CiscoSecurity.txt

is a program written with malicious intent and sent out by attackers. The virus is transferred to another computer through e-mail, file transfers, and instant messaging. The virus hides by attaching itself to a file on the computer. When the file is accessed, the virus executes and infects the computer. A virus has the potential to corrupt or even delete files on your computer, use your e-mail to spread itself to other computers, or even erase your entire hard drive.Some viruses can be exceptionally dangerous. The most damaging type of virus is used to record keystrokes. These viruses can be used by attackers to harvest sensitive information, such as passwords and credit card numbers. Viruses may even alter or destroy information on a computer. Stealth viruses can infect a computer and lay dormant until summoned by the attacker.

is a self-replicating program that is harmful to networks. A worm uses the network to duplicate its code to the hosts on a network, often without any user intervention. It is different from a virus because a worm does not need to attach to a program to infect a host. Even if the worm does not damage data or applications on the hosts it infects, it is harmful to networks because it consumes bandwidth.

is technically a worm. The Trojan does not need to be attached to other software. Instead, a Trojan threat is hidden in software that appears to do one thing, and yet behind the scenes it does another. Trojans are often disguised as useful software. The Trojan program can reproduce like a virus and spread to other computers. Computer data damage and production loss could be significant. A technician may be needed to perform the repairs, and employees may lose or have to replace data. An infected computer could be sending critical data to competitors, while at the same time infecting other computers on the network.

Technology created by Microsoft to control interactivity on web pages. If ActiveX is on a page, an applet or small program has to be downloaded to gain access to the full functionality.

Programming language that allows applets to run within a web browser. Examples of applets include a calculator or a counter.

Programming language developed to interact with HTML source code to allow interactive websites. Examples include a rotating banner or a popup window.

is a software program that displays advertising on your computer. Adware is usually distributed with downloaded software. Most often, adware is displayed in a popup window. Adware popup windows are sometimes difficult to control and will open new windows faster than users can close them.

or malware is a file or program other then a virus that is potentially harmful. Many grayware attacks are phishing attacks that try to persuade the reader to unknowingly provide attackers with access to personal information. As you fill out an online form, the data is sent to the attacker. Grayware can be removed using spyware and adware removal tools.

a type of grayware, is similar to adware. It is distributed without any user intervention or knowledge. Once installed, the spyware monitors activity on the computer. The spyware then sends this information to the organization responsible for launching the spyware.

is a form of social engineering where the attacker pretends to represent a legitimate outside organization, such as a bank. A potential victim is contacted via e-mail. The attacker might ask for verification of information, such as a password or username, to supposedly prevent some terrible consequence from occurring.

is a form of attack that prevents users from accessing normal services, such as e-mail and a web server, because the system is busy responding to abnormally large amounts of requests. DoS works by sending enough requests for a system resource that the requested service is overloaded and ceases to operate.

• Ping of death – A series of repeated, larger than normal pings that crash the receiving computer
• E-mail bomb – A large quantity of bulk e-mail that overwhelms the e-mail server preventing users from accessing it

is another form of attack that uses many infected computers, called zombies, to launch an attack. With DDoS, the intent is to obstruct or overwhelm access to the targeted server. Zombie computers located at different geographical locations make it difficult to trace the origin of the attack.

also known as junk mail, is unsolicited e-mail, as shown in Figure 1. In most cases, spam is used as a method of advertising. However, spam can be used to send harmful links or deceptive content

• No subject line
• Incomplete return addresses
• Computer generated e-mails
• Return e-mails not sent by the user

• is a person who is able to gain access to equipment or a network by tricking people into providing the necessary access information. Often, the social engineer gains the confidence of an employee and convinces the employee to divulge username and password information.
• A social engineer may pose as a technician to try to gain entry into a facility, as shown in Figure 1. Once inside, the social engineer may look over shoulders to gather information, seek out papers on desks with passwords and phone extensions, or obtain a company directory with e-mail addresses.

Randomly opens TCP ports, tying up the network equipment or computer with a large amount of false requests, causing sessions to be denied to others

Gains access to resources on devices by pretending to be a trusted computer

Intercepts or inserts false information in traffic between two hosts

Uses network sniffers to extract usernames and passwords to be used at a later date to gain access

Changes the DNS records on a system to point to false servers where the data is recorded

• is the process of removing sensitive data from hardware and software before recycling or discarding. Hard drives should be fully erased to prevent the possibility of recovery using specialized software. It is not enough to delete files or even format the drive. Use a third party tool to overwrite data multiple times rendering the data unusable. The only way to fully ensure that data cannot be recovered from a hard drive is to carefully shatter the platters with a hammer and safely dispose of the pieces.
• Media like CDs and floppy disks must also be destroyed. Use a shredding machine that is designed for the purpose.

Radio Frequency Identification

• BIOS – Prevents BIOS settings from being changed without the appropriate password
• Login – Prevents unauthorized access to the network

Encrypting data uses codes and ciphers. Traffic between resources and computers on the network can be protected from attackers monitoring or recording transactions by implementing encryption. It may not be possible to decipher captured data in time to make any use of it.

Every communication using TCP/IP is associated with a port number. HTTPS, for instance, uses port 443 by default. A firewall, as shown in Figure 2, is a way of protecting a computer from intrusion through the ports. The user can control the type of data sent to a computer by selecting which ports will be open and which will be secured. Data being transported on a network is called traffic.

the first generation security standard for wireless. Attackers quickly discovered that WEP encryption was easy to break. The encryption keys used to encode the messages could be detected by monitoring programs. Once the keys were obtained, messages could be easily decoded.

an improved version of WEP. It was created as a temporary solution until the 802.11i (a security layer for wireless systems) was fully implemented. Now that 802.11i has been ratified, WPA2 has been released. It covers the entire 802.11i standard.

a wireless security protocol created by Cisco to address the weaknesses in WEP and WPA. LEAP is a good choice when using Cisco equipment in conjunction with operating systems like Windows and Linux.

• 1. Leap Security
• 2. WPA
• 3. WEP 128
• 4. WEP 64
• 5. No Securtiy