Suggested Course Track:
Net+ Sec+  >   CCENT  >   CCNA  >   CCSP  >
CCIE Security Lab  >   CCIE Security Lab Experience

Possess the skills necessary to ensure the security of all network-based transactions. Become uniquely qualified and valued in the security arena with GlobalNet Training's 12-day Cisco® Certified Security Professional (CCSP) Training Boot Camp. This course includes the INFOSEC, ASA Specialist, CCNA Security and CCSP Certifications. The CCSP certification provides network professionals with professional level recognition in designing and implementing Cisco® secure networks. CCSP holders are actively involved in developing business solutions and designing and delivering multiple levels of security departments.

December 6, 2008 -- Todd Lammle

Protecting your Network… Now!

There are many common ways to gather information about a network and compromise the corporate information as well as cause destruction of a corporate web server and services. You need to be prepared today.

Here's a list of the most common ones:

Network packet sniffers
IP spoofing
Smurfing
Password attacks
WareZ
Man-in-the-middle attacks
Denial of Service attacks
Session highjacking
Application layer attacks
Trojan Program
HTML

When reading about each of these threats, what you want to keep in mind is how to protect your network and your data from each of these different types of attacks. Not only do hackers steal data, they also are intent on corrupting or destroying data, or even added “extra” data to your network that can cause irreparable damage. 

Network Packet Sniffers

If you are an administrator that uses your powers for good and not for evil, then a network packet sniffer is your best buddy. You can see all sorts of network information, which is critical to administrating the network and keeping it in top shape. However, if someone was to use their power for evil, then they can basically read packets of information sent across a network by using a network packet sniffer. Because the network packets are not encrypted by default, they can be processed and understood by any available network sniffer. The hacker that wants to gather this information must be connected to the network in order to gather this information, so controlling physical access to your network is very important.

Some applications send all information across the network in clear text, which could possible allow a sniffer to pick up a username and password. This username and password can then be used to gain access to other corporate resources. When an attacker obtains the correct account information, he or she has the run of your network. If a hacker gains an admin or root access, then the user can even create a new user ID that can be used at any time as a back door to get into your network and its resources.

Back to top

IP Spoofing

An IP spoofing attack occurs when an attacker outside your network pretends to be a trusted computer by using an IP address that is within the range of IP addresses for your network. However, if you were to just place a simple access-list on the corporate routers interface to the Internet denying access to your internal network IP addresses from entering this interface, you can effectively and easily stop IP spoofing. However, this solution will only work if the attacker is outside the network.

If someone were to spoof a network ID, they would have to change the routing tables in your router in order to receive any packets. Once they do this, they can then possibly access user accounts and passwords; however, the attacks are still possible if they don’t change the routing tables by combining simple spoofing attacks with knowledge of messaging protocols.

Back to top

Smurfing

The smurf attack sends a large a large amount of ICMP echo (ping) traffic to an IP broadcast addresses from a supposedly valid host that is traceable. This host then gets blamed from the attack.

The problem this causes is a sending of a layer two broadcast. Most hosts on the attacked IP network will take the ICMP echo request and reply to it with an echo reply each, multiplying the traffic by the number of hosts responding. This creates a denial of service to actual users because the network traffic is so high.

Fraggles use UDP echo packets in the same fashion as the ICMP echo packets; it was a simple re-write of smurf to use a Transport layer broadcast.

To stop a smurf attack, the administrator should perform filtering on the network where the corporate network connects to the ISP or Internet

Back to top

Password Attacks

If a hacker creates a program that repeatedly attempts to identify a user account and/or password, this is called a brute-force attack.

If the hacker is successful at gathering the usernames and passwords, then the hacker will gain access to all resources the stolen username and password will provide to the actual corporate user. If this is the admin account, then the network would be completely jeopardized.

Back to top

WareZ

The term “WareZ” is used to apply to unauthorized distribution of software. This is not an attack on a corporate network or web site, but a motivation to either sell someone else’s software or allow the unlicensed versions of software for free distribution on the Internet. This can happen from internal employees or anyone on the Internet with a cracked version of the software. This is a huge problem for software companies.

Back to top

Man-in-the-Middle Attacks

Typically harder to do, but these attacks can still happen if someone can gain physical access to your network.  However, internal users, a spoofer or even someone at your ISP can initiate a man-in-the-middle attack. What these attackers do is get in-the-middle of a network segment and steal data. The Man-in-the Middle Attacks are usually implemented by using network packet sniffers, routing protocols or even Transport layer protocol.

