Pass Cisco CCIE Security Certification Exams in First Attempt Easily
Latest Cisco CCIE Security Certification Exam Dumps, Practice Test Questions
Accurate & Verified Answers As Experienced in the Actual Test!
- Premium File 565 Questions & Answers
Last Update: May 28, 2023
- Training Course 299 Lectures
- Study Guide 1419 Pages
Check our Last Week Results!
Download Free Cisco CCIE Security Practice Test, CCIE Security Exam Dumps Questions
Free VCE files for Cisco CCIE Security certification practice test questions and answers are uploaded by real users who have taken the exam recently. Sign up today to download the latest Cisco CCIE Security certification exam dumps.
Cisco CCIE Security Certification Practice Test Questions, Cisco CCIE Security Exam Dumps
Want to prepare by using Cisco CCIE Security certification exam dumps. 100% actual Cisco CCIE Security practice test questions and answers, study guide and training course from Exam-Labs provide a complete solution to pass. Cisco CCIE Security exam dumps questions and answers in VCE Format make it convenient to experience the actual test before you take the real exam. Pass with Cisco CCIE Security certification practice test questions and answers with Exam-Labs VCE files.
Network Security Concepts
1. Network Security Terminology
Now in this video we'll talk about some of the basics of network security, like the importance of network security, and then we'll try to understand some of the terminologies relating to network security. So let's get started with network security first. Now, any network security is important because if you don't properly secure your network, it may involve some risk, which can lead to some financial, legal, or political issues or even some data loss. On the Internet, you may notice some attacks where an attacker tries to enter a network or possibly some kind of malicious code or malicious traffic that can impact the performance of your network. As a network engineer, it is our responsibility to ensure that the network is as secure as possible. So in this section, we'll try to understand some of the basic technologies and what we use when it comes to network security. The first one is like an asset. An asset is simply what you want to protect and make available to your organization. And this will differ depending on each individual organization.
As an example, it can be read to some property documents, such as your corporate property documents or information about people, or information or data that adds value to the company. So it can be company records or maybe some client information or some kind of proprietary software, what you have prepared, and so on. Okay, so you need to make sure that you actually secure your assets. So that is the valuable thing that you want to secure. Vulnerability is a term used to define possible weaknesses in your network, and based on those weaknesses, attackers may introduce some kind of attack. For example, if you have a protocol weakness, you are using some kind of protocol that an attacker can actually exploit, or based on that protocol, you can reduce some attacks in the future. As an example, suppose you're connecting to a remote device via the telnet protocol. But TELNET is actually in clear text. So if you are using any kind of remote session, by using telnet, attackers can actually capture your traffic, and that information goes in clear text, and you can get the username and the password, and you can see the password. Or maybe some kind of weakness or vulnerability exists in your operating systems.
For example, suppose you're using an old Windows operating system that has some issues, possibly vulnerabilities, and you don't have any updated patches installed on it. An attacker will learn what operating system you're using, and if he discovers any specific vulnerabilities in that operating system, you can use that information to launch an attack in the future. Other possibilities include applications, what we're using, or possibly some kind of design issue if you don't properly design your network in accordance with the security implications property. So another term is "threat." A threat is like an event that can cause damage to your systems, or an attacker may use some existing vulnerabilities in your network to introduce some kind of attack. That's what we call a threat. And the threats can be physical like you have some fire or some water or earthquake kind of things which cannot be avoided. Or maybe some kind of malicious activity, like trying to access some website. A user in my company attempts to access a website, and he visits the website and views some content, which most likely installs malicious code on your computer. and then it's going to spread on the network. And based on that attacker can introduce some attacks. These are possible threats or any other kind of attack, like fishing or social media attacks. We'll talk about different possible attacks in more detail in the coming posts. Anyways, now the risk, risk is like a probability of threat, potential threat, probability of the threat which can happen on the event to happen. It's like a user is trying to gain unauthorized access to the asset. Like maybe my user, who belongs to the sales department, is trying to access some resources on the accounts, or maybe he's trying to access or introduce some kind of attack that is going to bring my network down. Okay, so the risk is nothing, but there is the potential for compromise of your assets or unauthorized access to the assets. Or maybe it can also damage the asset, like completely deleting the files or something like that. Now again, "countermeasure" is a term used to define what appropriate action we are going to take to overcome these possible threats or risks. So it's nothing but a safeguarding feature. Safeguards or mitigations We also call it "how exactly we overcome these possible threats and attacks."
