Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:03,169 --> 00:00:06,669 This is a free, complete course for the CCNA. 2 00:00:06,669 --> 00:00:10,400 If you like these videos, please subscribe\n 3 00:00:10,400 --> 00:00:14,830 Also, please like and leave a comment, and\n 4 00:00:18,179 --> 00:00:20,899 In this video we will cover security fundamentals. 5 00:00:20,899 --> 00:00:27,429 The CCNA is not a cybersecurity certification,\n 6 00:00:27,429 --> 00:00:33,030 of network and system security necessary to\n 7 00:00:33,030 --> 00:00:35,590 Here are the exam topics we’ll cover in\nthis video. 8 00:00:35,590 --> 00:00:41,420 We’ll define some key security concepts,\n 9 00:00:41,420 --> 00:00:47,679 and user authentication, and define the AAA\n 10 00:00:49,270 --> 00:00:52,170 That seems like a lot for one video, and it\nis. 11 00:00:52,170 --> 00:00:56,689 This video will be a brief introduction to\n 12 00:00:56,689 --> 00:01:00,878 If you haven’t studied this material before,\n 13 00:01:02,378 --> 00:01:06,359 So I recommend taking notes to keep all of\n 14 00:01:06,359 --> 00:01:09,810 Here’s what we’ll cover in specific. 15 00:01:09,810 --> 00:01:13,429 First I’ll introduce some key security concepts\nand terms. 16 00:01:13,429 --> 00:01:18,728 Then some common attacks which can target\n 17 00:01:18,728 --> 00:01:22,890 Then I’ll talk about passwords and multi-factor\nauthentication. 18 00:01:22,890 --> 00:01:29,200 Then the concepts of Authentication, Authorization,\n 19 00:01:29,200 --> 00:01:33,099 Finally I’ll introduce security programs\n 20 00:01:33,099 --> 00:01:36,880 to secure their systems and educate their\nstaff. 21 00:01:36,879 --> 00:01:41,578 Watch until the end of the video for a bonus\n 22 00:01:43,099 --> 00:01:47,569 So, the title of this slide is ‘why security?’ 23 00:01:47,569 --> 00:01:50,638 What is the purpose or goal of security in\nan enterprise? 24 00:01:50,638 --> 00:01:54,839 I’m sure you can think of some reasons why\n 25 00:01:54,840 --> 00:01:59,130 systems to be secure, but it’s good to have\na framework. 26 00:01:59,129 --> 00:02:03,269 The principles of the CIA triad form the foundation\nof security. 27 00:02:03,269 --> 00:02:06,918 We’re not talking about the American Central\n 28 00:02:06,918 --> 00:02:10,449 Here’s what CIA stands for in this case. 29 00:02:14,500 --> 00:02:19,169 It means that only authorized users should\n 30 00:02:19,169 --> 00:02:23,939 Some information and data is public and can\n 31 00:02:23,939 --> 00:02:30,389 put on the company website, but some is secret\n 32 00:02:30,389 --> 00:02:35,739 And there are degrees in the middle, some\n 33 00:02:39,419 --> 00:02:43,759 This means that data should not be tampered\n 34 00:02:44,930 --> 00:02:49,360 Data should be correct and authentic, not\n 35 00:02:49,360 --> 00:02:53,090 Finally, A stands for availability. 36 00:02:53,090 --> 00:02:57,159 This means that the enterprise network and\n 37 00:02:59,219 --> 00:03:03,650 For example, staff should be able to access\n 38 00:03:03,650 --> 00:03:07,870 their duties, and the company’s website\n 39 00:03:11,969 --> 00:03:16,199 Confidentiality, integrity, and availability. 40 00:03:16,199 --> 00:03:21,000 Attackers can threaten the confidentiality,\n 41 00:03:22,259 --> 00:03:28,280 We’ll see how attackers do that when we\n 42 00:03:28,280 --> 00:03:33,759 In addition to the CIA triad, there are some\n 43 00:03:33,759 --> 00:03:36,590 and these are explicitly stated in the exam\ntopics. 44 00:03:36,590 --> 00:03:43,250 First, a vulnerability is any potential weakness\n 45 00:03:45,210 --> 00:03:49,490 But keep in mind, a potential weakness on\n 46 00:03:49,490 --> 00:03:55,350 The windows of a house for example are vulnerabilities,\n 47 00:03:56,810 --> 00:04:03,650 Next, an exploit is something that can potentially\n 48 00:04:03,650 --> 00:04:07,960 But again, something that can potentially\n 49 00:04:09,159 --> 00:04:15,169 A rock can exploit the weakness of a window\n 50 00:04:16,170 --> 00:04:22,028 Next, a threat is the potential of a vulnerability\n 51 00:04:23,779 --> 00:04:28,698 To use the window and rock analogy, a threat\n 52 00:04:31,009 --> 00:04:33,470 Here’s a more relevant example. 