CCNA Security
Lab - Researching Network Attacks and Security Audit Tools Objectives Part ! Researching Network Attacks •
Research network attacks that have occurred.
•
Select a network attack and develop a report for presentation to the class.
Part "! Researching Security Audit Tools •
Research network security audit tools.
•
Select a tool and develop a report for presentation to the class.
#ackground $ Scenario Attackers have developed developed many tools over over the years to attack attack and compromise networks. networks. These These attacks take many forms, but in most cases, they seek to obtain sensitive information, destroy resources, or deny legitimate users access to resources. When network resources are inaccessible, worker productivity can suffer, and business income may be lost. To understand how to defend a n etwork against attacks, an administrator must identify network vulnerabilities. Specialized security audit software, developed by euipment and software manufacturers, can be used to help identify potential weaknesses. Additionally, Additionally, the same tools used by individuals to attack networks can also be used by network professionals to test the ability of a network to mitigate an attack. After the vulnerabilities are known, steps can be taken to help protect the network. This lab provides a structured research p ro!ect that is divided into two parts" Researching #etwork Attacks and Researching Security Audit Tools. $ou can elect to perform %art &, %art ', or both. (et your instructor know what you plan to do. This will ensure that a variety of network attacks and vulnerability tools are reported on by the members of the class. )n %art &, research various network attacks that have actually occurred. Select one of these attacks and describe how the attack was pe rpetrated and how e*tensive the network outage or damage was. #e*t, investigate how the attack could have been mitigated or what mitigation techniues might have been implemented to prevent future attacks. +inally, prepare prepare a report based on the predefined form included within this lab. )n %art ', research network security audit tools and investigate one that can be used to identify host or network device vulnerabilities. reate a one-page summary of the tool based on a predefined form included within this lab. %repare a short /0&1 minute2 presentation to present to the class. $ou $ou may work in teams of two, with one person reporting on the network attack and the other reporting on the security audit tools. All team members deliver a short overview of their findings. $ou can use live demonstrations or %ower%oint to summarize your findings.
Re%uired Resources •
omputer with )nternet access for research
•
%resentation computer with %ower%oint or other presentation software installed
•
3ideo pro!ector and screen for demonstrations and presentations
4 '1&/ isco and5or its affiliates. All rights reserved. This document is isco %ublic.
%age of &
Lab - Researching Network Attacks and Security Audit Tools
Part ! Researching Network Attacks )n %art & of this lab, research various network attacks that have actually occurred and select one on which to report on. +ill in the form below based on your findings.
Ste' ! Research various network attacks( (ist some of the attacks you identified in your search. %osibles e!emplos incluyen" ode Red , #imba , 6ack 7rifice , 6laster , 8ydoom , S9( Slammer , %)T:+7 , red inundaciones Tribu T+#2 , Stacheldraht , Sobig , #etsky , ingenioso , y la tormenta . ;l ataue
Ste' "! )ill in the *ollowing *or+ *or the network attack selected( Na+e o* attack!
7>; R;>
Ty'e o* attack!
?:SA#7
,ates o* attacks!
@:()7 '11&
Co+'uters $ Organiations a**ected!
INFECTANDO UN ESTIMADO DE 359 MIL COMPUTADORAS EN 1 DIA
.ow it works and what it did!
ode Red e*plotado vulnerabilidades de desbordamiento de bfer en sin parches servidores 8icrosoft )nternet )nformation . Se puso en marcha el cesfigurar la pBgina web afectada con el mensa!e" EFolaG 6ienvenido a http"55www.worm.comG Facked 6y chinoG D Se trat< de propagarse mediante la bsueda de mBs servidores ))S en )nternet. D Se esper< '1-'H d=as despuIs de ue se instal< para lanzar ataues de denegaci
Re*erences and in*o links! ;RT Advisory A-'11&-&J e;ye ode Red advisory
4 '1&/ isco and5or its affiliates. All rights reserved. This document is isco %ublic.
