Franske Forum Posting Sample First Posts

From ITCwiki
Jump to navigation Jump to search

Example 1

This example post comes from an early chapter in the CCNA Security course. You can see that both the most important and most interesting parts of the chapter were clearly discusses as well as what the author thinks is the reason they are interesting and important. Questions related to the content of the chapter have been included making it easier for other students to respond to the posting.

Post

Most Important: It seemed like the most important topic covered by this chapter was an overview of security threats in section 1.2 (i.e. threat vectors, virus/trojan/worm/malware, hackers), the types of hackers (black/grey/white hat, hacktivists, state-sponsored), the types of tools they employ (password crackers, packet sniffers/crafters, rootkits to name a few), and the categories of attacks (eavesdropping, spoofing, DoS, man-in-the-middle, reconnaissance, etc) to give us an idea of how important security is in today's networks and ways to potentially mitigate against those threats (as covered in section 1.3).

Most Interesting: One interesting part of the chapter to me was the discussion of 'honeypot' servers and how Norse Dark Intelligence purposefully deploys these decoy servers and study how hackers attempt to breach their security. Afterward, they provide the information to organizations for examination allowing them to come up with countermeasures against it. Similarly, Cisco provides information and mitigation techniques against current attacks on their Cisco Security Intelligence Operations (SIO) site for network administrators.

Another interesting part of the chapter to me was just how secure Data Center Networks are. Because of the amounts of sensitive business data they house, they are not only securely interconnected to corporate sites (e.g. via VPN/ASA devices) but also require many levels of physical security; Some examples include security officers, fences/gates, video surveillance, alarms, motion detectors, traps, and bio-metric access/exit (such as a badge ID to enter the trap and then facial/fingerprint recognition to enter and exit the data hall).


Questions: How do they make a 'honeypot' server an attractive enough target for hackers? Do they leave certain vulnerabilities open on purpose, make them conspicuous enough, or are networks so routinely under attack that none of these measures are necessary?

Also, when a virtual machine hosted on cloud computing that has outdated security (hasn't been powered on in a long time for example) connects to the internet, would that be considered a threat vector to the rest of the network (like hyperjacking) or is the sand-boxed nature of virtual machines enough of a preventive measure?