2. Goals of Network Security
Okay, in this video, we'll talk about some major goals of network security. like network security objectives. Objectives actually involve three basic concepts like confidentiality, providing confidence, providing integrity, and making sure that the network is available all the time that it is available. So in general, it's also required for CIA tracking. It's a model that is designed to guide policies for information security within the organization. Let's see what exactly these three terms refer to. So, starting with confidentiality, no one can see the information. If anyone is actually seeing the information, he should be an authorized user. So in simple words, we can say encryption encrypts your data into some unreadable format where no one can actually see it. So if you take an example of any banking websites, let's say I'm sitting here with my computer and I'm doing some transactions to my bank account. Let's say I'm using some banking websites. So, in general, when you go to access, you have something like HTTP and you type in the website, and then you type in your username, password, or ID, whatever it is, and you do some transaction, and it's finished.
So this information actually goes over an untrusted network that is your internet, and maybe an attacker sitting somewhere here is actually watching all the traffic going into your network, and you can capture the traffic and figure out your username and password, and you can do the transaction on behalf of you. So we need to ensure that when the information is moving from your system to the account, it should not appear to anyone. Which means it has to be sent in an unreadable format which anyone captures or anyone captures the package. You cannot actually see the contents and that’s what this Https refers to. So you have normal HTTP, where all the webpages will be shown in clear text, and HTTP, which is this page, is actually encrypted so that no one actually sees information. So this is one normal example of encryption. So any network not only deals with the banking websites, but this is just a general example to understand the basics of security, which we do on a daily basis. However, it could be anything, such as a user from here attempting to access a database from his server, possibly via the internet or a network, and this information should be secure. So confidentiality is concerned with a technology known as encryption, in which you send the information in clear text and we use encryption algorithms to convert it to an unencrypted format. We call it a cypher text and send it over the network; once it arrives at the other end, it will decrypt or convert back to clear text that the user understands. So encryption is when you need to provide confidentiality for data that is moving on the network or through the network, such as when you're accessing some information on the network that is moving from sender to receiver. Or perhaps you're storing some databases, perhaps on a storage server where you keep all of your databases, and you want to make sure that any unauthorized users who try to access them are denied. Okay, so confidentiality ensures that no one can see your information. At the same time, only authorized users are allowed to see the contents or access the contents. So it is done with the help of some encryption technologies. So we'll talk about encryption in more detail in the later topics of the cryptography concepts. But at this point in time, encryption means converting your text into some inedible format by using some strong algorithms.
The next goal of network security is integrity. Now, integrity means ensuring that no one changes your information, because it is possible that you will conduct some kind of transaction. Let's say that I take the same example as the bank. You connect your website, your banking website, via HTTPS, and you perform some transactions in which you attempt to send money from your account. A, maybe you waited some time with multiple accounts, and then you're doing some online transactions with your account; b, maybe somewhere around $100, let's say. Now the information goes through the website, the internet, and then the banking website actually does the transaction for you, probably. Now there is a possibility that an attacker actually captures the packets, or maybe he can modify the contents and change the source. The source is your account, but the destination may change to his account, and at the end, attitude can actually spoof or pretend to be B, and he gets the amount transferred. Or maybe specific amounts can be changed. As an example, the rule is that you say "pay to Terry Smith," probably $100, and then when you send it back, it probably says "pay to Alex Jones." So both the name and the amount change. The attacker is going to claim that and that transaction. So we need to make sure that no one actually modifies the content. If it is modified, it should be dropped. And that is done with the help of some algorithms called hashing algorithms. We use specific algorithms to ensure that data is not modified in transit, and you will be notified automatically if any changes are made, and the transactions will be dropped automatically. Okay, so changes made to the data were done only by the authorized individuals. If any changes are made, it has to be done with the authorized individuals.
Now, this user is authorized. You can make some changes to the existing database, but if any unauthorized user is trying to do that, it's not permitted. Okay, so maybe some kind of file permissions or user access controls if you're accessing something from your database. Now, the third option is availability. Availability implies that the network must be available at all times, just as there are most common Internet attacks, such as Do’s attacks, also known as denial of service attacks, in which the attacker's intention is to ensure that the network or server's performance suffers. Like one example you can for example, like you have you do some online transactions. Let's say you do some online shopping and find two different vendors, ABC and XYZ. Okay? Now the attacker's intention is to make sure that this server is actually busy. That's what we call a "Dell of Service Dinner." Service means the attacker's intention is to send some continuous traffic to this website, which makes this server much busier in responding to requests. And when the valid user is trying to access the server, you don't get your request resolved. As a result, you will most likely have to deal with other vendors. So maybe the competitor, or anyone else, or an attacker, would do it. An attacker can be anyone. So the attacker's intention is to make sure that your server is not up and running. It can be on a server or on a network. It can be anything. Or maybe an attacker can send some kind of malicious traffic to your network, and that makes my router busy responding to that traffic. And maybe if your network gets impacted by that malicious traffic, there will be too much banner traffic on the network because of some kind of attack. We'll see how exactly this denial of service attack works and the different possibilities of the denial of service attack more in detail. So the main goal of network security is to make sure that your network is up and running. Or maybe your server must be up and running all the time, and you must have a 99.99% uptime. Uptime is very important.
