Cisco CCNA 200-301 – The Security Threat Landscape

1. Introduction

In this section, you’ll learn about the It security threat landscape. I’ll start off by giving you the definitions that apply to general security. And then I’ll talk about the methodology that hackers follow when they are attacking you. I’ll tell you about the different devices that are available to provide protection, such as firewalls and intrusion prevention systems will also cover virtual private networks, both sitetosite and remote access VPNs. And finally, I’ll wrap up the section by explaining the mitigation techniques that you can use to defend yourself against attacks.

2. The Security Threat Landscape

You’ll learn about the general It security threat landscape and the difference between script kiddies and targeted attacks. We’ll start off with some terminology. First up, a threat. A threat has the potential to cause harm to an It asset. So if you’re under attack by a hacker and they’re using a particular tool, tool to attack you, then that would be a threat. A vulnerability is a weakness that compromises the security or functionality of a system.

So if you’re running an out of date version of Windows for example, which doesn’t have up to date security patches, then that would be a vulnerable system. An exploit uses a weakness to compromise the security or functionality of a system. So using that old version of Windows again as the example, it’s got a vulnerability because the software is out of date. It’s the exploit which the attacker can use, which exploits that particular vulnerability. A risk is the likelihood of a successful attack. So how likely is it that an attack is going to happen? You also want to factor in what would be the impact if you became a victim of that attack as well.

And finally, Mitigation is techniques to eliminate or reduce the potential of and seriousness of an attack. So with the general security threat landscape, it’s a constant battle between you and the hacker. The hacker is always going to be developing new tools looking for new vulnerabilities and exploits. And it’s up to you to ensure that your Mitigation techniques and solutions are up to date to protect against both vulnerabilities and exploits. Next thing is malware. And malware is any malicious software. This includes viruses. A virus is software which inserts itself into other software and can spread from computer to computer. A virus requires human action to spread. So for example, maybe you download a software program from the internet from somewhere where you shouldn’t do and it’s got a virus on there.

Well, you’ve now infected your PC. If you then copy that executable program onto a USB stick and share it with somebody else and then they run it, then they are now infected too. So a virus, it spreads from computer to computer but it requires human interaction to do that. For example, emailing it to somebody else or sharing it on a USB stick. Worms are self propagating viruses that can replicate by themselves so they don’t require human action to spread. For example, maybe you are running a database on one of your PCs and when it gets infected it’s able to connect out.

Look for other systems that are running the database and infect them as well. So once you’re infected in the first place, if you’re infected with a worm, if you’ve got other software that is susceptible to that worm, it can spread itself out to those other systems as long as it’s got network connectivity to do so. Next up is a Trojan horse. And this is named after the old story of the Horse of Troy, which you probably know about, where the city of Troy was under siege, but the attackers weren’t able to get in. So what they did was they built a big wooden horse and then they hid some soldiers in there and they left it outside as an offering. And then the people inside the city pulled in the wooden horse and in that night the soldiers all jumped out and the city became overrun. So a Trojan Horse is something that looks nice on the outside, but it’s actually got a nasty surprise on the inside. And when we’re talking about Trojan Horses with malware, this is malicious software which looks legitimate to trick humans into triggering it. And this often installs back doors.

So what can happen with a Trojan Horse is maybe you’re a gamer and you’re browsing around on the internet and you land on a page which tells you click here and you’ll get free passwords to get into all the best games. So it looks nice on the outside. You then double click on that. Maybe it does have passwords there or maybe it just gives you an error message. But because you’ve double clicked on that executable file, unbeknown to you, the Trojan Horse has delivered its payload. What that payload will often be is installing backdoor software onto your PC, which allows the attacker to take control of it or to see information on it later. And finally on here, the last type of malware that I want to cover is ransomware. Ransomware encrypts your data with the attacker’s key and it asks you, the victim, to pay a ransom to obtain the key. So what happens is, again you are going to trigger this ransomware on your PC. As soon as you do that, it encrypts all of the data on your PC.

And what the attacker can do is later on lock you out from having access to your own data. The only way that you can get access back into that is by paying them a ransom, which time they will give you the key so you can get into that data. Really a way that you can guard against ransomware is by making sure that you have got backups of your PC. And then if you do fall victim to this, you can just roll back to the last good backup. Obviously it’s best not to be a victim of ransomware in the first place. And I’ll talk about the mitigation techniques against malware and everything else that I’m going to cover in this lecture, in a lecture later on in this section. Hacking Tools many hacking tool sets are available for the hacker that they can use to attack your systems. Penetration testers, who are the good guys, use the same tools as hackers to test for vulnerabilities. So the way that you can guard against test if you’ve got vulnerabilities and see what the impact is, is you have to do exactly the same thing as the hackers would do. So you’re going to be using the same tools.