53 00:04:33,470 --> 00:04:37,800 A hacker exploiting a vulnerability in your\nsystem is a threat. 54 00:04:37,800 --> 00:04:43,629 Finally, a mitigation technique is something\n 55 00:04:43,629 --> 00:04:47,400 There are various mitigation techniques and\n 56 00:04:47,399 --> 00:04:54,329 against, and we’ll cover some techniques\n 57 00:04:54,329 --> 00:04:57,839 Appropriate mitigation techniques should be\n 58 00:04:57,839 --> 00:05:04,138 be exploited, for example client devices,\n 59 00:05:04,139 --> 00:05:08,829 In addition, mitigation techniques include\n 60 00:05:08,829 --> 00:05:13,649 from getting physical access to the devices\n 61 00:05:16,528 --> 00:05:20,949 But always remember, no system is perfectly\nsecure. 62 00:05:20,949 --> 00:05:26,430 Systems can be more secure or less secure,\n 63 00:05:26,430 --> 00:05:31,829 You can, for example, implement malware detection\n 64 00:05:31,829 --> 00:05:36,959 antivirus software on client PCs, but the\n 65 00:05:38,490 --> 00:05:42,810 Now let’s review some common attacks. 66 00:05:42,810 --> 00:05:48,038 These are threats which can potentially exploit\n 67 00:05:48,038 --> 00:05:55,128 integrity, or availability, CIA, of an enterprise’s\n 68 00:05:55,129 --> 00:05:57,838 These are the kinds of attacks we will look\nat. 69 00:05:57,838 --> 00:06:01,579 There are many more potential attacks than\n 70 00:06:03,098 --> 00:06:05,469 Let’s take a brief look at each one individually. 71 00:06:05,470 --> 00:06:10,930 The first kind of attack is the denial-of-service,\nDoS, attack. 72 00:06:10,930 --> 00:06:17,088 DoS attacks threaten the availability of a\n 73 00:06:17,088 --> 00:06:21,870 There are many kinds, and I’ll show a few\n 74 00:06:21,870 --> 00:06:27,269 TCP SYN flood, which exploits the TCP three-way\nhandshake. 75 00:06:27,269 --> 00:06:32,029 As you know, the three-way handshake is SYN,\nSYN-ACK, and ACK. 76 00:06:32,029 --> 00:06:39,568 In a TCP SYN flood, the attacker sends countless\n 77 00:06:39,569 --> 00:06:44,580 The target sends a SYN-ACK message in response\n 78 00:06:44,579 --> 00:06:49,050 But the attacker never replies with the final\n 79 00:06:51,658 --> 00:06:56,550 The target waits for the final ACK of each\n 80 00:06:56,550 --> 00:07:00,180 fill up the target’s TCP connection table. 81 00:07:00,180 --> 00:07:04,218 The incomplete connections will timeout and\n 82 00:07:04,218 --> 00:07:10,079 period of time, but the attacker continues\n 83 00:07:10,079 --> 00:07:15,209 In the end, the target is no longer able to\n 84 00:07:15,209 --> 00:07:20,098 has reached the maximum number of TCP connections\n 85 00:07:20,098 --> 00:07:22,618 Let me demonstrate with a diagram. 86 00:07:22,619 --> 00:07:27,320 For each SYN message the attacker sends, the\n 87 00:07:27,319 --> 00:07:33,459 table and sends a SYN-ACK message, then waits\n 88 00:07:35,550 --> 00:07:41,278 The attacker keeps sending SYN messages, and\n 89 00:07:41,278 --> 00:07:47,228 Then the target’s TCP connection table fills\n 90 00:07:47,228 --> 00:07:52,068 By the way, why do you think I drew the SYN-ACK\n 91 00:07:52,069 --> 00:07:56,689 It’s because the attacker likely spoofs\n 92 00:07:56,689 --> 00:08:00,869 IP address, so the SYN-ACK messages don’t\nreturn back to them. 93 00:08:00,869 --> 00:08:04,990 I’ll talk about spoof attacks after DoS\nattacks. 94 00:08:04,990 --> 00:08:10,668 However, a denial-of-service like that is\n 95 00:08:10,668 --> 00:08:14,139 A much more powerful kind of attack is the\nDDoS. 96 00:08:14,139 --> 00:08:19,649 In a DDoS, distributed denial-of-service,\n 97 00:08:19,649 --> 00:08:25,129 with malware and uses them all to initiate\n 98 00:08:27,740 --> 00:08:31,059 This group of infected computers is called\na botnet. 99 00:08:31,059 --> 00:08:37,410 So, in this example the attacker could, through\n 100 00:08:37,409 --> 00:08:42,759 Then, all together they start flooding the\n 101 00:08:42,759 --> 00:08:47,649 server is no longer able to respond to legitimate\n 102 00:08:47,649 --> 00:08:53,429 So, to summarize denial-of-service attacks,\n 103 00:08:57,639 --> 00:08:59,879 Next let’s look at spoofing attacks. 