Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:03,169 --> 00:00:06,669
This is a free, complete course for the CCNA.
2
00:00:06,669 --> 00:00:10,400
If you like these videos, please subscribe\n
3
00:00:10,400 --> 00:00:14,830
Also, please like and leave a comment, and\n
4
00:00:18,179 --> 00:00:20,899
In this video we will cover security fundamentals.
5
00:00:20,899 --> 00:00:27,429
The CCNA is not a cybersecurity certification,\n
6
00:00:27,429 --> 00:00:33,030
of network and system security necessary to\n
7
00:00:33,030 --> 00:00:35,590
Here are the exam topics we’ll cover in\nthis video.
8
00:00:35,590 --> 00:00:41,420
We’ll define some key security concepts,\n
9
00:00:41,420 --> 00:00:47,679
and user authentication, and define the AAA\n
10
00:00:49,270 --> 00:00:52,170
That seems like a lot for one video, and it\nis.
11
00:00:52,170 --> 00:00:56,689
This video will be a brief introduction to\n
12
00:00:56,689 --> 00:01:00,878
If you haven’t studied this material before,\n
13
00:01:02,378 --> 00:01:06,359
So I recommend taking notes to keep all of\n
14
00:01:06,359 --> 00:01:09,810
Here’s what we’ll cover in specific.
15
00:01:09,810 --> 00:01:13,429
First I’ll introduce some key security concepts\nand terms.
16
00:01:13,429 --> 00:01:18,728
Then some common attacks which can target\n
17
00:01:18,728 --> 00:01:22,890
Then I’ll talk about passwords and multi-factor\nauthentication.
18
00:01:22,890 --> 00:01:29,200
Then the concepts of Authentication, Authorization,\n
19
00:01:29,200 --> 00:01:33,099
Finally I’ll introduce security programs\n
20
00:01:33,099 --> 00:01:36,880
to secure their systems and educate their\nstaff.
21
00:01:36,879 --> 00:01:41,578
Watch until the end of the video for a bonus\n
22
00:01:43,099 --> 00:01:47,569
So, the title of this slide is ‘why security?’
23
00:01:47,569 --> 00:01:50,638
What is the purpose or goal of security in\nan enterprise?
24
00:01:50,638 --> 00:01:54,839
I’m sure you can think of some reasons why\n
25
00:01:54,840 --> 00:01:59,130
systems to be secure, but it’s good to have\na framework.
26
00:01:59,129 --> 00:02:03,269
The principles of the CIA triad form the foundation\nof security.
27
00:02:03,269 --> 00:02:06,918
We’re not talking about the American Central\n
28
00:02:06,918 --> 00:02:10,449
Here’s what CIA stands for in this case.
29
00:02:14,500 --> 00:02:19,169
It means that only authorized users should\n
30
00:02:19,169 --> 00:02:23,939
Some information and data is public and can\n
31
00:02:23,939 --> 00:02:30,389
put on the company website, but some is secret\n
32
00:02:30,389 --> 00:02:35,739
And there are degrees in the middle, some\n
33
00:02:39,419 --> 00:02:43,759
This means that data should not be tampered\n
34
00:02:44,930 --> 00:02:49,360
Data should be correct and authentic, not\n
35
00:02:49,360 --> 00:02:53,090
Finally, A stands for availability.
36
00:02:53,090 --> 00:02:57,159
This means that the enterprise network and\n
37
00:02:59,219 --> 00:03:03,650
For example, staff should be able to access\n
38
00:03:03,650 --> 00:03:07,870
their duties, and the company’s website\n
39
00:03:11,969 --> 00:03:16,199
Confidentiality, integrity, and availability.
40
00:03:16,199 --> 00:03:21,000
Attackers can threaten the confidentiality,\n
41
00:03:22,259 --> 00:03:28,280
We’ll see how attackers do that when we\n
42
00:03:28,280 --> 00:03:33,759
In addition to the CIA triad, there are some\n
43
00:03:33,759 --> 00:03:36,590
and these are explicitly stated in the exam\ntopics.
44
00:03:36,590 --> 00:03:43,250
First, a vulnerability is any potential weakness\n
45
00:03:45,210 --> 00:03:49,490
But keep in mind, a potential weakness on\n
46
00:03:49,490 --> 00:03:55,350
The windows of a house for example are vulnerabilities,\n
47
00:03:56,810 --> 00:04:03,650
Next, an exploit is something that can potentially\n
48
00:04:03,650 --> 00:04:07,960
But again, something that can potentially\n
49
00:04:09,159 --> 00:04:15,169
A rock can exploit the weakness of a window\n
50
00:04:16,170 --> 00:04:22,028
Next, a threat is the potential of a vulnerability\n
51
00:04:23,779 --> 00:04:28,698
To use the window and rock analogy, a threat\n
52
00:04:31,009 --> 00:04:33,470
Here’s a more relevant example.