Penetration tester is actually a job role. So if you’re a penetration tester, it’s your job to try to hack into companies, and if you find a way to do so, you let the company know about that so they can then go and protect against that vulnerability. Hacking tools typically run on Linux, with Kali Linux being a preferred flavor for doing this. Tools include password cracking tools with a password cracking tool. If the attacker is able to see a login page, they can use the tool to try to automate the guessing of passwords. Other tools include sniffers, so if the attacker is able to see your data going across the network, they can use a sniffer to see the contents of that data so they can see the information that is in there. A ping sweeper is used for doing reconnaissance against a target. What a ping sweeper does is it pings a range of IP addresses to see if there is a response. If there is a response, and that means that there is a system there, and the attacker can then dig deeper to see if that system has any vulnerabilities. A tool that they can use to discover vulnerabilities is port and vulnerability scanners. So typically the attacker will do a ping sweep first, find out what systems are alive. It will then dig deeper by using port and vulnerability scanners to see what ports are open on those systems, and also if there’s any known vulnerabilities, for example, if the systems have got out of date. Software that leads me on to script kiddies after talking about the hacking tools. Script kiddies is a well known and derogatory term for low skilled attackers who download and use off the shelf hacking software to launch exploits. So these are general hobbyists and they’ve just done some playing around on the Internet.

They’ve found some hacking sites there which has got software that they can download. Often this hacking software requires very little skill to use. The attacker can just point it at a particular range of public IP addresses and see if they’re able to do any damage. So script kiddie, somebody that uses just off the shelf hacking software don’t really have very high level skills themselves, but there’s a lot of these people out there, they will typically attempt to exploit any vulnerable host that they can connect to. So we’re not generally doing targeted attacks against a particular organization. Often we’re just trying to attack anybody out there who’s vulnerable to the particular attack.

More skilled attackers will also look for random victims as well, though, in order to meet their goals, such as installing ransomware or a botnet. I’ll talk about what a botnet is later in this lecture, and organizations are constantly under these types of attacks. So what this means is if you are working for an organization and your organization is connected to the internet for sure, you are constantly being bombarded by attacks. I remember years and years ago, the first time I broke it in my first It job, and one of my roles there was looking after the company’s firewall because basically I was the It guy looking after everything.

And the first time I looked in the logs in the firewall, I was thinking, wow, panicking, we’re under attack. And I quickly found out that that is just a normal state of affairs. That was just a small company that I was working for. There highly unlikely that anybody would target them for a particular attack, but there’s loads of these just general random attacks happening against everybody all the time. So because of this, even if you think that you’re not going to be the victim of a targeted attack, you still need to make sure that you are protected against attacks because they’re going to happen against you anyway.

So with these targeted attacks, this is where it is directed against a particular individual or organization. And this type of attack is rarer. Skilled attackers who are doing a targeted attack will typically start off with very stealthy and low impact reconnaissance, which is very hard to detect by you, and then they will systematically escalate the attack from there. So they start off by being very unobtrusive, very stealthy, and they will go through steps with a system that they have. Each one is intended to get more access to your systems, which allows them to have more damage, and it’s going to be more and more obtrusive as they go through that system.

So this is the evolution of a targeted attack. The attacker will typically start off by doing external reconnaissance, google searches and things like that, and then they will be becoming more obtrusive as they go along, trying to get further and further into your systems until they make an initial compromise so they get access to one of your systems. At this point, they will then escalate their privileges. So usually the attacker will start off by going for the low hanging fruit. If they can see any system that they can access easily, even if it’s got very little access to the other corporate systems behind there, then they will compromise that system first.

They will then try to get higher level privileges on that system, which will for them hopefully allow them to get access to further systems from there. So external reconnaissance first, then the initial compromise, then escalation of privileges on that system. And then from that system, they can then do internal reconnaissance because they’re already inside the organization. They will then do further compromise and further escalation of their privileges until they reach their end goal. Okay, so that was an overview of the security threat landscape with the terminology and the difference between script kiddies and a targeted attack. In the next lecture, we’ll get into the detail of the different type of attacks that hackers will launch against you starting off with reconnaissance.

• Category: Uncategorized