104 00:08:59,879 --> 00:09:06,830 To spoof an address is to use a fake source\n 105 00:09:06,830 --> 00:09:11,800 There are numerous attacks that involve spoofing,\n 106 00:09:11,799 --> 00:09:16,059 An example of a spoofing attack is a DHCP\nexhaustion attack. 107 00:09:16,059 --> 00:09:20,449 Actually, it’s similar to the TCP SYN flood\nattack. 108 00:09:20,450 --> 00:09:25,650 An attacker uses spoofed MAC addresses to\n 109 00:09:25,649 --> 00:09:31,559 Then, the target server’s DHCP pool becomes\n 110 00:09:33,620 --> 00:09:36,710 They won’t be able to get an IP address. 111 00:09:36,710 --> 00:09:40,940 Note that spoofing attacks don’t have to\n 112 00:09:43,909 --> 00:09:49,490 The attacker sends a DHCP discover message\n 113 00:09:49,490 --> 00:09:53,049 Then it sends another with a different fake\nsource MAC address. 114 00:09:53,049 --> 00:09:57,099 Then it does it again, with another fake source\nMAC address. 115 00:09:57,100 --> 00:09:59,759 It keeps sending these at a very quick pace. 116 00:09:59,759 --> 00:10:05,350 The server will reply to each Discover with\n 117 00:10:05,350 --> 00:10:09,680 an IP address it will not assign that address\nto other devices. 118 00:10:09,679 --> 00:10:16,219 So, if these PCs send DHCP discover messages\n 119 00:10:16,220 --> 00:10:21,290 to give them their IP addresses because its\nDHCP pool is full. 120 00:10:21,289 --> 00:10:26,849 Maybe it had 250 IP addresses to lease to\n 121 00:10:26,850 --> 00:10:31,180 So, that’s just one example of a spoofing\nattack. 122 00:10:31,179 --> 00:10:36,899 And in the previous TCP SYN flood example,\n 123 00:10:39,740 --> 00:10:45,509 And this DHCP exhaustion attack resulted in\n 124 00:10:46,509 --> 00:10:51,470 As you can see, some of these attack types\n 125 00:10:52,470 --> 00:10:57,899 But once again, we are attacking the availability,\n 126 00:10:57,899 --> 00:11:00,299 Note that not all spoofing attacks are DoS\nattacks. 127 00:11:00,299 --> 00:11:04,919 Later I’ll show another type of spoofing\n 128 00:11:04,919 --> 00:11:09,729 integrity of a system, not the availability. 129 00:11:09,730 --> 00:11:13,820 Next let’s look at reflection and amplification\nattacks. 130 00:11:13,820 --> 00:11:18,420 In a reflection attack, the attacker sends\n 131 00:11:18,419 --> 00:11:22,879 spoofs the source address of its packets using\n 132 00:11:22,879 --> 00:11:28,759 Then the reflector, for example a DNS server,\n 133 00:11:28,759 --> 00:11:31,389 So, what’s the purpose of this attack? 134 00:11:31,389 --> 00:11:36,789 Well, if the amount of traffic is large enough\n 135 00:11:37,789 --> 00:11:43,360 But, there is a more powerful form of reflection\n 136 00:11:43,360 --> 00:11:48,490 A reflection attack becomes an amplification\n 137 00:11:48,490 --> 00:11:53,299 the attacker is small, but it triggers a large\n 138 00:11:55,360 --> 00:11:58,509 This is how it can trigger a denial of service. 139 00:12:00,110 --> 00:12:07,940 The attacker’s IP address is 1.2.3.4, but\n 140 00:12:07,940 --> 00:12:13,520 a message to a server at 8.8.8.8, which becomes\nthe reflector. 141 00:12:13,519 --> 00:12:18,500 5.6.7.8 is the IP address of the target of\nthe attack. 142 00:12:18,500 --> 00:12:23,350 The attacker’s message causes the reflector\n 143 00:12:23,350 --> 00:12:25,769 resulting in a denial of service. 144 00:12:25,769 --> 00:12:31,960 For example, there are DNS and NTP vulnerabilities\n 145 00:12:33,620 --> 00:12:37,080 You can check out these cloudflare articles\nto read about them. 146 00:12:37,080 --> 00:12:42,730 Do a google search for ‘DNS amplification\n 147 00:12:42,730 --> 00:12:46,240 and you’ll find these articles. 148 00:12:46,240 --> 00:12:49,680 The next type of attack is the man-in-the-middle\nattack. 149 00:12:49,679 --> 00:12:54,339 In this kind of attack, the attacker places\n 150 00:12:54,340 --> 00:13:00,560 to eavesdrop on communications, or to modify\n 151 00:13:00,559 --> 00:13:04,689 A common example is ARP spoofing, also known\nas ARP poisoning. 152 00:13:04,690 --> 00:13:08,870 So, this is yet another kind of spoofing attack. 