53
00:04:33,470 --> 00:04:37,800
A hacker exploiting a vulnerability in your\nsystem is a threat.
54
00:04:37,800 --> 00:04:43,629
Finally, a mitigation technique is something\n
55
00:04:43,629 --> 00:04:47,400
There are various mitigation techniques and\n
56
00:04:47,399 --> 00:04:54,329
against, and we’ll cover some techniques\n
57
00:04:54,329 --> 00:04:57,839
Appropriate mitigation techniques should be\n
58
00:04:57,839 --> 00:05:04,138
be exploited, for example client devices,\n
59
00:05:04,139 --> 00:05:08,829
In addition, mitigation techniques include\n
60
00:05:08,829 --> 00:05:13,649
from getting physical access to the devices\n
61
00:05:16,528 --> 00:05:20,949
But always remember, no system is perfectly\nsecure.
62
00:05:20,949 --> 00:05:26,430
Systems can be more secure or less secure,\n
63
00:05:26,430 --> 00:05:31,829
You can, for example, implement malware detection\n
64
00:05:31,829 --> 00:05:36,959
antivirus software on client PCs, but the\n
65
00:05:38,490 --> 00:05:42,810
Now let’s review some common attacks.
66
00:05:42,810 --> 00:05:48,038
These are threats which can potentially exploit\n
67
00:05:48,038 --> 00:05:55,128
integrity, or availability, CIA, of an enterprise’s\n
68
00:05:55,129 --> 00:05:57,838
These are the kinds of attacks we will look\nat.
69
00:05:57,838 --> 00:06:01,579
There are many more potential attacks than\n
70
00:06:03,098 --> 00:06:05,469
Let’s take a brief look at each one individually.
71
00:06:05,470 --> 00:06:10,930
The first kind of attack is the denial-of-service,\nDoS, attack.
72
00:06:10,930 --> 00:06:17,088
DoS attacks threaten the availability of a\n
73
00:06:17,088 --> 00:06:21,870
There are many kinds, and I’ll show a few\n
74
00:06:21,870 --> 00:06:27,269
TCP SYN flood, which exploits the TCP three-way\nhandshake.
75
00:06:27,269 --> 00:06:32,029
As you know, the three-way handshake is SYN,\nSYN-ACK, and ACK.
76
00:06:32,029 --> 00:06:39,568
In a TCP SYN flood, the attacker sends countless\n
77
00:06:39,569 --> 00:06:44,580
The target sends a SYN-ACK message in response\n
78
00:06:44,579 --> 00:06:49,050
But the attacker never replies with the final\n
79
00:06:51,658 --> 00:06:56,550
The target waits for the final ACK of each\n
80
00:06:56,550 --> 00:07:00,180
fill up the target’s TCP connection table.
81
00:07:00,180 --> 00:07:04,218
The incomplete connections will timeout and\n
82
00:07:04,218 --> 00:07:10,079
period of time, but the attacker continues\n
83
00:07:10,079 --> 00:07:15,209
In the end, the target is no longer able to\n
84
00:07:15,209 --> 00:07:20,098
has reached the maximum number of TCP connections\n
85
00:07:20,098 --> 00:07:22,618
Let me demonstrate with a diagram.
86
00:07:22,619 --> 00:07:27,320
For each SYN message the attacker sends, the\n
87
00:07:27,319 --> 00:07:33,459
table and sends a SYN-ACK message, then waits\n
88
00:07:35,550 --> 00:07:41,278
The attacker keeps sending SYN messages, and\n
89
00:07:41,278 --> 00:07:47,228
Then the target’s TCP connection table fills\n
90
00:07:47,228 --> 00:07:52,068
By the way, why do you think I drew the SYN-ACK\n
91
00:07:52,069 --> 00:07:56,689
It’s because the attacker likely spoofs\n
92
00:07:56,689 --> 00:08:00,869
IP address, so the SYN-ACK messages don’t\nreturn back to them.
93
00:08:00,869 --> 00:08:04,990
I’ll talk about spoof attacks after DoS\nattacks.
94
00:08:04,990 --> 00:08:10,668
However, a denial-of-service like that is\n
95
00:08:10,668 --> 00:08:14,139
A much more powerful kind of attack is the\nDDoS.
96
00:08:14,139 --> 00:08:19,649
In a DDoS, distributed denial-of-service,\n
97
00:08:19,649 --> 00:08:25,129
with malware and uses them all to initiate\n
98
00:08:27,740 --> 00:08:31,059
This group of infected computers is called\na botnet.
99
00:08:31,059 --> 00:08:37,410
So, in this example the attacker could, through\n
100
00:08:37,409 --> 00:08:42,759
Then, all together they start flooding the\n
101
00:08:42,759 --> 00:08:47,649
server is no longer able to respond to legitimate\n
102
00:08:47,649 --> 00:08:53,429
So, to summarize denial-of-service attacks,\n
103
00:08:57,639 --> 00:08:59,879
Next let’s look at spoofing attacks.
