


	More Testimonials >

Visit my blog for free daily Cisco CCNA and CCNP certification questions, my latest free articles and tutorials, and more!

Cisco CCNA Security Certification Exam Tutorial

Planning A Successful Network Security Strategy

By Chris Bryant, CCIE #12933

Whether you're studying for the CCNA Security exam (640-553 IINS, by the way) or planning your production network's security deployment, it's important to remember that not all network threats are designed as a simple and obvious attack on your network perimeter.

I mention this since it's human nature to plan a defense by concentrating on the obvious entry points, and to allow innocent-looking objects to enter. The Trojans did just that with a little present the Greeks left them...

Trojan Horse

... and we all know how that worked out.

(Thanks to Wikipedia for the illustration, which is in the public domain.)

The original Trojan Horse was an effective attack that was launched inside the Trojan defenses, and it's that kind of attack we have to keep in mind as network admins when planning our network security strategy.

Take a look at this simple network topology:

CCNA Security Network Example

In determining the network security approach you want to take, your first inclination will likely be to examine that router and the kinds of packets it's accepting and denying - and that's a great idea!

That single entry point into your network is open to many different types of attack, and you'll learn all about those during your CCNA Security studies.

What you don't want to do is make the router the only device in this network you concentrate on - because every single router, server, switch, and end user in this network is a potential security threat.

Sounds harsh, but it's true. Ever had one of your end users innocently click on a banner that said something like "CLICK HERE FOR FUN CURSORS!" and it turned out to be malware?

They didn't mean to do it. They didn't mean to launch an attack on your network from the inside. But it's done, nonetheless.

There are other types of network attacks that may be launched from the outside of your network, but the information was gathered while someone or something was inside your network - say, the person looking over your shoulder while you looked at the following configuration?

line vty 0 4
privilege level 15
password success
login

Just by peeking at that small part of your router's configuration, the potential intruder knows that you have only one single password set for Telnet access, what that password is, and that they'll be placed at the highest privilege level possible when they log in. Not good!

Certainly, learning about the many different kinds of potential attacks is vital for today's network admins - not to mention earning your CCNA Security certifications!

It's just as important to keep in mind that not all network attacks originate from the outside of your network - and that it's just as important to defend your network's interior as well as its perimeter!

You can start reading about and testing your knowledge of different network attacks and defenses on my CCNA Security Exam Resource Page.

I'm Paying It Forward - To You.

Get CCNA Security Certified Today - For $20.