figure is a good representation of the
method that hackers use.
Content 5.1
Thinking Like a Hacker 5.1.2 Step 1: Footprint
Analysis To hack into a system successfully, hackers want
to know as much as they can about the system. Hackers build a