104
00:08:59,879 --> 00:09:06,830
To spoof an address is to use a fake source\n
105
00:09:06,830 --> 00:09:11,800
There are numerous attacks that involve spoofing,\n
106
00:09:11,799 --> 00:09:16,059
An example of a spoofing attack is a DHCP\nexhaustion attack.
107
00:09:16,059 --> 00:09:20,449
Actually, it’s similar to the TCP SYN flood\nattack.
108
00:09:20,450 --> 00:09:25,650
An attacker uses spoofed MAC addresses to\n
109
00:09:25,649 --> 00:09:31,559
Then, the target server’s DHCP pool becomes\n
110
00:09:33,620 --> 00:09:36,710
They won’t be able to get an IP address.
111
00:09:36,710 --> 00:09:40,940
Note that spoofing attacks don’t have to\n
112
00:09:43,909 --> 00:09:49,490
The attacker sends a DHCP discover message\n
113
00:09:49,490 --> 00:09:53,049
Then it sends another with a different fake\nsource MAC address.
114
00:09:53,049 --> 00:09:57,099
Then it does it again, with another fake source\nMAC address.
115
00:09:57,100 --> 00:09:59,759
It keeps sending these at a very quick pace.
116
00:09:59,759 --> 00:10:05,350
The server will reply to each Discover with\n
117
00:10:05,350 --> 00:10:09,680
an IP address it will not assign that address\nto other devices.
118
00:10:09,679 --> 00:10:16,219
So, if these PCs send DHCP discover messages\n
119
00:10:16,220 --> 00:10:21,290
to give them their IP addresses because its\nDHCP pool is full.
120
00:10:21,289 --> 00:10:26,849
Maybe it had 250 IP addresses to lease to\n
121
00:10:26,850 --> 00:10:31,180
So, that’s just one example of a spoofing\nattack.
122
00:10:31,179 --> 00:10:36,899
And in the previous TCP SYN flood example,\n
123
00:10:39,740 --> 00:10:45,509
And this DHCP exhaustion attack resulted in\n
124
00:10:46,509 --> 00:10:51,470
As you can see, some of these attack types\n
125
00:10:52,470 --> 00:10:57,899
But once again, we are attacking the availability,\n
126
00:10:57,899 --> 00:11:00,299
Note that not all spoofing attacks are DoS\nattacks.
127
00:11:00,299 --> 00:11:04,919
Later I’ll show another type of spoofing\n
128
00:11:04,919 --> 00:11:09,729
integrity of a system, not the availability.
129
00:11:09,730 --> 00:11:13,820
Next let’s look at reflection and amplification\nattacks.
130
00:11:13,820 --> 00:11:18,420
In a reflection attack, the attacker sends\n
131
00:11:18,419 --> 00:11:22,879
spoofs the source address of its packets using\n
132
00:11:22,879 --> 00:11:28,759
Then the reflector, for example a DNS server,\n
133
00:11:28,759 --> 00:11:31,389
So, what’s the purpose of this attack?
134
00:11:31,389 --> 00:11:36,789
Well, if the amount of traffic is large enough\n
135
00:11:37,789 --> 00:11:43,360
But, there is a more powerful form of reflection\n
136
00:11:43,360 --> 00:11:48,490
A reflection attack becomes an amplification\n
137
00:11:48,490 --> 00:11:53,299
the attacker is small, but it triggers a large\n
138
00:11:55,360 --> 00:11:58,509
This is how it can trigger a denial of service.
139
00:12:00,110 --> 00:12:07,940
The attacker’s IP address is 1.2.3.4, but\n
140
00:12:07,940 --> 00:12:13,520
a message to a server at 8.8.8.8, which becomes\nthe reflector.
141
00:12:13,519 --> 00:12:18,500
5.6.7.8 is the IP address of the target of\nthe attack.
142
00:12:18,500 --> 00:12:23,350
The attacker’s message causes the reflector\n
143
00:12:23,350 --> 00:12:25,769
resulting in a denial of service.
144
00:12:25,769 --> 00:12:31,960
For example, there are DNS and NTP vulnerabilities\n
145
00:12:33,620 --> 00:12:37,080
You can check out these cloudflare articles\nto read about them.
146
00:12:37,080 --> 00:12:42,730
Do a google search for ‘DNS amplification\n
147
00:12:42,730 --> 00:12:46,240
and you’ll find these articles.
148
00:12:46,240 --> 00:12:49,680
The next type of attack is the man-in-the-middle\nattack.
149
00:12:49,679 --> 00:12:54,339
In this kind of attack, the attacker places\n
150
00:12:54,340 --> 00:13:00,560
to eavesdrop on communications, or to modify\n
151
00:13:00,559 --> 00:13:04,689
A common example is ARP spoofing, also known\nas ARP poisoning.
152
00:13:04,690 --> 00:13:08,870
So, this is yet another kind of spoofing attack.