153 00:13:08,870 --> 00:13:13,840 In an ARP spoofing attack, a host sends an\n 154 00:13:15,690 --> 00:13:22,240 In this case, PC1 is asking for the MAC address\n 155 00:13:22,240 --> 00:13:27,500 Because ARP request messages are broadcast,\n 156 00:13:29,779 --> 00:13:35,409 Then the target of the ARP request, SRV1 in\n 157 00:13:35,409 --> 00:13:39,049 requester, PC1, of SRV1’s MAC address. 158 00:13:40,980 --> 00:13:46,420 The attacker waits briefly and then sends\n 159 00:13:49,809 --> 00:13:54,750 If the attacker’s ARP reply arrives last,\n 160 00:13:59,120 --> 00:14:05,659 Well, now in PC1’s ARP table, the entry\n 161 00:14:05,659 --> 00:14:10,379 address, not the address of the real 10.0.0.1,\nwhich is SRV1. 162 00:14:10,379 --> 00:14:16,789 So, when PC1 tries to send traffic to SRV1,\n 163 00:14:16,789 --> 00:14:21,870 Then, the attacker can inspect the messages,\n 164 00:14:23,529 --> 00:14:28,919 Or, another possibility is that the attacker\n 165 00:14:30,559 --> 00:14:36,909 So, in this example the threat isn’t to\n 166 00:14:36,909 --> 00:14:43,000 of attack compromises the confidentiality\n 167 00:14:43,000 --> 00:14:47,049 of the communications between PC1 and SRV1. 168 00:14:47,049 --> 00:14:52,429 It compromises the confidentiality because\n 169 00:14:52,429 --> 00:14:56,189 to the communications between PC1 and SRV1. 170 00:14:56,190 --> 00:15:01,040 And it compromises the integrity because that\n 171 00:15:01,039 --> 00:15:04,789 before it reaches the destination. 172 00:15:04,789 --> 00:15:07,789 Next let’s look at reconnaissance attacks. 173 00:15:07,789 --> 00:15:11,959 These attacks aren’t attacks themselves,\n 174 00:15:11,960 --> 00:15:16,050 a target which can be used for a future attack. 175 00:15:16,049 --> 00:15:21,209 This is often publicly available information,\n 176 00:15:21,210 --> 00:15:24,290 the information isn’t actually confidential. 177 00:15:24,289 --> 00:15:29,730 For example, you can perform an NSLOOKUP to\n 178 00:15:29,730 --> 00:15:34,720 From there, you can probe for open ports which\n 179 00:15:34,720 --> 00:15:40,910 You could also perform a WHOIS query to learn\n 180 00:15:41,909 --> 00:15:47,689 You can perform a WHOIS query at this website\n 181 00:15:49,039 --> 00:15:53,759 Once contact information is known, some of\n 182 00:15:53,759 --> 00:16:00,059 which we’ll look at soon can be carried\n 183 00:16:00,059 --> 00:16:03,419 Next up is malware, something you’ve probably\nheard of. 184 00:16:03,419 --> 00:16:08,620 Malware, which means malicious software, refers\n 185 00:16:13,070 --> 00:16:17,680 Viruses are malware that infects other software,\n 186 00:16:17,679 --> 00:16:23,569 The virus spreads as the software is shared\n 187 00:16:24,570 --> 00:16:29,750 Once the virus has infected the device it\n 188 00:16:29,750 --> 00:16:33,440 or modifying files on the target computer. 189 00:16:33,440 --> 00:16:36,911 Then there are worms, which are different\n 190 00:16:38,840 --> 00:16:45,350 They are standalone malware and are also able\n 191 00:16:45,350 --> 00:16:50,070 The spread of worms from device to device\n 192 00:16:50,070 --> 00:16:55,129 that if the worm has a ‘payload’, other\n 193 00:16:55,129 --> 00:16:59,269 additional harm to target devices. 194 00:16:59,269 --> 00:17:03,590 Another famous kind of malware is the trojan\n 195 00:17:06,250 --> 00:17:11,650 Trojan horses spread through user interaction\n 196 00:17:15,180 --> 00:17:19,209 Note that these types of malware are defined\n 197 00:17:19,209 --> 00:17:24,610 and how it spreads, not the attacks they carry\n 198 00:17:24,609 --> 00:17:29,359 The above malware types can exploit various\n 199 00:17:31,920 --> 00:17:36,980 And as I said before, there are many types\n 200 00:17:41,140 --> 00:17:46,130 Next up is a very dangerous category of attack,\n 201 00:17:46,130 --> 00:17:51,630 Social engineering attacks target the most\n 202 00:17:51,630 --> 00:17:55,880 This is something you have to be aware of\n 203 00:17:55,880 --> 00:18:00,950 No matter how many security features you configure\n 204 00:18:00,950 --> 00:18:06,569 PCs, etc, people are always a vulnerability\n 205 00:18:06,569 --> 00:18:11,759 Social engineering attacks involve psychological\n 206 00:18:11,759 --> 00:18:17,240 information or perform some action the attacker\n 207 00:18:17,240 --> 00:18:21,990 As with the previous attack types, there are\n 208 00:18:24,589 --> 00:18:29,639 Phishing involves fraudulent emails that appear\n 209 00:18:29,640 --> 00:18:34,350 Amazon, your bank, or your credit card company,\nfor example. 