Escolar Documentos
Profissional Documentos
Cultura Documentos
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Section 11.1:
Network Security Testing
Upon completion of this section, you should be able to:
Describe the techniques used in network security testing.
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Topic 11.1.1:
Network Security Testing Techniques
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Operations Security
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Testing and Evaluating Network Security
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Types of Network Tests
Operational Status of the Network:
Penetration testing
Network scanning
Vulnerability scanning
Password cracking
Log review
Integrity checks
Virus detection
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Applying Network Test Results
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Topic 11.1.2:
Network Security Testing Tools
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Network Testing Tools
Nmap/Zenmap
SuperScan
SIEM
GFI LANguard
Tripwire
Nessus
L0phtCrack
Metasploit
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Nmap and Zenmap
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
SuperScan
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
SIEM
Essential functions:
Forensic Analysis
Correlation
Aggregation
Retention
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Section 11.2:
Developing a Comprehensive
Security Policy
Upon completion of this section, you should be able to:
Explain the purpose of a comprehensive security policy.
Explain security awareness and how to achieve through education and training.
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Topic 11.2.1:
Security Policy Overview
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Secure Network Life Cycle
Determine what the assets of an organization are by asking:
What does the organization have that others want?
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Security Policy
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Security Policy Audience
Audience Determines Security Policy Content
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Topic 11.2.2:
Structure of a Security Policy
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Security Policy Hierarchy
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Governing Policy
A governing policy includes:
Statement of the issue that the policy addresses
Actions, activities, and processes that are allowed (and not allowed)
Consequences of noncompliance
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Technical Policies
Technical components:
General policies
Telephony policy
Network policy
Application policy
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
End User Polices
Customize End-User Policies for Groups
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Topic 11.2.3:
Standards, Guidelines, and Procedures
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Security Policy Documents
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Standards Documents
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Guideline Documents
NIST Information Technology Portal
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Guideline Documents (Cont.)
NSA Website
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Guideline Documents (Cont.)
Common Criteria Website
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Procedure Documents
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Topic 11.2.4:
Roles and Responsibilities
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Organizational Reporting Structure
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Common Executive Titles
Chief Executive Officer (CEO) Chief Security Officer (CSO)
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Topic 11.2.5:
Security Awareness and Training
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Security Awareness Program
Primary components:
Awareness campaigns
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Topic 11.2.6:
Responding to a Security Breach
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Motive, Opportunity, and Means
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Collecting Data
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Section 11.3:
Summary
Chapter Objectives:
Explain the various techniques and tools used for network security testing.
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Thank you.
Instructor Resources
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 41