153
00:13:08,870 --> 00:13:13,840
In an ARP spoofing attack, a host sends an\n
154
00:13:15,690 --> 00:13:22,240
In this case, PC1 is asking for the MAC address\n
155
00:13:22,240 --> 00:13:27,500
Because ARP request messages are broadcast,\n
156
00:13:29,779 --> 00:13:35,409
Then the target of the ARP request, SRV1 in\n
157
00:13:35,409 --> 00:13:39,049
requester, PC1, of SRV1’s MAC address.
158
00:13:40,980 --> 00:13:46,420
The attacker waits briefly and then sends\n
159
00:13:49,809 --> 00:13:54,750
If the attacker’s ARP reply arrives last,\n
160
00:13:59,120 --> 00:14:05,659
Well, now in PC1’s ARP table, the entry\n
161
00:14:05,659 --> 00:14:10,379
address, not the address of the real 10.0.0.1,\nwhich is SRV1.
162
00:14:10,379 --> 00:14:16,789
So, when PC1 tries to send traffic to SRV1,\n
163
00:14:16,789 --> 00:14:21,870
Then, the attacker can inspect the messages,\n
164
00:14:23,529 --> 00:14:28,919
Or, another possibility is that the attacker\n
165
00:14:30,559 --> 00:14:36,909
So, in this example the threat isn’t to\n
166
00:14:36,909 --> 00:14:43,000
of attack compromises the confidentiality\n
167
00:14:43,000 --> 00:14:47,049
of the communications between PC1 and SRV1.
168
00:14:47,049 --> 00:14:52,429
It compromises the confidentiality because\n
169
00:14:52,429 --> 00:14:56,189
to the communications between PC1 and SRV1.
170
00:14:56,190 --> 00:15:01,040
And it compromises the integrity because that\n
171
00:15:01,039 --> 00:15:04,789
before it reaches the destination.
172
00:15:04,789 --> 00:15:07,789
Next let’s look at reconnaissance attacks.
173
00:15:07,789 --> 00:15:11,959
These attacks aren’t attacks themselves,\n
174
00:15:11,960 --> 00:15:16,050
a target which can be used for a future attack.
175
00:15:16,049 --> 00:15:21,209
This is often publicly available information,\n
176
00:15:21,210 --> 00:15:24,290
the information isn’t actually confidential.
177
00:15:24,289 --> 00:15:29,730
For example, you can perform an NSLOOKUP to\n
178
00:15:29,730 --> 00:15:34,720
From there, you can probe for open ports which\n
179
00:15:34,720 --> 00:15:40,910
You could also perform a WHOIS query to learn\n
180
00:15:41,909 --> 00:15:47,689
You can perform a WHOIS query at this website\n
181
00:15:49,039 --> 00:15:53,759
Once contact information is known, some of\n
182
00:15:53,759 --> 00:16:00,059
which we’ll look at soon can be carried\n
183
00:16:00,059 --> 00:16:03,419
Next up is malware, something you’ve probably\nheard of.
184
00:16:03,419 --> 00:16:08,620
Malware, which means malicious software, refers\n
185
00:16:13,070 --> 00:16:17,680
Viruses are malware that infects other software,\n
186
00:16:17,679 --> 00:16:23,569
The virus spreads as the software is shared\n
187
00:16:24,570 --> 00:16:29,750
Once the virus has infected the device it\n
188
00:16:29,750 --> 00:16:33,440
or modifying files on the target computer.
189
00:16:33,440 --> 00:16:36,911
Then there are worms, which are different\n
190
00:16:38,840 --> 00:16:45,350
They are standalone malware and are also able\n
191
00:16:45,350 --> 00:16:50,070
The spread of worms from device to device\n
192
00:16:50,070 --> 00:16:55,129
that if the worm has a ‘payload’, other\n
193
00:16:55,129 --> 00:16:59,269
additional harm to target devices.
194
00:16:59,269 --> 00:17:03,590
Another famous kind of malware is the trojan\n
195
00:17:06,250 --> 00:17:11,650
Trojan horses spread through user interaction\n
196
00:17:15,180 --> 00:17:19,209
Note that these types of malware are defined\n
197
00:17:19,209 --> 00:17:24,610
and how it spreads, not the attacks they carry\n
198
00:17:24,609 --> 00:17:29,359
The above malware types can exploit various\n
199
00:17:31,920 --> 00:17:36,980
And as I said before, there are many types\n
200
00:17:41,140 --> 00:17:46,130
Next up is a very dangerous category of attack,\n
201
00:17:46,130 --> 00:17:51,630
Social engineering attacks target the most\n
202
00:17:51,630 --> 00:17:55,880
This is something you have to be aware of\n
203
00:17:55,880 --> 00:18:00,950
No matter how many security features you configure\n
204
00:18:00,950 --> 00:18:06,569
PCs, etc, people are always a vulnerability\n
205
00:18:06,569 --> 00:18:11,759
Social engineering attacks involve psychological\n
206
00:18:11,759 --> 00:18:17,240
information or perform some action the attacker\n
207
00:18:17,240 --> 00:18:21,990
As with the previous attack types, there are\n
208
00:18:24,589 --> 00:18:29,639
Phishing involves fraudulent emails that appear\n
209
00:18:29,640 --> 00:18:34,350
Amazon, your bank, or your credit card company,\nfor example.