210 00:18:34,349 --> 00:18:39,119 These emails contain links to a fraudulent\n 211 00:18:39,119 --> 00:18:45,219 For example, the website may look identical\n 212 00:18:45,220 --> 00:18:50,120 Users are told to login to the fraudulent\n 213 00:18:52,440 --> 00:18:55,789 Spear phishing is a type of phishing that\nis more targeted. 214 00:18:55,789 --> 00:19:01,500 Not mass emails sent out to anybody, but perhaps\n 215 00:19:03,329 --> 00:19:08,429 Whaling is another kind of phishing targeted\n 216 00:19:10,730 --> 00:19:15,960 There is also vishing, voice phishing, which\n 217 00:19:15,960 --> 00:19:19,930 The attacker could pretend to be from the\n 218 00:19:21,509 --> 00:19:25,769 They might say something like, Hi this is\n 219 00:19:25,769 --> 00:19:30,170 Due to company policy we need to reset your\n 220 00:19:30,170 --> 00:19:32,140 currently using and I’ll reset it for you?’ 221 00:19:32,140 --> 00:19:36,610 Now, I’m sure a real attacker would be more\n 222 00:19:38,500 --> 00:19:44,380 Another kind is smishing, SMS phishing, which\n 223 00:19:45,839 --> 00:19:50,389 Okay, let’s move on from phishing, because\n 224 00:19:51,430 --> 00:19:56,970 Watering hole attacks compromise sites that\n 225 00:19:56,970 --> 00:20:01,420 If a malicious link is placed on a website\n 226 00:20:02,500 --> 00:20:06,799 So, this kind of attack is taking advantage\n 227 00:20:06,799 --> 00:20:10,509 frequently visit, they don’t think twice\n 228 00:20:10,509 --> 00:20:15,259 Okay, I want to mention one more kind of social\nengineering. 229 00:20:15,259 --> 00:20:20,670 Tailgating attacks involve entering restricted,\n 230 00:20:20,670 --> 00:20:23,590 authorized person as they enter. 231 00:20:23,589 --> 00:20:28,869 Any company that has restricted areas will\n 232 00:20:28,869 --> 00:20:34,039 will hold the door open for the attacker to\n 233 00:20:36,250 --> 00:20:41,009 To summarize social engineering attacks, they\n 234 00:20:41,009 --> 00:20:45,619 a company’s IT systems, instead they exploit\nthe employees. 235 00:20:45,619 --> 00:20:49,009 Here’s an example of a phishing email. 236 00:20:49,009 --> 00:20:53,589 It says that the target’s Amazon account\n 237 00:20:53,589 --> 00:20:58,769 and there is a link at the bottom requesting\n 238 00:20:58,769 --> 00:21:03,230 If the target clicks on that link and enters\n 239 00:21:03,230 --> 00:21:06,470 has access to their Amazon account. 240 00:21:06,470 --> 00:21:09,630 Anyone who has an email address has seen emails\n 241 00:21:09,630 --> 00:21:12,650 It’s something we all have to watch out\nfor. 242 00:21:12,650 --> 00:21:18,509 Okay, the final kind of attack we’ll look\n 243 00:21:18,509 --> 00:21:23,589 Most systems use a username and password combination\n 244 00:21:23,589 --> 00:21:29,129 The username itself is often simple and easy\n 245 00:21:29,130 --> 00:21:35,590 So, the strength and secrecy of the password\n 246 00:21:35,589 --> 00:21:40,399 However, attackers can learn a user’s password\n 247 00:21:40,400 --> 00:21:42,870 First of all, they could simply guess the\npassword. 248 00:21:42,869 --> 00:21:48,139 Now, successfully guessing a password should\n 249 00:21:48,140 --> 00:21:53,540 A dictionary attack can also be used, in which\n 250 00:21:53,539 --> 00:21:58,190 is a list of common words and passwords to\n 251 00:21:58,190 --> 00:22:01,690 It tries each one, hoping to find the correct\npassword. 252 00:22:01,690 --> 00:22:07,269 A brute force attack involves trying every\n 253 00:22:07,269 --> 00:22:11,259 and special characters to find the target’s\npassword. 254 00:22:11,259 --> 00:22:16,119 This requires a very powerful computer, and\n 255 00:22:16,119 --> 00:22:20,039 chances of it working are very low, because\n 256 00:22:20,039 --> 00:22:24,990 So, what makes a password strong, so that\n 257 00:22:24,990 --> 00:22:29,410 Well, strong passwords should contain at least\n8 characters. 