عرض مشاركة واحدة
قديم 12-02-2010, 10:45 AM   #14
elbass
:: سيسكو نشيط ::
 
الصورة الرمزية elbass
 
تاريخ التسجيل: Jul 2010
المشاركات: 71
شكراً: 1
تم شكره 55 مرة في 18 مشاركة
elbass will become famous soon enough
افتراضي رد: دورة ccda للمهندس رامى كاملة


الفصل الثالث عشر
Security
الأمــن

أقسام الفصل الرئيسية

Denial of Services Attack

Reconnaissance Attack
Traffic Attack

Network Security Practices

Physical Security

AAA

SAFE Blueprint

SAFE Guidelines for Securing the Internet Connectivity Module

SAFE Guidelines for Securing the E-Commerce Module

SAFE Guidelines for Securing the Remote Access and VPN Module

SAFE Guidelines for Securing the WAN Module

SAFE Guidelines for Securing the Network Management Module

SAFE Guidelines for Securing the Server Farm Module




Cisco Network Security is divided into:
شبكات أمن وأمان سيسكو تقسم إلى:

Data Integrity
سلامة البيانات
Data Confidentially
سرية البيانات
Data Availability
توفرية البيانات

السؤال
Network security aims to provide data integrity, data confidentiality, and system availability. What is the meaning of data integrity?
الجواب
Data integrity means that the network data is valid and has not been changed or tampered with in any way.

Major threats include the following:
التهديدات تتضمن :

Integrity Violation
انتهاك السلامة
Confidentially breaches
الخروقات سراً

Denial of Services Attack
الهجوم على الخدمات

Denial of Services (DoS) attacks compromise the availability of data. They typically involve flooding a network system with bogus traffic
وهذا الخطر يساوم توفرية البيانات ويتضمن فيضان الشبكة ناهيك عن التلاعب في آلية تدفق البيانات داخل المنظومة


السؤال

Many types of attacks involve sending a host a malformed message that is known to cause an error, or overwhelming the host with massive amounts of data. What are these types of attacks typically called?
الجواب
These types of attacks are typically called Denial of Service attacks.





Reconnaissance Attack
هجوم استطلاع

Under a Reconnaissance Attack, the network is being searched or scanned for the potential targets
ومن اسمه يتم الاستطلاع واكتشاف الأهداف المحتملة بعد البحت والتحري داخل الشبكة




السؤال
Many attacks involve searching the network for addresses, possible targets, and security gaps. What are these types of attacks typically called?
الجواب
These attacks are typically called reconnaissance attacks.

Traffic attacks
These attacks occur when data flowing through a network is compromised
تحدث هذه الهجمات عند تدفق البيانات في شبكة منذرة بالخطر(شبكة مساوم عليها)

Network Security Practices
ممارسات أمن الشبكة

Risk Assessment
Defines the potential threats that exist
التهديدات المحتمل وجودها

Security Policy
السياسية الأمنية
Defines how risks are managed
كيقية إدارة التهديدات

Security Design
Implements the security policy
طريقة تطبيق السياسية الأمنية

Physical Security
أمن وأمان البيانات الفيزيائية-الطبيعية
ومنها التعليمات التي يجب مراعتها أثناء تطبيق هذا المفهوم:
Include Physical Access Control
التحكم الكامل في الشبكة

Determine breaches physical access can effect other security consoles
حساب الخروقات التي تؤثر على أمان المعلومات الأخرى

Be able to recover quickly from theft
العودة الطبيعة بعد الهجوم

Ensure that you protect communications over insecure networks that you do not own
الحماية من الشبكات المتصلة معك والتي قد تكون غير آمنة

AAA
AAA should be used in a secure network
Authentication
التحقق
Verify the identity of the user who wants to access network resources
التحقق من هوية المستخدم التي يريد الدخول لمصادر الشبكة

Authorization
التفويض
What can the user do in the network
ما هي الصلاحيات التي بمقدوره المستخدم عملها في الشبكة

Accounting
المراقبة
Monitoring the access to the network
مراقبة الوصول إلى الشبكة

السؤال
Provide at least two reasons why it so important to physically secure a router or switch.
الجواب
It is important to physically secure these devices for the following reasons:
الموضوع الأصلى من هنا: منتديات سيسكو التعليمية | كن بين الخبراء ! http://www.ciscovb.com/vb/2119-post15208.html

- Console access allows an administrator to override any security that is placed on the device
- Theft
- Installation of software directly
- Installation of new hardware directly

السؤال
Provide at least two of the physical security guidelines recommended by Cisco.
الجواب
Cisco recommends the following physical security guidelines:

- Deploy adequate physical access controls
- To the extent possible, ensure that physical access cannot comprise other security measures
- Ensure that you can recover easily in the event of device theft
- Be sure to use cryptography for data that travels on equipment or networks that are out of your control

السؤال
What does the acronym AAA stand for? What does each word mean to network security?
الجواب
AAA stands for

- Authentication: Verifying a network user's identity
- Authorization: Verifying that the user is permitted do what they are trying to do
- Accounting: Auditing access of recourses for security and billing purposes

السؤال
Name at least five ways a user can authenticate himself on a computer network.
الجواب
There are many ways for authentication to function. The following can be used:

- Username/password
- PIN (personal identification number)
- Private cryptographic key
- Password token card
- Smartcard
- Hardware key
- Fingerprint
- Retina pattern
- Voice
- Face recognition

السؤال
Name at least two authentication guidelines that are recommended by Cisco.
الجواب
Cisco Systems recommends the following:

- Use strong authentication on users from external networks
- Use strongest authentication mechanism when the most valuable resources are being accessed
- Make authentication mechanisms user-friendly
- Integrate authentication with existing user databases

السؤال
Name at least one Cisco recommendation when for network authorization.
الجواب
Cisco recommends the following when it comes to authorization on the network:

- Use the principle of least privilege: Each user should use an account the gives him just enough privileges to accomplish what he needs, and no more.
- Use the principle of defense in depth for valuable resources: Each security mechanism should back up others.
- Never trust client-supplied settings.


SAFE Blueprint
The Cisco security architecture for Enterprise (SAFE) blueprint provides a modular approach to securing the network. It also provides best practices for network designers and implementers
سيسكو تقدم طريقة مثلى في عملية توزيع أمن وأمان المعلومات بطريقة متسلسة وتوافيقة لتصميمها وتمثيلها على أكمل وجه

SAFE Guidelines for Securing the Internet Connectivity Module

Firewalls, routers and IDS should be used to prevent network mapping attacks
يجب حماية الموجهات والجدران النارية لمنع أية هجوم

To ensure that the exposed hosts are not compromised, use firewall to protect and IDS to detect
للتأكد بأن المستخدمين المكشوفين لم يُساوموا وبالتالي الجدران النارية للحماية واي دي اس للكشف

To stop hosts from being attacked by compromised use a DMZ, firewalls, LAN Access Control and IDS for monitoring
التحضير واتخاذ الإجراءات قبل الوقوع وبالتالي يستحسن استخدام الأجهزة المذكورة لغرض الحماية

DoS attacks on links –QoS mechanism; IDS
نوع الهجوم والإجراء المتخذ

DoS attacks on hosts –host hardening and firewalls
نوع الهجوم والإجراء المتخذ

Introduction of malicious code-use application filtering
نوع الهجوم والإجراء المتخذ

سيتم وضع أنواع الخطر والاجراء الواجب اتباعه
SAFE Guidelines for Securing the E-Commerce Module

Exposed hosts and applications, use a firewall, host hardening, secure programming and IDS

Hosts attacked from other host, Host hardening, firewalls and ISD

DoS attacks at hosts, DMZ, firewalls, IDS and LAN Access Control


SAFE Guidelines for Securing the Remote Access and VPN Module

Risk of Identity spoofing-strong authentication

Confidentially and integrity-strong encryption

Compromised clients and remote sites-Firewall and viruses scanning


SAFE Guidelines for Securing the WAN Module

Confidentially and integrity-Strong encryption
WAN misconfiguration-WAN peer authentication

SAFE Guidelines for Securing the Network Management Module

Administrator impersonation-Authentication

Compromise of management protocols-secure protocol

Accidental/deliberate misconfiguration- Authorization

Responsibility avoidance –Auditing
Management host-separate management networks, firewalls and IDS

SAFE Guidelines for Securing the Server Farm Module

Compromise of exposed hosts-firewalls, host hardening, secure applications and IDS

Compromise other hosts from compromised hosts-firewalls, IDS and LAN access control


السؤال
The Internet Connectivity Module often features a DMZ. What is a DMZ?
الجواب
A demilitarized zone (DMZ) network contains a host that has been compromised. A DMZ is typically created using two firewalls, and it permits public access for select services.

السؤال
What is spoofing in network security?
الجواب
Spoofing means that the client is falsifying its true identity. IP address spoofing is a common method for gaining access to secured networks
ودمتم.
__________________
طالب الحق يكفيه دليل ، و صاحب الهوى لا يكفيه ألف دليل
الجاهل يُعلّم و صاحب الهوى ليس لنا عليه سبيل

التعديل الأخير تم بواسطة elbass ; 12-02-2010 الساعة 11:40 AM
elbass غير متواجد حالياً   رد مع اقتباس
 

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36