210
00:18:34,349 --> 00:18:39,119
These emails contain links to a fraudulent\n
211
00:18:39,119 --> 00:18:45,219
For example, the website may look identical\n
212
00:18:45,220 --> 00:18:50,120
Users are told to login to the fraudulent\n
213
00:18:52,440 --> 00:18:55,789
Spear phishing is a type of phishing that\nis more targeted.
214
00:18:55,789 --> 00:19:01,500
Not mass emails sent out to anybody, but perhaps\n
215
00:19:03,329 --> 00:19:08,429
Whaling is another kind of phishing targeted\n
216
00:19:10,730 --> 00:19:15,960
There is also vishing, voice phishing, which\n
217
00:19:15,960 --> 00:19:19,930
The attacker could pretend to be from the\n
218
00:19:21,509 --> 00:19:25,769
They might say something like, Hi this is\n
219
00:19:25,769 --> 00:19:30,170
Due to company policy we need to reset your\n
220
00:19:30,170 --> 00:19:32,140
currently using and I’ll reset it for you?’
221
00:19:32,140 --> 00:19:36,610
Now, I’m sure a real attacker would be more\n
222
00:19:38,500 --> 00:19:44,380
Another kind is smishing, SMS phishing, which\n
223
00:19:45,839 --> 00:19:50,389
Okay, let’s move on from phishing, because\n
224
00:19:51,430 --> 00:19:56,970
Watering hole attacks compromise sites that\n
225
00:19:56,970 --> 00:20:01,420
If a malicious link is placed on a website\n
226
00:20:02,500 --> 00:20:06,799
So, this kind of attack is taking advantage\n
227
00:20:06,799 --> 00:20:10,509
frequently visit, they don’t think twice\n
228
00:20:10,509 --> 00:20:15,259
Okay, I want to mention one more kind of social\nengineering.
229
00:20:15,259 --> 00:20:20,670
Tailgating attacks involve entering restricted,\n
230
00:20:20,670 --> 00:20:23,590
authorized person as they enter.
231
00:20:23,589 --> 00:20:28,869
Any company that has restricted areas will\n
232
00:20:28,869 --> 00:20:34,039
will hold the door open for the attacker to\n
233
00:20:36,250 --> 00:20:41,009
To summarize social engineering attacks, they\n
234
00:20:41,009 --> 00:20:45,619
a company’s IT systems, instead they exploit\nthe employees.
235
00:20:45,619 --> 00:20:49,009
Here’s an example of a phishing email.
236
00:20:49,009 --> 00:20:53,589
It says that the target’s Amazon account\n
237
00:20:53,589 --> 00:20:58,769
and there is a link at the bottom requesting\n
238
00:20:58,769 --> 00:21:03,230
If the target clicks on that link and enters\n
239
00:21:03,230 --> 00:21:06,470
has access to their Amazon account.
240
00:21:06,470 --> 00:21:09,630
Anyone who has an email address has seen emails\n
241
00:21:09,630 --> 00:21:12,650
It’s something we all have to watch out\nfor.
242
00:21:12,650 --> 00:21:18,509
Okay, the final kind of attack we’ll look\n
243
00:21:18,509 --> 00:21:23,589
Most systems use a username and password combination\n
244
00:21:23,589 --> 00:21:29,129
The username itself is often simple and easy\n
245
00:21:29,130 --> 00:21:35,590
So, the strength and secrecy of the password\n
246
00:21:35,589 --> 00:21:40,399
However, attackers can learn a user’s password\n
247
00:21:40,400 --> 00:21:42,870
First of all, they could simply guess the\npassword.
248
00:21:42,869 --> 00:21:48,139
Now, successfully guessing a password should\n
249
00:21:48,140 --> 00:21:53,540
A dictionary attack can also be used, in which\n
250
00:21:53,539 --> 00:21:58,190
is a list of common words and passwords to\n
251
00:21:58,190 --> 00:22:01,690
It tries each one, hoping to find the correct\npassword.
252
00:22:01,690 --> 00:22:07,269
A brute force attack involves trying every\n
253
00:22:07,269 --> 00:22:11,259
and special characters to find the target’s\npassword.
254
00:22:11,259 --> 00:22:16,119
This requires a very powerful computer, and\n
255
00:22:16,119 --> 00:22:20,039
chances of it working are very low, because\n
256
00:22:20,039 --> 00:22:24,990
So, what makes a password strong, so that\n
257
00:22:24,990 --> 00:22:29,410
Well, strong passwords should contain at least\n8 characters.
