chapter thirty five

35 Security Concepts

This chapter covers

Key security concepts and common attacks
User authentication via passwords and alternatives
Controlling and tracking user access with AAA
Securing a network with firewalls and IPS

The most secure network would be a closed system, like a house with no doors or windows. But just like a house with no doors or windows would be uninhabitable, a completely isolated network would be counterproductive. The entire purpose of a network is connectivity—the ability to share, communicate, and access resources both within and outside of its confines.

In the real world, networks need to interact with other networks, applications, and users. But this interconnectivity introduces vulnerabilities from a variety of angles, so security concerns must always be at the forefront of any network design. The CCNA isn’t a cybersecurity certification per se. However, just as networking is an essential skill for nearly any IT professional, the same can be said of security. A system is only as secure as its weakest link, and security is everyone’s responsibility—including those in non-IT roles. In this chapter, we’ll cover a variety of fundamental security concepts. Specifically, we will cover the following CCNA exam topics:

35.1 Key security concepts

35.1.1 The CIA triad

35.1.2 Vulnerabilities, exploits, and threats

35.2 Common threats

35.2.1 Technical threats

35.2.2 Social engineering

35.3 Passwords and alternatives

35.3.1 Password-related best practices

35.3.2 Multi-factor authentication

35.3.3 Digital certificates

35.4 Users access control with AAA

35.4.1 AAA components

35.4.2 AAA protocols

35.4.3 IEEE 802.1X

35.5 Firewalls and IPS

35.5.1 Stateful packet filtering

35.5.2 Next-generation firewalls

35.6 Summary