Updates about our courses and discounts.
CCSP® Training Boot CampMaster All Five Security Exams This Cisco® authorized course is delivered by
Suggested Course Track: Possess the skills necessary to ensure the security of all network-based transactions. Become uniquely qualified and valued in the security arena with GlobalNet Training's 12-day Cisco® Certified Security Professional (CCSP) Training Boot Camp. This course includes the INFOSEC, ASA Specialist, CCNA Security and CCSP Certifications. The CCSP certification provides network professionals with professional level recognition in designing and implementing Cisco® secure networks. CCSP holders are actively involved in developing business solutions and designing and delivering multiple levels of security departments. December 6, 2008 -- Todd Lammle Protecting your Network… Now! There are many common ways to gather information about a network and compromise the corporate information as well as cause destruction of a corporate web server and services. You need to be prepared today. Here's a list of the most common ones: Network packet sniffers When reading about each of these threats, what you want to keep in mind is how to protect your network and your data from each of these different types of attacks. Not only do hackers steal data, they also are intent on corrupting or destroying data, or even added “extra” data to your network that can cause irreparable damage. If you are an administrator that uses your powers for good and not for evil, then a network packet sniffer is your best buddy. You can see all sorts of network information, which is critical to administrating the network and keeping it in top shape. However, if someone was to use their power for evil, then they can basically read packets of information sent across a network by using a network packet sniffer. Because the network packets are not encrypted by default, they can be processed and understood by any available network sniffer. The hacker that wants to gather this information must be connected to the network in order to gather this information, so controlling physical access to your network is very important. Some applications send all information across the network in clear text, which could possible allow a sniffer to pick up a username and password. This username and password can then be used to gain access to other corporate resources. When an attacker obtains the correct account information, he or she has the run of your network. If a hacker gains an admin or root access, then the user can even create a new user ID that can be used at any time as a back door to get into your network and its resources. An IP spoofing attack occurs when an attacker outside your network pretends to be a trusted computer by using an IP address that is within the range of IP addresses for your network. However, if you were to just place a simple access-list on the corporate routers interface to the Internet denying access to your internal network IP addresses from entering this interface, you can effectively and easily stop IP spoofing. However, this solution will only work if the attacker is outside the network. If someone were to spoof a network ID, they would have to change the routing tables in your router in order to receive any packets. Once they do this, they can then possibly access user accounts and passwords; however, the attacks are still possible if they don’t change the routing tables by combining simple spoofing attacks with knowledge of messaging protocols. The smurf attack sends a large a large amount of ICMP echo (ping) traffic to an IP broadcast addresses from a supposedly valid host that is traceable. This host then gets blamed from the attack. The problem this causes is a sending of a layer two broadcast. Most hosts on the attacked IP network will take the ICMP echo request and reply to it with an echo reply each, multiplying the traffic by the number of hosts responding. This creates a denial of service to actual users because the network traffic is so high. Fraggles use UDP echo packets in the same fashion as the ICMP echo packets; it was a simple re-write of smurf to use a Transport layer broadcast. To stop a smurf attack, the administrator should perform filtering on the network where the corporate network connects to the ISP or Internet If a hacker creates a program that repeatedly attempts to identify a user account and/or password, this is called a brute-force attack. If the hacker is successful at gathering the usernames and passwords, then the hacker will gain access to all resources the stolen username and password will provide to the actual corporate user. If this is the admin account, then the network would be completely jeopardized. The term “WareZ” is used to apply to unauthorized distribution of software. This is not an attack on a corporate network or web site, but a motivation to either sell someone else’s software or allow the unlicensed versions of software for free distribution on the Internet. This can happen from internal employees or anyone on the Internet with a cracked version of the software. This is a huge problem for software companies. Typically harder to do, but these attacks can still happen if someone can gain physical access to your network. However, internal users, a spoofer or even someone at your ISP can initiate a man-in-the-middle attack. What these attackers do is get in-the-middle of a network segment and steal data. The Man-in-the Middle Attacks are usually implemented by using network packet sniffers, routing protocols or even Transport layer protocol. The attackers can place corrupted or damaging data on your network, steal confidential information, or even start denial of service attacks. The denial-of-service attacks are easy to do and hard to stop. This type of attack is usually used to stop normal users from getting to corporate resources, typically a web server. The denial-of-service attack is based on the idea that an attacker can use up all the available service of a server so the servers services are not available to actual users or customers. These attacks are usually implemented using TCP so that all the open port numbers are used up and then a valid host cannot create a session with a web server. However, other protocols can be used just as easily, like ICMP. Checkpoint has a Firewall 1 product out that uses a Flood Gate module that has been pretty successful in stopping denial-of-service attacks