Lab – Lab – Researching Researching Network Security Threats Objectives Part 1: Explore the SANS Website Part 2: Identify Recent Network Security Threats Part 3: Detail a Specific Network Security Threat
Background / Scenario To defend a network against attacks, an administrator must identify external threats that pose a danger to the network. Security websites can be used to identify emerging threats and provide mitigation options for defending a network. One of the most popular and trusted sites for defending against computer and network security threats is SysAdmin, Audit, Network, Security (SANS). The SANS site provides multiple resources, including a list of the top 20 Critical Security Controls for Effective Cyber Defense and the weekly @Risk: The Consensus Security Alert newsletter. This ne wsletter details new network attack s and vulnerabilities. In this lab, you will navigate to and explore the SANS site, use the SANS site to identify recent network security threats, research other websites that identify threats, and research and present the details about a specific network attack.
Required Resources •
Device with Internet access
•
Presentation computer with PowerPoint or other presentation software installed
Part 1: Exploring the SANS Website In Part 1, navigate to the SANS website and explore the available resources.
Step 1: Locate SANS resources. Navigate to to www.SANS.org www.SANS.org.. From the home page, highlight the Resources menu. Resources menu. List three available resources.
•Infosec Reading Room •Security Newsletters •IAD Top 10 Mitigations
Step 2: Locate the Top 20 Critical Controls. The Twenty Critical Security Controls for Effective Cyber Defense listed Defense listed on the SANS website are the culmination of a public-private partnership involving the Department of Defense (DoD), National Security Association, Center for Inte rnet Security (CIS), and the SANS Institute. T he list was developed to prioriti ze the cyber security controls and spending for DoD. It has become the centerpiece for effective security programs for the United States government. From the Resources menu, Resources menu, select Top 20 Critical Controls. Controls. Select one of the 20 Critical Controls and list three of the implementation suggestions for this control.
◦
◦
Identity Services Engine (ISE)
McAfee Vulnerability Manager
© 2015 Cisco and/or its affiliates
Page 1 of 4
◦
CCS, RAS
. All rights reserved. This document is Cisco Public.
Lab – Researching Network Security Threats
Step 3: Locate the Newsletters menu. Highlight the Resources menu, select Newsletters. Briefly describe each of the three newsletters available.
OUCH! is the world's leading, free security awareness newsletter designed for the common computer user. A key purpose of the @RISK is to provide the data that will ensure that the 20 Critical Controls (the US and UK benchmark for effective protection of networked systems) continue to be the most effective defenses for all known attack vectors. SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible
Part 2: Identify Recent Network Security Threats In Part 2, you will research recent network security threats using the SANS site and identify other sites containing security threat information.
Step 1: Locate the @Risk: Consensus Security Alert Newsletter Archive. From the Newsletters page, select Archive for the @RISK: The Consensus Security Alert. Scroll down to Archives Volumes and select a recent weekly newsletter. Review the Notable Recent Security Issues and Most Popular Malware Files sections. List some recent attacks. Browse multiple recent newsletters, if necessary.
Title: Oracle Releases Quarterly Critical Patch Update for Various Products, Including Java Description: Oracle has released their quarterly set of security bulletins for vulnerabilities that have been identified in various Oracle products. This month's release addresses 136 security flaws for products such as Oracle Database Server, Fusion Middleware, Java, MySQL, Sun Products, and more. Java had 9 security flaws patched with all of them "remotely exploitable without authentication."
Step 2: Identify sites providing recent security threat information. Besides the SANS site, identify some other websites that provide recent security threat information.
SecurityFocus © 2015 Cisco and/or its affiliates
Page 2 of 4
List some of the recent security threats detailed on these websites.
Recently, we saw the indictment of cybercrime kingpin Albert Gonzalez, one of the accused masterminds behind high-profile data breaches at Heartland Payment Systems, Hannaford Bros. Supermarkets, 7-Eleven, and TJX. Next week, Core Security Technologies will present a hands-on look at the attacks Gonzalez and his co-conspirators are believed to have used in breaching these organizations
Part 3: Detail a Specific Network Security Attack In Part 3, you will research a specific network attack that has occurred and create a presentation based on your findings. Complete the form below based on your findings.
. All rights reserved. This document is Cisco Public.
Lab – Researching Network Security Threats
Step 1: Complete the following form for the selected network attack. Name of attack:
Project Chanology
Type of attack:
DDoS attack
Dates of attacks: Computers / Organizations affected:
January 2008 Church of Scientology
How it works and what it did:
The group’s mass-DDoS attack, coordinated using the same software program used to fight for Wikileaks this week, targeted Scientology.org, momentarily knocking it offline.
© 2015 Cisco and/or its affiliates
Page 3 of 4
Mitigation options:
None
References and info links:
http://www.thedailybeast.com/articles/2010/12/11/hackers-10-most-famous-attacks-wormsand-ddos-takedowns.html
Step 2: Follow the instructor’s guidelines to complete the presentation.
Reflection 1.
What steps can you take to protect your own computer?
Limit access
2.
What are some important steps that organizations can take to protect their resources?
Restrict areas that are not necessary for day to day work.
. All rights reserved. This document is Cisco Public.
© 2015 Cisco and/or its affiliates
Page 4 of 4