The attackers can place corrupted or damaging data on your network, steal confidential information, or even start denial of service attacks.

Back to top

Denial-of-service attacks

The denial-of-service attacks are easy to do and hard to stop. This type of attack is usually used to stop normal users from getting to corporate resources, typically a web server.

The denial-of-service attack is based on the idea that an attacker can use up all the available service of a server so the servers services are not available to actual users or customers.

These attacks are usually implemented using TCP so that all the open port numbers are used up and then a valid host cannot create a session with a web server. However, other protocols can be used just as easily, like ICMP.

Checkpoint has a Firewall 1 product out that uses a Flood Gate module that has been pretty successful in stopping denial-of-service attacks and at a decent price. Cisco can also provide some security from this type of attack, but it is more expensive. You get what you pay for.

Back to top

Session Hijacking

The TCP protocol creates a reliable session between two hosts. This allows the hosts to transfer data with acknowledgements and flow control, as well as some security that the two hosts are communicating directly.

However, session highjacking is the process of squeezing between the two hosts having the transmitting host send the data to a different host then the valid host it had previously created a session with.

This is not the most typical attack these days because a network sniffer can gather much more information, but they are still possible. The solution to session highjacking or replaying is to use a strongly authenticated encrypted management protocol.

Back to top

Application-Layer Attacks

This type of an attack will happen to an application that can be exploited with well-known weaknesses. Sendmail, PostScript and FTP are examples of applications that are known to have an easy weakness. The idea of this attack is to gain access to a computer with the permissions of the account running the application, which is usually a privileged system-level account.

Back to top

Trojan horse program

Actually a very cool attack in the way it is implemented, the Trojan horse creates a substitute for a common program and users think they are in a valid program when they are not.

This allows the attacker to monitor login attempts to capture user account and password information, for example. This attack can also allow the user to modify application behavior to then receive all your corporate emails sent and received.

Back to top

HTML

Another new attack on the Internet scene is the exploiting of several new technologies: the Hypertext Markup Language (HTML) specification, Web browser functionality, and HTTP attacks.

These attacks, which include Java applets and ActiveX controls, involve passing harmful programs across the network and loading them through a user's browser.
Microsoft promotes an Authenticode technology for ActiveX, which has provided a false sense of security to some users. However, attackers can utilize a properly signed and bug-free ActiveX control to create a Trojan horse.

The unique part of this type of attack is that the attacker first changes the program, but the user doesn’t initiate the attack until they choose a certain page or program. Also, the attacks are non-hardware dependant because of the portability of the programs.

Conclusion

There are more attacks available then the ones I listed in this article, and you need to research and keep up on the latest attacks. I think that virus’s are the worst, and there was not room to start discussing virus attacks in this article since I could write a whole article on just virus attacks and certain types of protection.
 
Check out GlobalNet Training’s Cisco Certified Security Professional (CCSP) classes to help protect your network today!

Back to top

Course Content

The VPN offerings of Cisco have changed and been distributed over many of their other devices, which is now reflected in our course. The other devices such as the ASA and routers have been put in place and given the functionality to perform those tasks. Each of the courses (excluding the IPS and HIPS courses) will include VPN training. The only thing that is removed from the course is how to implement VPNs on a Cisco 3000 series Concentrator and 3002 series Hardware Client. The training no longer includes those devices because they have been designated as end-of-sale from Cisco.

Our 12 day certification course covers all of the objectives to complete your CCSP certification. We do not rely on outdated third party test preparation material or courseware. We have been writing our own curriculum since our company began delivering bootcamps in 1997. Your instructor wrote the material used in class and updates it before each course.

The GlobalNet Training CCSP boot camp is a guarantee certification course taught by a Certified Expert Instructor and includes hands-on training on Cisco®:

• Routers
• Switches
• PIX Firewalls
• VPN Contentrators
• VPN Hardware and Software Clients
• ASA

This course also includes:

• Cisco Specialist Certification: Cisco ASA Specialist
• 1 Cisco Professional Designation:  CCSP Certified
• 1 National Security Agency Professional Designation:  INFOSEC Professional
• CCNA Security
• Intrusion Detection Systems Training
• 5 Security Study Guides  and Security Lab Guides
• 5 Test Vouchers
• Onsite Testing
• Guaranteed Certification
• Course is Cisco Authorized*!