258 00:22:29,410 --> 00:22:33,110 Definitely not less, but preferably more than\n8. 259 00:22:33,109 --> 00:22:37,829 The more characters, the harder it is to brute\n 260 00:22:37,829 --> 00:22:42,589 A strong password should have a mix of uppercase\n 261 00:22:44,700 --> 00:22:50,299 Also it should have one or more special characters\n 262 00:22:51,400 --> 00:22:53,980 Finally it should be changed regularly. 263 00:22:53,980 --> 00:22:58,400 Most enterprises will enforce rules like these\n 264 00:22:58,400 --> 00:23:03,300 that you follow rules like these when making\n 265 00:23:03,299 --> 00:23:07,139 Okay, that was a lot of potential attacks. 266 00:23:07,140 --> 00:23:11,060 To help you review, here’s a basic summary\nof each attack. 267 00:23:11,059 --> 00:23:14,779 If you want to know more about each kind of\n 268 00:23:17,049 --> 00:23:22,450 For our purposes, just a basic understanding\n 269 00:23:22,450 --> 00:23:27,360 So, make sure you know these basic attack\ntypes. 270 00:23:27,359 --> 00:23:31,539 Next let’s continue with the topic of multi-factor\n 271 00:23:31,539 --> 00:23:35,819 No matter how secure the password, there is\n 272 00:23:36,819 --> 00:23:42,189 That’s why multi-factor authentication is\n 273 00:23:42,190 --> 00:23:45,910 Multi-factor authentication involves providing\n 274 00:23:47,940 --> 00:23:53,769 It usually involves providing two of the following,\n 275 00:23:53,769 --> 00:23:59,710 First is something you know, for example a\n 276 00:23:59,710 --> 00:24:04,440 Next is something you have, for example pressing\n 277 00:24:04,440 --> 00:24:09,529 using an authenticator app, or perhaps a badge\nthat is scanned. 278 00:24:09,529 --> 00:24:14,210 The third is something you are, these are\n 279 00:24:14,210 --> 00:24:21,130 For example, biometrics such as a face scan,\n 280 00:24:22,279 --> 00:24:27,629 Requiring multiple factors of authentication\n 281 00:24:27,630 --> 00:24:31,520 Even if an attacker learns the target’s\n 282 00:24:35,150 --> 00:24:39,490 Another form of authentication involves the\n 283 00:24:39,490 --> 00:24:43,700 to prove the identity of the holder of the\ncertificate. 284 00:24:43,700 --> 00:24:48,779 They are mainly, but not exclusively, used\n 285 00:24:51,559 --> 00:24:57,519 Entities that want a certificate, for example\n 286 00:24:57,519 --> 00:25:05,109 signing request, to a CA, certificate authority,\n 287 00:25:05,109 --> 00:25:09,579 When you access a website, modern browsers\n 288 00:25:09,579 --> 00:25:13,449 website is secure and has a valid certificate. 289 00:25:13,450 --> 00:25:18,390 As you can see, my website has a valid certificate,\n 290 00:25:20,990 --> 00:25:26,160 This is how you can know that the website\n 291 00:25:26,160 --> 00:25:29,080 not a fake website pretending to be jeremysitlab.com. 292 00:25:29,079 --> 00:25:35,750 I’ve been mentioning authentication a lot,\n 293 00:25:35,750 --> 00:25:38,039 you need to know for the CCNA. 294 00:25:38,039 --> 00:25:43,009 AAA stands for Authentication, Authorization,\nand Accounting. 295 00:25:43,009 --> 00:25:49,000 It’s a framework for controlling and monitoring\n 296 00:25:49,000 --> 00:25:52,819 So, what do each of those A’s mean? 297 00:25:52,819 --> 00:25:56,409 Authentication is the process of verifying\na user’s identity. 298 00:25:56,410 --> 00:26:02,450 When a user logs in, ideally using multi-factor\n 299 00:26:02,450 --> 00:26:08,289 Then, Authorization is the process of granting\n 300 00:26:08,289 --> 00:26:13,659 So, granting the user access to some files\n 301 00:26:13,660 --> 00:26:17,220 files and services, is authorization. 302 00:26:17,220 --> 00:26:22,929 Finally, accounting is the process of recording\n 303 00:26:22,929 --> 00:26:28,440 For example, logging when a user makes a change\n 304 00:26:28,440 --> 00:26:32,230 in or logs out, is accounting. 305 00:26:32,230 --> 00:26:37,170 Enterprises typically use a AAA server to\nprovide AAA services. 