and at a decent price. Cisco can also provide some security from this type of attack, but it is more expensive. You get what you pay for. The TCP protocol creates a reliable session between two hosts. This allows the hosts to transfer data with acknowledgements and flow control, as well as some security that the two hosts are communicating directly. However, session highjacking is the process of squeezing between the two hosts having the transmitting host send the data to a different host then the valid host it had previously created a session with. This is not the most typical attack these days because a network sniffer can gather much more information, but they are still possible. The solution to session highjacking or replaying is to use a strongly authenticated encrypted management protocol. This type of an attack will happen to an application that can be exploited with well-known weaknesses. Sendmail, PostScript and FTP are examples of applications that are known to have an easy weakness. The idea of this attack is to gain access to a computer with the permissions of the account running the application, which is usually a privileged system-level account. Actually a very cool attack in the way it is implemented, the Trojan horse creates a substitute for a common program and users think they are in a valid program when they are not. This allows the attacker to monitor login attempts to capture user account and password information, for example. This attack can also allow the user to modify application behavior to then receive all your corporate emails sent and received. Another new attack on the Internet scene is the exploiting of several new technologies: the Hypertext Markup Language (HTML) specification, Web browser functionality, and HTTP attacks. These attacks, which include Java applets and ActiveX controls, involve passing harmful programs across the network and loading them through a user's browser. The unique part of this type of attack is that the attacker first changes the program, but the user doesn’t initiate the attack until they choose a certain page or program. Also, the attacks are non-hardware dependant because of the portability of the programs. Conclusion There are more attacks available then the ones I listed in this article, and you need to research and keep up on the latest attacks. I think that virus’s are the worst, and there was not room to start discussing virus attacks in this article since I could write a whole article on just virus attacks and certain types of protection. Course Content The VPN offerings of Cisco have changed and been distributed over many of their other devices, which is now reflected in our course. The other devices such as the ASA and routers have been put in place and given the functionality to perform those tasks. Each of the courses (excluding the IPS and HIPS courses) will include VPN training. The only thing that is removed from the course is how to implement VPNs on a Cisco 3000 series Concentrator and 3002 series Hardware Client. The training no longer includes those devices because they have been designated as end-of-sale from Cisco. Our 12 day certification course covers all of the objectives to complete your CCSP certification. We do not rely on outdated third party test preparation material or courseware. We have been writing our own curriculum since our company began delivering bootcamps in 1997. Your instructor wrote the material used in class and updates it before each course. The GlobalNet Training CCSP boot camp is a guarantee certification course taught by a Certified Expert Instructor and includes hands-on training on Cisco®:
This course also includes:
Certifications To ensure Cisco certification holders are current on the latest technology trends, Cisco has updated the CCSP certification and also introduced new specialist certifications. Completing our CCSP program will now get you a total of 4 Cisco Specialist designations, 1 Cisco Professional Designation and 1 National Security Agency Professional designation.
Cisco has continued to work closely with the US National Security Agency (NSA) to ensure that certification training directly maps to the 4011 and 4013 standards. 4011 is the training standard for Information Systems Security (INFOSEC) for associate-level IT professionals and 4013 is the standard for more experienced IT professionals. Click for more info on these standards. The updated CCSP program and new exams will continue to provide 4011 and 4013 letters of recognition signed by Cisco CEO, John Chambers. The criteria to receive a recognition letter are as follows:
Equipment
Our students never share equipment. Each student is trained utilizing live Cisco® Routers, Switches, PIX Firewalls, VPN concentrators, ASA’s and VPN Hardware/Software clients during several intense lab sessions. Exams The Securing Networks with PIX and ASA (SNPA) exam is now replaced and extended by the Securing Networks with ASA Foundation (SNAF) exam and Securing Networks with ASA Advanced (SNAA). In addition, the Securing Networks with Cisco Routers and Switches (SNRS) exam has also been refreshed. GlobalNet's CCSP Boot Camp students are trained on more hardware and lab time to master the following four associated Cisco security exams:
· Cisco® Certified Security Professionals are valid for three years. Outline GlobalNet Training’s 12-day certification course covers all of the objectives for the Securing Networks with PIX and ASA Exam (SNPA 642-523), Securing Cisco® Network Devices Exam (SND 642-552), Securing Networks with Cisco® Routers and Switches Exam (SNRS 642-503), Implementing Cisco® Intrusion Prevention System Exam (IPS 642-533), Securing Hosts Using Cisco® Security Agent Exam (HIPS 642-513). *The following reflects the weekly CCSP 2-week schedule. Week 1:
Week 2:
Prerequisites Students should possess the Cisco® Certified Network Associate (CCNA) certification certification or the equivalent knowledge and/or working knowledge of basic network security and a solid grasp of TCP/IP and fundamental networking concepts. New Cisco Prerequisites:
Guarantee If you successfully complete a GlobalNet Training Bootcamp and do not pass a professional certification examination, you are eligible to enroll in a subsequent Bootcamp within one (1) year with just a small administrative fee (and the cost of new books if the course changes). The GlobalNet Training Guarantee is subject to the following terms and conditions: |