Certifications

To ensure Cisco certification holders are current on the latest technology trends, Cisco has updated the CCSP certification and also introduced new specialist certifications. Completing our CCSP program will now get you a total of 4 Cisco Specialist designations, 1 Cisco Professional Designation and 1 National Security Agency Professional designation.

• Cisco Specialist Certification: Cisco ASA Specialist
• 1 Cisco Professional Designation: CCSP Certified
• 1 National Security Agency Professional Designation: INFOSEC Professional
• CCNA Security Certification

Cisco has continued to work closely with the US National Security Agency (NSA) to ensure that certification training directly maps to the 4011 and 4013 standards. 4011 is the training standard for Information Systems Security (INFOSEC) for associate-level IT professionals and 4013 is the standard for more experienced IT professionals. Click for more info on these standards.

The updated CCSP program and new exams will continue to provide 4011 and 4013 letters of recognition signed by Cisco CEO, John Chambers. The criteria to receive a recognition letter are as follows:

• 4011 - CCNA Security certification comprised of first attaining a CCNA certification and then passing the associate level Implementing Cisco IOS Network Security (IINS) exam.
• 4013 - CCSP certification comprised of passing three defined core exams (SNRS, SNAF, IPS) and one of three elective exams (SNAA, MARS, or CANAC) after attaining the prerequisite CCNA Security certification.

Equipment

CCSP Lab Topology

Our students never share equipment.

Each student is trained utilizing live Cisco® Routers, Switches, PIX Firewalls, VPN concentrators, ASA’s and VPN Hardware/Software clients during several intense lab sessions.

Exams

The Securing Networks with PIX and ASA (SNPA) exam is now replaced and extended by the Securing Networks with ASA Foundation (SNAF) exam and Securing Networks with ASA Advanced (SNAA). In addition, the Securing Networks with Cisco Routers and Switches (SNRS) exam has also been refreshed.

GlobalNet's CCSP Boot Camp students are trained on more hardware and lab time to master the following four associated Cisco security exams:

• SNAF (642-524) Securing Networks with ASA Foundation
• SNAA (642-515) Securing Networks with ASA Advanced
• SNRS (642-504) Securing Networks with Cisco Routers and Switches
• IPS (642-533) Implementing Cisco Intrusion Prevention Systems

· Cisco® Certified Security Professionals are valid for three years.

· Passing an exam in our CCSP course recertifies all valid Associate and Professional level certifications.

Outline

GlobalNet Training’s 12-day certification course covers all of the objectives for the Securing Networks with PIX and ASA Exam (SNPA 642-523), Securing Cisco® Network Devices Exam (SND 642-552), Securing Networks with Cisco® Routers and Switches Exam (SNRS 642-503), Implementing Cisco® Intrusion Prevention System Exam (IPS 642-533), Securing Hosts Using Cisco® Security Agent Exam (HIPS 642-513).

*The following reflects the weekly CCSP 2-week schedule.

Week 1:

Week 2:

Download the detailed outline for this course.

You will need to download and install free Adobe Acrobat Reader software to read PDF files.

To download the PDF, follow this link and choose "Save target as..." from the context menu.

Prerequisites

Students should possess the Cisco® Certified Network Associate (CCNA) certification certification or the equivalent knowledge and/or working knowledge of basic network security and a solid grasp of TCP/IP and fundamental networking concepts.

New Cisco Prerequisites:

• CCNA
  AND
• CCNA Security

Guarantee

If you successfully complete a GlobalNet Training Bootcamp and do not pass a professional certification examination, you are eligible to enroll in a subsequent Bootcamp within one (1) year with just a small administrative fee (and the cost of new books if the course changes).

The GlobalNet Training Guarantee is subject to the following terms and conditions:
(i) You must notify GlobalNet Training in writing and provide proof of having not passed an applicable professional certification examination within 10 days (two business weeks) following the last day of the Bootcamp you attended; (ii) Your participation in a subsequent Bootcamp under this Guarantee is based on seat availability in a regularly scheduled, open enrollment Bootcamp; (iii) Except for your Bootcamp tuition and enrollment fees you are solely responsible for all costs and expenses incurred in attending a Bootcamp under this Guarantee, including all travel, lodging, meals and other out-of-pocket expenses, such as exams, associated with your participation in such Bootcamp; and (iv) Only individual (single) registrations are eligible to participate under this Guarantee. This Guarantee does not apply to custom or corporate block purchases.