Understanding Cisco Cybersecurity FundamentalsSECFND

Instructor: Graham Tuthill

Location: Wokingham UKDate: 16th March 2020

Please could you check your email (SPAM) for details to aquire course material

Next course SECOPS

Course Times:Monday 9:30 to 4:30Tuesday 9:00 to 4:30Wednesday 9:00 to 4:30Thursday 9:00 to 4:30Friday 9:00 to ?

Breaks10:45/15 mins12:30/40 mins2:45/15 mins

My Website:defaultgateway.co.uk

eMaterial Access Codes

http://learningspace.cisco.com

peter.diduch@blackbaud.co.uk 7DDFd266RwpYv6wyIfDj harris.mcivor@west-dunbarton.gov.uk 9kHFL1V1h3Nn9os3YP5I

Peter

Harris

DHCP Snooping

Trusted IP/Mac db on the switchused DAI

Routing

Static Dynamic

Specific Default IGPs EGPs

172.16.1.0/24 n/h 0.0.0.0/0 n/hBGP

DistanceVector

LinkState

RIP V1/V2IGRP OSPF

IS ISAdv D/VEIGRPCisco

STD

NAT

1. Static2. Dynamic3. PAT (1 -->65536)(Policy)

INSIDE OUTSIDE

Source IP changed

PVT-->PubDestination IP changed

10.1.1.0/2410.1.1.0/24

10.0.0.0/8

1x ICMP Echo RequestDestination 10.255.255.255Source Address 10.0.0.3

TCP SYN to 10.0.0.10/21Source 10.0.0.3

ACK for server seq #TCP SEQ # predictor

Code backdoor

Directed broadcast is defaulted off

SMURF

We have done enough theory for you to take a look at labs1 and 2

Lab 1 Explore the TCP/IP Protocols Suite

Lab 2 Explore The network infrastructure

Complete by about 3:20

Finished for today if you can complete lab 2 by 9:00 tomorrow

966 694 689 enter this number into Zoom

graham.tuthill@globalknowledge.co.uk

ARP Cache.10/b ARP Cache

.1/a

GARP Broadcast.1/c.10/c

MITMWireshark

Complete Lab 3 by 11:20

Routing Attacks

MITM

OSPF

Authentication & Integrity

CIA Triad

Confidentiality Intergrity

Availability

Data ConfidentialityData IntergityData Authentication

Anti Replay

Encyption

Hashing + Key

Sequence numbers

Non RepudiationDigital Certificates

Encryption

Symetric Asymetric

AES3DESDESRC4 (Stream)CASTBlowfishSwordfish....

CBC(Blocks)

RSA (Pub/Pvt)DSADHECDHDig Signatures

1000xmore proc intensive Symetricnot for use on Bulk Encryption

Bulk encryption

DES CBC

Sender RecvPlain Text

16 Rounds

Cipher Text

56 bit key

Lunch to 1:05

Data Integrity & Authentication0

1x pen £1

MD5SHA 1/2

1x pen £1

1x pen £10

MD5-HMAC

Amazon

https://

Verisign

RSAPubPvt

CSR

AmazonRSAPubPvt

PKCS#10

Diffie Hellman

Alice Bob

EVE

Base # =2

DH Group 1/2/5/7/22ecdh

IPSEC

Phase 1

Phase 2

How to set up IPSECAH/ESP DES/AES/SHA/MD5

IKE

Authetication

Take a coffee break and then start lab 4Cryptography

Anticipate with a break that we can start a recapabout 4:00 pm

cisco

cisco123

ciscoabc

%6_=sd

@;kdf23

++w"3as

Config

%6_=sd

Rainbow TablesyvQJ

P{}=-12

BobPubPvt

Alice Pub/PvtA trusted copyBob Pub key

A good file

Eve

A bad file

HASH ColissionMD5/SHA128/160

Quantitve Qualitive

Risk Assesment

ALE= (AVxEF) x ARO

£100000 x .3 x0.5

£30000

£15000

salt Fat Sat fat Cal

PaddingOnOracleDowngrade & Decrypt to SSLLegacyEncryption

Complete Lab 5 andtake a lunch break 1:30

Command Injections

Cross-Site Scripting

Complete Lab 6

If you finish around 4:00 pmI might just end the day on areview recap of the lab

Lab 7 Windows OS

Take a break

11:40 we will start the Linux Theory

Lab 8 Linux Lab

Take a lunch break

We will start again no later than 2:00 pm

Complete Lab 9 by3:50 including acoffee break.

Complete Lab 10 by9:00 am tomorrow

No more theorytonight

Signature db

SourceFire IDS/IPSSNORT Rules

Firepower

Signature dbAnonmoly Detection

SSL Decryption 80%CPU hit

FALSE PositiveFALSE Negative

TRUE PositiveTRUE Negative

Take a coffee break

we will start again at11:20 assume lab 11 isdone

IPS Fragmentation Evasion

VPN's

Remote Access Site/Site

Internetlack of sla

SSL/TLS

IPSEC

Clientless(IE)SSL

IPSEC

Session Data Like a phone bill (5 tuples)Full Packet Capture Record all bits like phone tappingTransactional Data All operations of Network session system activities (ie All HTTP Client Requests)

HTTP Daemon Logs all client requests/server responseSMTP Daemon Logs email connections and storage

Extracted Content Mined from Network Traffic like email/file attachmentsStatistical Data Session data presented in graphical form (Stealthwatch) GraphsAlert Data Most focused (Crystillised) ie match IDS/IPS rules and fireSyslog Alert levels 0-7 (Emergency through to Debug)IOCs A data point extracted(corollated) from data used as a predictor of system comprimise

NTP Important to all above

Lab 12 is all about data analysis no more45 minutes

My emailgraham.tuthill@globalknowledge.co.uk