306 00:26:37,170 --> 00:26:43,100 ISE, Identity Services Engine, is Cisco’s\n 307 00:26:43,099 --> 00:26:47,699 These AAA servers typically support the following\n 308 00:26:47,700 --> 00:26:54,920 RADIUS, which is an open standard protocol\n 309 00:26:54,920 --> 00:27:02,009 And TACACS+, which is a Cisco proprietary\n 310 00:27:02,009 --> 00:27:06,480 Just in case, I recommend remembering the\n 311 00:27:06,480 --> 00:27:09,819 but for the CCNA that’s all you need to\nknow about them. 312 00:27:09,819 --> 00:27:14,859 However, make sure you know the differences\n 313 00:27:15,859 --> 00:27:19,609 They are stated directly in the exam topics\nlist. 314 00:27:19,609 --> 00:27:24,669 Okay, the final topic for today is security\nprogram elements. 315 00:27:24,670 --> 00:27:30,830 A security program is an enterprise’s set\n 316 00:27:30,829 --> 00:27:35,079 For the CCNA, there are a few elements you\nhave to be aware of. 317 00:27:35,079 --> 00:27:38,029 First up, user awareness programs. 318 00:27:38,029 --> 00:27:43,589 These are designed to make employees aware\n 319 00:27:43,589 --> 00:27:47,259 Not all employees are cyber-security experts. 320 00:27:47,259 --> 00:27:52,119 Someone working in the HR department is probably\n 321 00:27:53,869 --> 00:27:59,709 So, user awareness programs will help make\n 322 00:27:59,710 --> 00:28:04,480 For example, a company might send out false\n 323 00:28:04,480 --> 00:28:08,470 link and sign in with their login credentials. 324 00:28:08,470 --> 00:28:13,200 Although the emails are harmless, employees\n 325 00:28:13,200 --> 00:28:17,799 informed that it is part of a user awareness\n 326 00:28:18,869 --> 00:28:23,928 So, that’s an example of a user awareness\nprogram. 327 00:28:23,929 --> 00:28:28,380 User training programs are more formal than\n 328 00:28:28,380 --> 00:28:34,490 For example, dedicated training sessions which\n 329 00:28:34,490 --> 00:28:39,470 how to create strong passwords, and how to\n 330 00:28:39,470 --> 00:28:43,950 These should happen when employees enter the\n 331 00:28:46,109 --> 00:28:51,289 Another essential element of a security program\n 332 00:28:51,289 --> 00:28:57,009 equipment and data from potential attackers\n 333 00:28:57,009 --> 00:29:02,480 areas such as network closets or data center\nfloors. 334 00:29:02,480 --> 00:29:06,919 This is not just to prevent people outside\n 335 00:29:08,529 --> 00:29:15,178 Even within the company, access to these areas\n 336 00:29:15,179 --> 00:29:19,169 Multifactor locks can protect access to these\nrestricted areas. 337 00:29:19,169 --> 00:29:24,290 For example, a door that requires users to\n 338 00:29:25,289 --> 00:29:30,940 That’s something you have, a badge, and\n 339 00:29:30,940 --> 00:29:36,690 Badge systems are very flexible, and permissions\n 340 00:29:36,690 --> 00:29:41,490 For example, permissions can be easily removed\n 341 00:29:44,130 --> 00:29:49,520 This allows for strict, centralized control\n 342 00:29:49,519 --> 00:29:54,730 Okay, before moving on to the quiz let’s\nreview what we covered. 343 00:29:54,730 --> 00:30:00,558 First we covered some key security concepts\n 344 00:30:00,558 --> 00:30:04,779 exploits, threats, and mitigation techniques. 345 00:30:04,779 --> 00:30:09,319 Then we looked at some common attacks, from\n 346 00:30:09,319 --> 00:30:13,149 attacks which target people, not devices. 347 00:30:13,150 --> 00:30:17,380 Then passwords and multi-factor authentication,\n 348 00:30:17,380 --> 00:30:21,390 you know, something you have, and something\nyou are. 349 00:30:24,359 --> 00:30:28,329 Authentication is the process of verifying\na user’s identity. 350 00:30:28,329 --> 00:30:33,539 Authorization is the process of controlling\n 351 00:30:33,539 --> 00:30:38,059 And accounting is keeping track of what the\nuser does. 352 00:30:38,059 --> 00:30:43,990 Finally I introduced some elements of an enterprise’s\n 353 00:30:43,990 --> 00:30:46,548 user training, and physical access control. 354 00:30:46,548 --> 00:30:49,220 So, that was a lot to cover. 