Chapter 11:

Managing a Secure Network

CCNA Security v2.0

 11.0 Introduction
11.1 Network Security Testing

Chapter Outline 11.2 Developing a

Comprehensive Security Policy
11.3 Summary

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Section 11.1:
Network Security Testing
Upon completion of this section, you should be able to:
Describe the techniques used in network security testing.

Describe the tools used in network security testing.

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Topic 11.1.1:
Network Security Testing Techniques

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Operations Security

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Testing and Evaluating Network Security

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Types of Network Tests
Operational Status of the Network:
Penetration testing

Network scanning

Vulnerability scanning

Password cracking

Log review

Integrity checks

Virus detection

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Applying Network Test Results

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Topic 11.1.2:
Network Security Testing Tools

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Network Testing Tools
Nmap/Zenmap

SuperScan

SIEM

GFI LANguard

Tripwire

Nessus

L0phtCrack

Metasploit

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Nmap and Zenmap

Sample Nmap Screenshot Sample Zenmap Screenshot

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
SuperScan

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
SIEM
Essential functions:
Forensic Analysis

Correlation

Aggregation

Retention

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Section 11.2:
Developing a Comprehensive
Security Policy
Upon completion of this section, you should be able to:
Explain the purpose of a comprehensive security policy.

Describe the structure of a comprehensive security policy.

Describe the standards, guidelines, and procedures of a security policy.

Explain the roles and responsibilities entailed by a security policy.

Explain security awareness and how to achieve through education and training.

Explain how to respond to a security breach.

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Topic 11.2.1:
Security Policy Overview

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Secure Network Life Cycle
Determine what the assets of an organization are by asking:
What does the organization have that others want?

What processes, data, or information systems are critical to the

organization?
What would stop the organization from doing business or fulfilling its
mission?

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Security Policy

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Security Policy Audience
Audience Determines Security Policy Content

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Topic 11.2.2:
Structure of a Security Policy

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Security Policy Hierarchy

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Governing Policy
A governing policy includes:
Statement of the issue that the policy addresses

How the policy applies in the environment

Roles and responsibilities of those affected by the policy

Actions, activities, and processes that are allowed (and not allowed)

Consequences of noncompliance

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Technical Policies
Technical components:
General policies

Telephony policy

Email and communication policy

Remote access policy

Network policy

Application policy

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
End User Polices
Customize End-User Policies for Groups

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Topic 11.2.3:
Standards, Guidelines, and Procedures

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Security Policy Documents

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Standards Documents

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Guideline Documents
NIST Information Technology Portal

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Guideline Documents (Cont.)
NSA Website

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Guideline Documents (Cont.)
Common Criteria Website

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Procedure Documents

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Topic 11.2.4:
Roles and Responsibilities

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Organizational Reporting Structure

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Common Executive Titles
Chief Executive Officer (CEO) Chief Security Officer (CSO)

Chief Technology Officer (CTO) Chief Information Security

Officer (CISO)
Chief Information Officer (CIO)

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Topic 11.2.5:
Security Awareness and Training

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Security Awareness Program
Primary components:
Awareness campaigns

Training and education

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Topic 11.2.6:
Responding to a Security Breach

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Motive, Opportunity, and Means

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Collecting Data

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Section 11.3:
Summary
Chapter Objectives:
Explain the various techniques and tools used for network security testing.

Explain how to develop a comprehensive security policy.

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Thank you.
Instructor Resources

Remember, there are

helpful tutorials and user
guides available via your
NetSpace home page. 1
(https://www.netacad.com) 2

These resources cover a

variety of topics including
navigation, assessments,
and assignments.
A screenshot has been
provided here highlighting
the tutorials related to
activating exams, managing
assessments, and creating
quizzes.

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 41