SECFND Understanding Cisco Cybersecurity Fundamentals...Understanding Cisco Cybersecurity...
Transcript of SECFND Understanding Cisco Cybersecurity Fundamentals...Understanding Cisco Cybersecurity...
Understanding Cisco Cybersecurity FundamentalsSECFND
Instructor: Graham Tuthill
Location: Wokingham UKDate: 16th March 2020
Please could you check your email (SPAM) for details to aquire course material
Next course SECOPS
Course Times:Monday 9:30 to 4:30Tuesday 9:00 to 4:30Wednesday 9:00 to 4:30Thursday 9:00 to 4:30Friday 9:00 to ?
Breaks10:45/15 mins12:30/40 mins2:45/15 mins
My Website:defaultgateway.co.uk
eMaterial Access Codes
http://learningspace.cisco.com
[email protected] 7DDFd266RwpYv6wyIfDj [email protected] 9kHFL1V1h3Nn9os3YP5I
Peter
Harris
DHCP Snooping
Trusted IP/Mac db on the switchused DAI
Routing
Static Dynamic
Specific Default IGPs EGPs
172.16.1.0/24 n/h 0.0.0.0/0 n/hBGP
DistanceVector
LinkState
RIP V1/V2IGRP OSPF
IS ISAdv D/VEIGRPCisco
STD
NAT
1. Static2. Dynamic3. PAT (1 -->65536)(Policy)
INSIDE OUTSIDE
Source IP changed
PVT-->PubDestination IP changed
10.1.1.0/2410.1.1.0/24
10.0.0.0/8
1x ICMP Echo RequestDestination 10.255.255.255Source Address 10.0.0.3
TCP SYN to 10.0.0.10/21Source 10.0.0.3
ACK for server seq #TCP SEQ # predictor
Code backdoor
Directed broadcast is defaulted off
SMURF
We have done enough theory for you to take a look at labs1 and 2
Lab 1 Explore the TCP/IP Protocols Suite
Lab 2 Explore The network infrastructure
Complete by about 3:20
Finished for today if you can complete lab 2 by 9:00 tomorrow
966 694 689 enter this number into Zoom
ARP Cache.10/b ARP Cache
.1/a
GARP Broadcast.1/c.10/c
MITMWireshark
Complete Lab 3 by 11:20
Routing Attacks
MITM
OSPF
Authentication & Integrity
CIA Triad
Confidentiality Intergrity
Availability
Data ConfidentialityData IntergityData Authentication
Anti Replay
Encyption
Hashing + Key
Sequence numbers
Non RepudiationDigital Certificates
Encryption
Symetric Asymetric
AES3DESDESRC4 (Stream)CASTBlowfishSwordfish....
CBC(Blocks)
RSA (Pub/Pvt)DSADHECDHDig Signatures
1000xmore proc intensive Symetricnot for use on Bulk Encryption
Bulk encryption
DES CBC
Sender RecvPlain Text
16 Rounds
Cipher Text
56 bit key
Lunch to 1:05
Data Integrity & Authentication0
1x pen £1
MD5SHA 1/2
1x pen £1
1x pen £10
MD5-HMAC
Amazon
https://
Verisign
RSAPubPvt
CSR
AmazonRSAPubPvt
PKCS#10
Diffie Hellman
Alice Bob
EVE
Base # =2
DH Group 1/2/5/7/22ecdh
IPSEC
Phase 1
Phase 2
How to set up IPSECAH/ESP DES/AES/SHA/MD5
IKE
Authetication
Take a coffee break and then start lab 4Cryptography
Anticipate with a break that we can start a recapabout 4:00 pm
cisco
cisco123
ciscoabc
%6_=sd
@;kdf23
++w"3as
Config
%6_=sd
Rainbow TablesyvQJ
P{}=-12
BobPubPvt
Alice Pub/PvtA trusted copyBob Pub key
A good file
Eve
A bad file
HASH ColissionMD5/SHA128/160
Quantitve Qualitive
Risk Assesment
ALE= (AVxEF) x ARO
£100000 x .3 x0.5
£30000
£15000
salt Fat Sat fat Cal
PaddingOnOracleDowngrade & Decrypt to SSLLegacyEncryption
Complete Lab 5 andtake a lunch break 1:30
Command Injections
Cross-Site Scripting
Complete Lab 6
If you finish around 4:00 pmI might just end the day on areview recap of the lab
Lab 7 Windows OS
Take a break
11:40 we will start the Linux Theory
Lab 8 Linux Lab
Take a lunch break
We will start again no later than 2:00 pm
Complete Lab 9 by3:50 including acoffee break.
Complete Lab 10 by9:00 am tomorrow
No more theorytonight
Signature db
SourceFire IDS/IPSSNORT Rules
Firepower
Signature dbAnonmoly Detection
SSL Decryption 80%CPU hit
FALSE PositiveFALSE Negative
TRUE PositiveTRUE Negative
Take a coffee break
we will start again at11:20 assume lab 11 isdone
IPS Fragmentation Evasion
VPN's
Remote Access Site/Site
Internetlack of sla
SSL/TLS
IPSEC
Clientless(IE)SSL
IPSEC
Session Data Like a phone bill (5 tuples)Full Packet Capture Record all bits like phone tappingTransactional Data All operations of Network session system activities (ie All HTTP Client Requests)
HTTP Daemon Logs all client requests/server responseSMTP Daemon Logs email connections and storage
Extracted Content Mined from Network Traffic like email/file attachmentsStatistical Data Session data presented in graphical form (Stealthwatch) GraphsAlert Data Most focused (Crystillised) ie match IDS/IPS rules and fireSyslog Alert levels 0-7 (Emergency through to Debug)IOCs A data point extracted(corollated) from data used as a predictor of system comprimise
NTP Important to all above
Lab 12 is all about data analysis no more45 minutes