355 00:30:49,220 --> 00:30:53,390 But if you learn the information in this video,\n 356 00:30:55,839 --> 00:31:00,009 In the next few videos we’ll take a closer\n 357 00:31:02,109 --> 00:31:06,538 Make sure to watch until the end of the quiz\n 358 00:31:07,990 --> 00:31:13,160 Okay, let’s go to question 1 of the quiz. 359 00:31:13,160 --> 00:31:19,170 Which part of the CIA triad ensures that systems\n 360 00:31:19,170 --> 00:31:25,029 Pause the video now to look at the options\n 361 00:31:25,029 --> 00:31:32,410 Okay, the best answer is D, availability,\n 362 00:31:34,819 --> 00:31:40,619 A, confidentiality, means that data should\n 363 00:31:40,619 --> 00:31:45,509 B, integrity, means that data should only\n 364 00:31:45,509 --> 00:31:50,929 C, E, and F are aspects of AAA, not the CIA\ntriad. 365 00:31:50,929 --> 00:31:55,390 Okay, let’s go to question 2. 366 00:31:55,390 --> 00:32:00,140 Which of the following terms refers to the\n 367 00:32:00,140 --> 00:32:05,730 is taken advantage of to attack a system?\n 368 00:32:09,250 --> 00:32:12,880 Okay, the best answer is A, threat. 369 00:32:12,880 --> 00:32:20,660 A threat is the possibility that a vulnerability\n 370 00:32:20,660 --> 00:32:23,570 Mitigation techniques can be used to reduce\nthat possibility. 371 00:32:28,410 --> 00:32:33,380 Your company implements door locks that require\n 372 00:32:36,150 --> 00:32:41,490 (select the two best answers) Pause the video\n 373 00:32:44,558 --> 00:32:54,609 Okay, the best answers are C, physical access\n 374 00:32:54,609 --> 00:33:01,069 Physical access control allows only authorized\n 375 00:33:01,069 --> 00:33:06,429 Multi-factor authentication uses a combination\n 376 00:33:06,430 --> 00:33:11,060 this case something in the ‘something you\n 377 00:33:11,059 --> 00:33:14,019 in the ‘something you know’ category,\nthe pass code. 378 00:33:18,500 --> 00:33:23,259 Which of the following is NOT an example of\n 379 00:33:23,259 --> 00:33:28,808 Pause the video now to look at the options\n 380 00:33:28,808 --> 00:33:36,950 Okay, the best answer is C, doing a retina\n 381 00:33:36,950 --> 00:33:41,500 Why is this not multifactor authentication,\n 382 00:33:41,500 --> 00:33:47,480 It’s because the key of multifactor authentication\n 383 00:33:47,480 --> 00:33:50,000 from something you know, have, and are. 384 00:33:50,000 --> 00:33:55,990 A retina scan and a fingerprint scan both\n 385 00:33:55,990 --> 00:33:58,150 so this is not multifactor authentication. 386 00:34:03,779 --> 00:34:07,769 Which of the following is considered Accounting\n 387 00:34:07,769 --> 00:34:13,269 Pause the video now to look at the options\n 388 00:34:13,269 --> 00:34:21,469 Okay, the best answer is D, logging the date\n 389 00:34:21,469 --> 00:34:24,829 Accounting is all about keeping track of a\nuser’s actions. 390 00:34:24,829 --> 00:34:30,000 A and C are examples of authorization, and\n 391 00:34:32,440 --> 00:34:38,023 Now let’s take a look at a bonus question in Boson Software’s 392 00:37:06,159 --> 00:37:09,368 There are supplementary materials for this\nvideo. 393 00:37:09,369 --> 00:37:13,110 There is a flashcard deck to use with the\nsoftware ‘Anki’. 394 00:37:13,110 --> 00:37:15,740 This time there won’t be a packet tracer\npractice lab. 395 00:37:15,739 --> 00:37:20,979 Instead, I’ll do a bonus demo of one of\n 396 00:37:20,980 --> 00:37:26,170 DHCP starvation attack, using a Linux distribution\n 397 00:37:26,170 --> 00:37:29,309 That will be in the next video. 398 00:37:29,309 --> 00:37:34,029 Before finishing today’s video I want to\n 399 00:37:34,030 --> 00:37:37,330 To join, please click the ‘Join’ button\nunder the video. 400 00:37:37,329 --> 00:37:44,309 Thank you to Khoa, Justin, Christopher, Sam,\n 401 00:37:44,309 --> 00:37:50,489 Serge, Njoku, Viktor, Roger, Raj, Kenneth,\n 402 00:37:50,489 --> 00:37:55,719 Gustavo, Prakaash, Nasir, Erlison, Marko,\n 403 00:37:55,719 --> 00:37:59,789 Mark, Yousif, Boson Software, Devin, Yonatan,\nand Vance. 404 00:37:59,789 --> 00:38:05,389 Sorry if I pronounced your name incorrectly,\n 405 00:38:05,389 --> 00:38:11,190 This is the list of JCNP-level members at\n 406 00:38:12,190 --> 00:38:16,849 If you signed up recently and your name isn’t\n 407 00:38:20,389 --> 00:38:24,440 Please subscribe to the channel, like the\n 408 00:38:24,440 --> 00:38:27,630 with anyone else studying for the CCNA. 409 00:38:27,630 --> 00:38:30,630 If you want to leave a tip, check the links\nin the description. 410 00:38:30,630 --> 00:38:36,269 I'm also a Brave verified publisher and accept\n 34136