258
00:22:29,410 --> 00:22:33,110
Definitely not less, but preferably more than\n8.
259
00:22:33,109 --> 00:22:37,829
The more characters, the harder it is to brute\n
260
00:22:37,829 --> 00:22:42,589
A strong password should have a mix of uppercase\n
261
00:22:44,700 --> 00:22:50,299
Also it should have one or more special characters\n
262
00:22:51,400 --> 00:22:53,980
Finally it should be changed regularly.
263
00:22:53,980 --> 00:22:58,400
Most enterprises will enforce rules like these\n
264
00:22:58,400 --> 00:23:03,300
that you follow rules like these when making\n
265
00:23:03,299 --> 00:23:07,139
Okay, that was a lot of potential attacks.
266
00:23:07,140 --> 00:23:11,060
To help you review, here’s a basic summary\nof each attack.
267
00:23:11,059 --> 00:23:14,779
If you want to know more about each kind of\n
268
00:23:17,049 --> 00:23:22,450
For our purposes, just a basic understanding\n
269
00:23:22,450 --> 00:23:27,360
So, make sure you know these basic attack\ntypes.
270
00:23:27,359 --> 00:23:31,539
Next let’s continue with the topic of multi-factor\n
271
00:23:31,539 --> 00:23:35,819
No matter how secure the password, there is\n
272
00:23:36,819 --> 00:23:42,189
That’s why multi-factor authentication is\n
273
00:23:42,190 --> 00:23:45,910
Multi-factor authentication involves providing\n
274
00:23:47,940 --> 00:23:53,769
It usually involves providing two of the following,\n
275
00:23:53,769 --> 00:23:59,710
First is something you know, for example a\n
276
00:23:59,710 --> 00:24:04,440
Next is something you have, for example pressing\n
277
00:24:04,440 --> 00:24:09,529
using an authenticator app, or perhaps a badge\nthat is scanned.
278
00:24:09,529 --> 00:24:14,210
The third is something you are, these are\n
279
00:24:14,210 --> 00:24:21,130
For example, biometrics such as a face scan,\n
280
00:24:22,279 --> 00:24:27,629
Requiring multiple factors of authentication\n
281
00:24:27,630 --> 00:24:31,520
Even if an attacker learns the target’s\n
282
00:24:35,150 --> 00:24:39,490
Another form of authentication involves the\n
283
00:24:39,490 --> 00:24:43,700
to prove the identity of the holder of the\ncertificate.
284
00:24:43,700 --> 00:24:48,779
They are mainly, but not exclusively, used\n
285
00:24:51,559 --> 00:24:57,519
Entities that want a certificate, for example\n
286
00:24:57,519 --> 00:25:05,109
signing request, to a CA, certificate authority,\n
287
00:25:05,109 --> 00:25:09,579
When you access a website, modern browsers\n
288
00:25:09,579 --> 00:25:13,449
website is secure and has a valid certificate.
289
00:25:13,450 --> 00:25:18,390
As you can see, my website has a valid certificate,\n
290
00:25:20,990 --> 00:25:26,160
This is how you can know that the website\n
291
00:25:26,160 --> 00:25:29,080
not a fake website pretending to be jeremysitlab.com.
292
00:25:29,079 --> 00:25:35,750
I’ve been mentioning authentication a lot,\n
293
00:25:35,750 --> 00:25:38,039
you need to know for the CCNA.
294
00:25:38,039 --> 00:25:43,009
AAA stands for Authentication, Authorization,\nand Accounting.
295
00:25:43,009 --> 00:25:49,000
It’s a framework for controlling and monitoring\n
296
00:25:49,000 --> 00:25:52,819
So, what do each of those A’s mean?
297
00:25:52,819 --> 00:25:56,409
Authentication is the process of verifying\na user’s identity.
298
00:25:56,410 --> 00:26:02,450
When a user logs in, ideally using multi-factor\n
299
00:26:02,450 --> 00:26:08,289
Then, Authorization is the process of granting\n
300
00:26:08,289 --> 00:26:13,659
So, granting the user access to some files\n
301
00:26:13,660 --> 00:26:17,220
files and services, is authorization.
302
00:26:17,220 --> 00:26:22,929
Finally, accounting is the process of recording\n
303
00:26:22,929 --> 00:26:28,440
For example, logging when a user makes a change\n
304
00:26:28,440 --> 00:26:32,230
in or logs out, is accounting.
305
00:26:32,230 --> 00:26:37,170
Enterprises typically use a AAA server to\nprovide AAA services.
