Course Content
Networking Today
0/7
Network Components
Network Representations and Topologies
Common Types of Networks
Internet Connections
Reliable Networks
Network Security Basic
Network Trends
Basic Switch and End Device Configuration
0/7
Cisco IOS Access
Cisco IOS Navigation
Cisco IOS Command Structure
Basic Cisco Device Configuration
Save Cisco IOS Configurations
Ports and Addresses
Configure IP Addressing
Protocols and Models
0/7
The Rules in Network Communications
Protocols
Protocol Suites
Standards Organizations
Reference Models
Data Encapsulation
Data Access
Physical Layer
0/6
Purpose of the Physical Layer
Physical Layer Characteristics
Copper Cabling
UTP Cabling
Fiber-Optic Cabling
Wireless Media
Data Link Layer
0/3
Purpose of the Data Link Layer
WAN and LAN topologies
Data Link Frame
Ethernet Switching
0/4
Ethernet Frames
Ethernet MAC Address
The MAC Address Table
Switch Speeds and Forwarding Methods
Network Layer
0/5
Network Layer Characteristics
IPv4 Packet
IPv6 Packet
How a Host Routes
Router Routing Tables
Number Systems
0/2
Binary Number System
Hexadecimal Number System
Address Resolution
Explain how ARP and ND enable communication on a network
0/3
MAC and IP
ARP
Neighbor Discovery
Basic Router Configuration
0/3
Configure Initial Router Settings
Configure Interfaces
Configure the Default Gateway
IPv4 Addressing
0/7
IPv4 Address Structure
IPv4 Unicast, Broadcast, and Multicast
Types of IPv4 Addresses
Network Segmentation
Subnet an IPv4 Network
VLSM
Structured Design
IPv6 Addressing
0/8
IPv4 Issues
IPv6 Address Representation
IPv6 Address Types
GUA and LLA Static Configuration
Dynamic Addressing for IPv6 GUAs
Dynamic Addressing for IPv6 LLAs
IPv6 Multicast Addresses
Subnet an IPv6 Network
ICMP
0/2
ICMP Messages
Ping and Traceroute Testing
Transport Layer
0/7
Transportation of Data
TCP Overview
UDP Overview
Port Numbers
TCP Communication Process
Reliability and Flow Control
UDP Communication
Application Layer
0/7
Application, Presentation, and Session
Peer-to-Peer
Web Protocols
Email Protocols
Dynamic Host Configuration Protocol (DHCP)
Domain Name Service
File Sharing Services
Network Security Fundamentals
0/4
Security Threats and Vulnerabilities
Network Attacks
Network Attack Mitigation
Device Security
Build a Small Network
0/7
Devices in a Small Network
Small Network Applications and Protocols
Scale to Larger Networks
Verify Connectivity
Host and IOS Commands
Troubleshooting Methodologies
Troubleshooting Scenarios
Basic Device Configuration
0/5
Configure a Switch with Initial Settings
Configure Switch Ports
Secure Remote Access
Basic Router Configuration
Verify Directly Connected Networks
CCNA: Switching, Routing, and Wireless Essentials
The second course in the CCNA curriculum focuses on switching technologies and router operations that support small-to-medium business networks and includes wireless local area networks (WLAN) and security concepts.
0/15
Switching Concepts
VLANs
Inter-VLAN Routing
STP
Etherchannel
DHCPv4
SLAAC and DHCPv6 Concepts
FHRP Concepts
LAN Security Concepts
Switch Security Configuration
WLAN Concepts
WLAN Configuration
Routing Concepts
IP Static Routing
Troubleshoot Static and Default Routes
CCNA: Enterprise Networking, Security, and Automation
The third CCNA course describes the architectures and considerations related to designing, securing, operating, and troubleshooting enterprise networks – including wide area network (WAN) technologies & quality of service (QoS) mechanisms for secure remote access, along with software-defined networking, virtualization, & automation concepts supporting network digitization.
0/14
Single-Area OSPFv2 Concepts
Single-Area OSPFv2 Configuration
Network Security Concepts
ACLs Concepts
ACLS for IPv4 Configuration
NAT for IPv4
WAN Concepts
VPN and IPsec Concepts
QoS Concepts
Network Management
Network Design
Network Troubleshooting
Network Virtualization
Network Automation
CCNA Course
About Lesson

Network Attack Mitigations

Identify general mitigation techniques.

