Cisco 网络安全部署 内部员工培训材.ppt

1、25021335_06_2000_c2 1 2000, Cisco Systems, Inc. 2 2000, Cisco Systems, Inc. 25021335_06_2000_c2Deploying Secure NetworksSession 250225021335_06_2000_c2 3 2000, Cisco Systems, Inc. What You Can Expect to Learn “Network security is a system”Detailed network attack methodologyThreat mitigation optionsN

2、etwork security design componentsSpecific optimizations to existing infrastructure25021335_06_2000_c2 4 2000, Cisco Systems, Inc. Deploying Secure Networks Security Threat Components Security Designan Example Design Under Fire Threat Mitigation Design Optimizations Security Designa Better Example De

3、sign Under Fire (2)25021335_06_2000_c2 5 2000, Cisco Systems, Inc. Distributed Denial of Service (DDoS)25021335_06_2000_c2 6 2000, Cisco Systems, Inc. Smurf AttackICMP REQ D=160.154.5.255 S= 172.18.1.2160.154.5.0Attempt toOverwhelm WANLink to DestinationICMP REPLY D=172.18.1.2 S=160.154.5.19ICMP REP

4、LY D=172.18.1.2 S=160.154.5.18ICMP REPLY D=172.18.1.2 S=160.154.5.17ICMP REPLY D=172.18.1.2 S=160.154.5.16ICMP REPLY D=172.18.1.2 S=160.154.5.15ICMP REPLY D=172.18.1.2 S=160.154.5.14172.18.1.225021335_06_2000_c2 7 2000, Cisco Systems, Inc. HandlerSystems2. Install Software toScan for, Compromiseand

5、Infect AgentsDDoS, How Does It Work?ClientSystem1. Scan for Systems to Hack4. Client IssuesCommands toHandlers whichControl Agentsin a Mass AttackAgentSystems3. Agents Get Loaded with Remote Control Attack Software25021335_06_2000_c2 8 2000, Cisco Systems, Inc. Stacheldraht AttackLegitimate Customer

6、ClientHandlerAgents (25)HandlerAgents (25)HandlerAgents (25)xInternet25021335_06_2000_c2 9 2000, Cisco Systems, Inc. Stacheldraht AttackLegitimate CustomerClientHandlerAgent (25)HandlerAgent (25)HandlerAgent (25)Internet* stacheldraht * (c) in 1999 by .trying to connect.connection established.-enter

7、 the passphrase : sicken-entering interactive session.* welcome to stacheldraht *type .help if you are lamestacheldraht(status: a!1 d!0).micmp 25021335_06_2000_c2 10 2000, Cisco Systems, Inc. Stacheldraht Transport DetailsSRC: ClientClient CommunicationAgent to Handler CommunicationAgent to Handler

8、Communication (Spoof Check)DST: HandlerPort: 16660Data: Encrypted Via blowfishSRC: AgentDST: HandlerICMP Data:SkillzSRC: HandlerDST AgentICMP Data:FickenICMP ID:666ICMP ID:667SRC:3.3.3.3DST: HandlerICMPType:0 (Echo Reply)ICMP Data:Agent IPSRC: HandlerDST: AgentICMP Data: SpoofworksICMP ID:666ICMP ID:1000ICMPType:0 (Echo Reply)ICMPType:0 (Echo Reply)ICMPType:0 (Echo Reply)