41
CCNA Security v2.0 Chapter 11: Managing a Secure Network
| Date post: | 12-Jan-2016 |
| Category: |
Documents |
| Upload: | winfred-hancock |
| View: | 319 times |
| Download: | 7 times |
CCNA Security v2.0
Chapter 11:
Managing a Secure Network
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Chapter Outline
11.0 Introduction
11.1 Network Security Testing
11.2 Developing a Comprehensive Security Policy
11.3 Summary
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Section 11.1:Network Security Testing
Upon completion of this section, you should be able to:
• Describe the techniques used in network security testing.
• Describe the tools used in network security testing.
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 4
Topic 11.1.1:Network Security Testing Techniques
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Operations Security
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Testing and Evaluating Network Security
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Types of Network TestsOperational Status of the Network:
• Penetration testing
• Network scanning
• Vulnerability scanning
• Password cracking
• Log review
• Integrity checks
• Virus detection
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Applying Network Test Results
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 9
Topic 11.1.2:Network Security Testing Tools
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Network Testing Tools• Nmap/Zenmap
• SuperScan
• SIEM
• GFI LANguard
• Tripwire
• Nessus
• L0phtCrack
• Metasploit
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Nmap and Zenmap
Sample Nmap Screenshot Sample Zenmap Screenshot
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
SuperScan
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
SIEM
Essential functions:
• Forensic Analysis
• Correlation
• Aggregation
• Retention
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Section 11.2:Developing a Comprehensive Security Policy
Upon completion of this section, you should be able to:
• Explain the purpose of a comprehensive security policy.
• Describe the structure of a comprehensive security policy.
• Describe the standards, guidelines, and procedures of a security policy.
• Explain the roles and responsibilities entailed by a security policy.
• Explain security awareness and how to achieve through education and training.
• Explain how to respond to a security breach.
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 15
Topic 11.2.1:Security Policy Overview
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Secure Network Life CycleDetermine what the assets of an organization are by asking:
• What does the organization have that others want?
• What processes, data, or information systems are critical to the organization?
• What would stop the organization from doing business or fulfilling its mission?
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Security Policy
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Security Policy AudienceAudience Determines Security Policy Content
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 19
Topic 11.2.2:Structure of a Security Policy
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Security Policy Hierarchy
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Governing PolicyA governing policy includes:
• Statement of the issue that the policy addresses
• How the policy applies in the environment
• Roles and responsibilities of those affected by the policy
• Actions, activities, and processes that are allowed (and not allowed)
• Consequences of noncompliance
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Technical Policies
Technical components:
• General policies
• Telephony policy
• Email and communication policy
• Remote access policy
• Network policy
• Application policy
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
End User PolicesCustomize End-User Policies for Groups
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 24
Topic 11.2.3:Standards, Guidelines, and Procedures
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Security Policy Documents
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Standards Documents
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Guideline Documents
NIST Information Technology Portal
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Guideline Documents (Cont.)
NSA Website
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Guideline Documents (Cont.)
Common Criteria Website
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Procedure Documents
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 31
Topic 11.2.4:Roles and Responsibilities
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Organizational Reporting Structure
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Common Executive Titles
• Chief Executive Officer (CEO)
• Chief Technology Officer (CTO)
• Chief Information Officer (CIO)
• Chief Security Officer (CSO)
• Chief Information Security Officer (CISO)
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 34
Topic 11.2.5:Security Awareness and Training
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Security Awareness ProgramPrimary components:
• Awareness campaigns
• Training and education
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 36
Topic 11.2.6:Responding to a Security Breach
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Motive, Opportunity, and Means
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Collecting Data
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Section 11.3:Summary
Chapter Objectives:
• Explain the various techniques and tools used for network security testing.
• Explain how to develop a comprehensive security policy.
Thank you.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Instructor Resources
• Remember, there are helpful tutorials and user guides available via your NetSpace home page. (https://www.netacad.com)
• These resources cover a variety of topics including navigation, assessments, and assignments.
• A screenshot has been provided here highlighting the tutorials related to activating exams, managing assessments, and creating quizzes.
1
2