306
00:26:37,170 --> 00:26:43,100
ISE, Identity Services Engine, is Cisco’s\n
307
00:26:43,099 --> 00:26:47,699
These AAA servers typically support the following\n
308
00:26:47,700 --> 00:26:54,920
RADIUS, which is an open standard protocol\n
309
00:26:54,920 --> 00:27:02,009
And TACACS+, which is a Cisco proprietary\n
310
00:27:02,009 --> 00:27:06,480
Just in case, I recommend remembering the\n
311
00:27:06,480 --> 00:27:09,819
but for the CCNA that’s all you need to\nknow about them.
312
00:27:09,819 --> 00:27:14,859
However, make sure you know the differences\n
313
00:27:15,859 --> 00:27:19,609
They are stated directly in the exam topics\nlist.
314
00:27:19,609 --> 00:27:24,669
Okay, the final topic for today is security\nprogram elements.
315
00:27:24,670 --> 00:27:30,830
A security program is an enterprise’s set\n
316
00:27:30,829 --> 00:27:35,079
For the CCNA, there are a few elements you\nhave to be aware of.
317
00:27:35,079 --> 00:27:38,029
First up, user awareness programs.
318
00:27:38,029 --> 00:27:43,589
These are designed to make employees aware\n
319
00:27:43,589 --> 00:27:47,259
Not all employees are cyber-security experts.
320
00:27:47,259 --> 00:27:52,119
Someone working in the HR department is probably\n
321
00:27:53,869 --> 00:27:59,709
So, user awareness programs will help make\n
322
00:27:59,710 --> 00:28:04,480
For example, a company might send out false\n
323
00:28:04,480 --> 00:28:08,470
link and sign in with their login credentials.
324
00:28:08,470 --> 00:28:13,200
Although the emails are harmless, employees\n
325
00:28:13,200 --> 00:28:17,799
informed that it is part of a user awareness\n
326
00:28:18,869 --> 00:28:23,928
So, that’s an example of a user awareness\nprogram.
327
00:28:23,929 --> 00:28:28,380
User training programs are more formal than\n
328
00:28:28,380 --> 00:28:34,490
For example, dedicated training sessions which\n
329
00:28:34,490 --> 00:28:39,470
how to create strong passwords, and how to\n
330
00:28:39,470 --> 00:28:43,950
These should happen when employees enter the\n
331
00:28:46,109 --> 00:28:51,289
Another essential element of a security program\n
332
00:28:51,289 --> 00:28:57,009
equipment and data from potential attackers\n
333
00:28:57,009 --> 00:29:02,480
areas such as network closets or data center\nfloors.
334
00:29:02,480 --> 00:29:06,919
This is not just to prevent people outside\n
335
00:29:08,529 --> 00:29:15,178
Even within the company, access to these areas\n
336
00:29:15,179 --> 00:29:19,169
Multifactor locks can protect access to these\nrestricted areas.
337
00:29:19,169 --> 00:29:24,290
For example, a door that requires users to\n
338
00:29:25,289 --> 00:29:30,940
That’s something you have, a badge, and\n
339
00:29:30,940 --> 00:29:36,690
Badge systems are very flexible, and permissions\n
340
00:29:36,690 --> 00:29:41,490
For example, permissions can be easily removed\n
341
00:29:44,130 --> 00:29:49,520
This allows for strict, centralized control\n
342
00:29:49,519 --> 00:29:54,730
Okay, before moving on to the quiz let’s\nreview what we covered.
343
00:29:54,730 --> 00:30:00,558
First we covered some key security concepts\n
344
00:30:00,558 --> 00:30:04,779
exploits, threats, and mitigation techniques.
345
00:30:04,779 --> 00:30:09,319
Then we looked at some common attacks, from\n
346
00:30:09,319 --> 00:30:13,149
attacks which target people, not devices.
347
00:30:13,150 --> 00:30:17,380
Then passwords and multi-factor authentication,\n
348
00:30:17,380 --> 00:30:21,390
you know, something you have, and something\nyou are.
349
00:30:24,359 --> 00:30:28,329
Authentication is the process of verifying\na user’s identity.
350
00:30:28,329 --> 00:30:33,539
Authorization is the process of controlling\n
351
00:30:33,539 --> 00:30:38,059
And accounting is keeping track of what the\nuser does.
352
00:30:38,059 --> 00:30:43,990
Finally I introduced some elements of an enterprise’s\n
353
00:30:43,990 --> 00:30:46,548
user training, and physical access control.
354
00:30:46,548 --> 00:30:49,220
So, that was a lot to cover.
355
00:30:49,220 --> 00:30:53,390
But if you learn the information in this video,\n
356
00:30:55,839 --> 00:31:00,009
In the next few videos we’ll take a closer\n
357
00:31:02,109 --> 00:31:06,538
Make sure to watch until the end of the quiz\n
358
00:31:07,990 --> 00:31:13,160
Okay, let’s go to question 1 of the quiz.