The Defense-in-Depth Approach

  • To mitigate network attacks, you must first secure devices including routers, switches, servers, and hosts. Most organizations employ a defense-in-depth approach (also known as a layered approach) to security.
  • This requires a combination of networking devices and services working in tandem.

  • Several security devices and services are implemented to protect an organization’s users and assets against TCP/IP threats:
    • VPN
    • Cisco ASA Firewall
    • IPS
    • ESA/WSA
    • AAA Server

Keep Backups

  • Backing up device configurations and data is one of the most effective ways of protecting against data loss. Backups should be performed on a regular basis as identified in the security policy.
  • Data backups are usually stored offsite to protect the backup media if anything happens to the main facility. The table shows backup considerations and their descriptions.

 

Consideration Description
Frequency
  • Perform backups on a regular basis as identified in the security policy.
  • Full backups can be time-consuming, therefore perform monthly or weekly backups with frequent partial backups of changed files.
Storage
  • Always validate backups to ensure the integrity of the data and validate the file restoration procedures.
Security
  • Backups should be transported to an approved offsite storage location on a daily, weekly, or monthly rotation, as required by the security policy.
Validation
  • Backups should be protected using strong passwords. The password is required to restore the data.

Upgrade, Update, and Patch

  • As new malware is released, enterprises need to keep current with the latest versions of antivirus software.
  • The most effective way to mitigate a worm attack is to download security updates from the operating system vendor and patch all vulnerable systems.
  • One solution to the management of critical security patches is to make sure all end systems automatically download updates.

Authentication, Authorization, and Accounting

Authentication, authorization, and accounting (AAA, or “triple A”) network security services provide the primary framework to set up access control on network devices.

  • AAA is a way to control who is permitted to access a network (authenticate), what actions they perform while accessing the network (authorize), and making a record of what was done while they are there (accounting).
  • The concept of AAA is similar to the use of a credit card. The credit card identifies who can use it, how much that user can spend, and keeps account of what items the user spent money on.

Firewalls

  • Network firewalls reside between two or more networks, control the traffic between them, and help prevent unauthorized access.
  • A firewall could allow outside users controlled access to specific services.
  • For example, servers accessible to outside users are usually located on a special network referred to as the demilitarized zone (DMZ).
  • The DMZ enables a network administrator to apply specific policies for hosts connected to that network.

Types of Firewalls

  • Firewall products come packaged in various forms.
  • These products use different techniques for determining what will be permitted or denied access to a network.
  • They include the following:
    • Packet filtering – Prevents or allows access based on IP or MAC addresses
    • Application filtering – Prevents or allows access by specific application types based on port numbers
    • URL filtering – Prevents or allows access to websites based on specific URLs or keywords
    • Stateful packet inspection (SPI) – Incoming packets must be legitimate responses to requests from internal hosts. Unsolicited packets are blocked unless permitted specifically. SPI can also include the capability to recognize and filter out specific types of attacks, such as denial of service (DoS).

Endpoint Security

  • An endpoint, or host, is an individual computer system or device that acts as a network client.
  • Common endpoints are laptops, desktops, servers, smartphones, and tablets.
  • Securing endpoint devices is one of the most challenging jobs of a network administrator because it involves human nature.
  • A company must have well-documented policies in place and employees must be aware of these rules. Employees need to be trained on proper use of the network.
  • Policies often include the use of antivirus software and host intrusion prevention.
  • More comprehensive endpoint security solutions rely on network access control.

 

Other related topics

 

Topic Title Topic Objective
Security Threats and Vulnerabilities Explain why basic security measures are necessary on network devices.
Network Attacks Identify security vulnerabilities.
Network Attack Mitigation Identify general mitigation techniques.
Device Security Configure network devices with device hardening features to mitigate security threats.

Other useful information

Join the conversation
Previous
Next