%age " of &
Lab - Researching Network Attacks and Security Audit Tools
ode Red )) analysis
Presentation su''ort gra'hics 0include PowerPoint *ilena+e or web links1! Wikipedia, Animation on KThe Spread of the ode-Red Worm Rv'2K. A)>A Analysis. Retrieved on '11L-&1-1M. www.networkworld.com5slideshows5'11N51M&&1N-worst-moments-in-net-security.htmlO nwwpkgPslideshows
Part "! Researching Security Audit Tools )n %art ' of this lab, research network security audit and attacker tools. )nvestigate one that can be used to identify host or network device vulnerabilities. +ill in the report below based on your findings.
Ste' ! Research various security audit and network attack tools( (ist some of the tools that you identified in your search. %osibles e!emplos incluyen" 8icrosoft 6aseline Security Analyzer 86SA 2 , #8A% , isco )7S AutoSecure , S>8 2 Asistente de Auditor=a de Seguridad de isco Security >evice 8anager . Ferramienta de seguridad de la red Sourceforge AnBlisis #SAT 2 , Solarwinds ;ngineering Toolset . Ferramientas atacante tambiIn pueden ser investigados , incluyendo de (1phtcrack , a=n y Abel , @ohn the Ripper , #etcat , TF Fydra , hkrootkit , >Sniff , #essus , AirSnort , Airrack , W;%rack , (a herramienta de Auditor=a de Seguridad de S>8 se utiliza como un e!emplo au=.
Ste' "! )ill in the *ollowing *or+ *or the security audit or network attack tool selected( Na+e o* tool!
Auditor=a de Seguridad de S>8
,evelo'er!
isco Systems
Ty'e o* tool 0character-based or 2341!
AnBlisis de la seguridad basada en ?:) de isco Router
3sed on 0network device or co+'uter host1!
Router
Cost!
>escargar gratis
,escri'tion o* key *eatures and ca'abilities o* 'roduct or tool! Asistente de Auditor=a de Seguridad de S>8 e!ecuta una serie de listas de control predefinidas para evaluar la configuraci8 presenta una lista de acciones recomendadas, ue puede elegir selectivamente a aplicar. S>8 tambiIn le permite realizar directamente una opci8 ue e*amina una configuraci8. Auditor=a de seguridad hace lo siguiente"
4 '1&/ isco and5or its affiliates. All rights reserved. This document is isco %ublic.
%age 5 of &
Lab - Researching Network Attacks and Security Audit Tools D omprueba la configuraci8 y el asistente de auditor=a de la seguridad proporcionan ayuda sensible al conte*to.
Re*erences and in*o links!
htt'!$$www(cisco(co+$en$3S$docs$routers$access$cisco6router6and6security6device6+anager$ "7$so*tware$user$guide$SAudt(ht+l
Re*lection ( 8hat is the 'revalence o* network attacks and what is their i+'act on the o'eration o* an organiation9 8hat are so+e key ste's organiations can take to hel' 'rotect their networks and resources9 (as respuestas pueden variar. Ataues a la red masivos como ode Red, ue puede afectar a grandes porciones de la )nternet, son menos comunes debido a las estrategias de mitigaciispositivos de red y los hosts de una red tienen muchas posibles vulnerabilidades ue pueden ser e *plotadas. Ferramientas de anBlisis de la vulnerabilidad pueden ayudar a identificar agu!eros de seguridad para ue los administradores de red pueden tomar medidas para corregir el problema antes de ue ocurra un ataue. 7tras medidas ue se pueden tomar son" ;l uso de cortafuegos, detecci
"(
.ave you actually worked *or an organiation or know o* one where the network was co+'ro+ised9 4* so: what was the i+'act to the organiation and what did it do about it9 (as respuestas var=an, y los resultados pueden ser interesantes
5(
8hat ste's can you take to 'rotect your own PC or la'to' co+'uter9
(as respuestas var=an, pero pueden incluir" 8antener el sistema operativo y las aplicaciones al d=a con p arches y Service %acks, utilice un servidor de seguridad personal, configurar contraseQas para acceder al sistema, configurar salvapantallas de tiempo de espera y reuieren una contraseQa, proteger archivos importantes al hacer ue lean -s
4 '1&/ isco and5or its affiliates. All rights reserved. This document is isco %ublic.
%age & of &