359
00:31:13,160 --> 00:31:19,170
Which part of the CIA triad ensures that systems\n
360
00:31:19,170 --> 00:31:25,029
Pause the video now to look at the options\n
361
00:31:25,029 --> 00:31:32,410
Okay, the best answer is D, availability,\n
362
00:31:34,819 --> 00:31:40,619
A, confidentiality, means that data should\n
363
00:31:40,619 --> 00:31:45,509
B, integrity, means that data should only\n
364
00:31:45,509 --> 00:31:50,929
C, E, and F are aspects of AAA, not the CIA\ntriad.
365
00:31:50,929 --> 00:31:55,390
Okay, let’s go to question 2.
366
00:31:55,390 --> 00:32:00,140
Which of the following terms refers to the\n
367
00:32:00,140 --> 00:32:05,730
is taken advantage of to attack a system?\n
368
00:32:09,250 --> 00:32:12,880
Okay, the best answer is A, threat.
369
00:32:12,880 --> 00:32:20,660
A threat is the possibility that a vulnerability\n
370
00:32:20,660 --> 00:32:23,570
Mitigation techniques can be used to reduce\nthat possibility.
371
00:32:28,410 --> 00:32:33,380
Your company implements door locks that require\n
372
00:32:36,150 --> 00:32:41,490
(select the two best answers) Pause the video\n
373
00:32:44,558 --> 00:32:54,609
Okay, the best answers are C, physical access\n
374
00:32:54,609 --> 00:33:01,069
Physical access control allows only authorized\n
375
00:33:01,069 --> 00:33:06,429
Multi-factor authentication uses a combination\n
376
00:33:06,430 --> 00:33:11,060
this case something in the ‘something you\n
377
00:33:11,059 --> 00:33:14,019
in the ‘something you know’ category,\nthe pass code.
378
00:33:18,500 --> 00:33:23,259
Which of the following is NOT an example of\n
379
00:33:23,259 --> 00:33:28,808
Pause the video now to look at the options\n
380
00:33:28,808 --> 00:33:36,950
Okay, the best answer is C, doing a retina\n
381
00:33:36,950 --> 00:33:41,500
Why is this not multifactor authentication,\n
382
00:33:41,500 --> 00:33:47,480
It’s because the key of multifactor authentication\n
383
00:33:47,480 --> 00:33:50,000
from something you know, have, and are.
384
00:33:50,000 --> 00:33:55,990
A retina scan and a fingerprint scan both\n
385
00:33:55,990 --> 00:33:58,150
so this is not multifactor authentication.
386
00:34:03,779 --> 00:34:07,769
Which of the following is considered Accounting\n
387
00:34:07,769 --> 00:34:13,269
Pause the video now to look at the options\n
388
00:34:13,269 --> 00:34:21,469
Okay, the best answer is D, logging the date\n
389
00:34:21,469 --> 00:34:24,829
Accounting is all about keeping track of a\nuser’s actions.
390
00:34:24,829 --> 00:34:30,000
A and C are examples of authorization, and\n
391
00:34:32,440 --> 00:34:38,023
Now let’s take a look at a bonus question in Boson Software’s
392
00:37:06,159 --> 00:37:09,368
There are supplementary materials for this\nvideo.
393
00:37:09,369 --> 00:37:13,110
There is a flashcard deck to use with the\nsoftware ‘Anki’.
394
00:37:13,110 --> 00:37:15,740
This time there won’t be a packet tracer\npractice lab.
395
00:37:15,739 --> 00:37:20,979
Instead, I’ll do a bonus demo of one of\n
396
00:37:20,980 --> 00:37:26,170
DHCP starvation attack, using a Linux distribution\n
397
00:37:26,170 --> 00:37:29,309
That will be in the next video.
398
00:37:29,309 --> 00:37:34,029
Before finishing today’s video I want to\n
399
00:37:34,030 --> 00:37:37,330
To join, please click the ‘Join’ button\nunder the video.
400
00:37:37,329 --> 00:37:44,309
Thank you to Khoa, Justin, Christopher, Sam,\n
401
00:37:44,309 --> 00:37:50,489
Serge, Njoku, Viktor, Roger, Raj, Kenneth,\n
402
00:37:50,489 --> 00:37:55,719
Gustavo, Prakaash, Nasir, Erlison, Marko,\n
403
00:37:55,719 --> 00:37:59,789
Mark, Yousif, Boson Software, Devin, Yonatan,\nand Vance.
404
00:37:59,789 --> 00:38:05,389
Sorry if I pronounced your name incorrectly,\n
405
00:38:05,389 --> 00:38:11,190
This is the list of JCNP-level members at\n
406
00:38:12,190 --> 00:38:16,849
If you signed up recently and your name isn’t\n
407
00:38:20,389 --> 00:38:24,440
Please subscribe to the channel, like the\n
408
00:38:24,440 --> 00:38:27,630
with anyone else studying for the CCNA.
409
00:38:27,630 --> 00:38:30,630
If you want to leave a tip, check the links\nin the description.
410
00:38:30,630 --> 00:38:36,269
I'm also a Brave verified publisher and accept\n
34136
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.