3. Threat Types – Mitigation
Now, in this video, we'll try to understand the different types of threads. Mainly there are three types of threads, what have classified here, the first one is physical threads which are relating to some kind of fire or earthquake kind of things. Internal threads, which are coming from within the same network, and external threads, which are coming outside the network Now, physical threads mostly deal with different options. like we have hardware-based threads. Now, in the hardware-based threads, it can be physical damage to your networking devices such as servers, routers, switches, or it can be any other device such as cable plants, end devices, or computers, or it can be related to some electrical threads that are primarily concerned with all electrical components, and it can also be leading to some maintenance-based threads.
Maintenance is leading to, say, poor handling of the electronic components, or maybe you don't have the essential spare parts. You mentioned that you had a router problem, that you had some physical damage to the router, and that it isn't booting up. We need to make sure that we do have some additional spare routers in the network so that I can replace it with a router where I do have a backup of this configuration, then I can replace it and make sure that the network is up and running. So these are typically the physical threads, which are like damage to the networking devices or maybe some electronic-related threats or maybe relating to maintenance. Internal threads are simply threads from users on your network, who may or may not be employees. As an example, the sales user is attempting to access a database from the finance service, which is strictly prohibited, but the user is attempting to do so. So the user can either physically steal or damage the data, or he can simply login to that computer and delete all the databases, and the user probably already knows the network and physical access, and he also has complete knowledge of the internal network because he is inside as his employer working in the company.
Now. There are some mitigation or countermeasures we can use to detect and prevent, such as using physical security by applying physical locks and ensuring that no one, such as I don't want any of the sales users to enter my data center or possibly a rack room, and I don't want him to log into any of the devices, and strictly, you only allow IT department people to get access to specific devices. physical security or adding some cameras. surveillance cameras for monitoring. Furthermore, ID access policies allow a group of users to use their ID cards or ID access to gain access to specific resources for which they are restricted. Also, we must ensure that some kind of data loss prevention mechanism is in place, such as having a backup of the data or if a user attempts to delete it. So we just say that you don't have permissions to delete that. So it's just like applying some permissions to the data where no one can actually delete that information. Now, in internal threads, this is very easy; it's very easy like a user carrying his pen drive where he's trying to access some information from the company or maybe he's uploading some files on the internet to his Gmail account or near the personal email account where he's actually sharing that particular database with the outside users. Now, the threads can be internal and the threats can be external also. So mostly, we call them hackers. Hackers are simply internet users attempting to gain access to your network. Maybe he's trying to get access to your network so that he can get some information about your network. Or maybe he's trying to introduce some kind of attack where his intention is to make sure that your network is down or send some kind of malicious traffic, which can impact the performance of your network.
Or perhaps the devices or an attacker is sending a continuous request to the server, causing your network or the server to go down by executing a log service action. So these are the three different common threads you can have. Like the first one is the physical threats or it can be from the internal internal threads or it can be external threats. And the most common threats you will see in most offices are things like unauthorized users trying to access the network, or maybe they are altering or modifying the information or tapping it, or maybe in the office generally, people leak the information through some kind of hard copy or through some storage media, or even due to some carelessness. So these are all just a list of possible common threats, which are generally more common in most of the offices. Now we need to apply some kind of mitigation for these different security threats. Now, this mitigation or solution can be either proactive or reactive. Now, "proactive" means actually taking action before an attack happens in your network or before that particular threat occurs. We are just applying some security measures like maybe you are configuring some ASAP firewall or any kind of firewall in your network ensuring that any traffic which is coming from the internet, we will configure some policies on this firewall and if any unknown traffic is coming or any unauthorized traffic is coming into my network, that should be denied. And also, I want to restrict the users' ability to access specific traffic on the internet.
So we can control the flow of traffic between the land and the internet by using dedicated devices such as firewalls, which will do everything, and you can also configure some other devices, such as IPS (intrusion prevention system) devices. Or maybe you can configure some policies on the firewall so if it detects any kind of malicious traffic, I can tell my IPS device or the firewall to monitor that traffic, and if it finds any kind of suspicious traffic I want, that particular traffic should be dropped automatically. So that's what "reactive" means when that attack actually happens. Now, again, there are different possible solutions that we'll talk about later on as we go ahead with the implementations. But, in general, if you want to apply some kind of mitigation against a threat, we need to understand what the various possible vulnerabilities and attacks are, figure out what different tools will be available in the market that can provide or secure your networks from those attacks, and also make sure that you're using some kind of updated security solutions, such as a firewall. But nowadays we are using next-generation firewalls, which support more advanced features. So make sure that you're using some of the most up-to-date security solutions in the market and figure out who is providing better solutions. Based on that, you can secure your network and also make sure that the security solutions, whatever you apply, have to integrate as per the security architecture. because of any kind of attack detection.
4. Assets - Classification of Assets
This video will try to explain the asset and the classifications. Now, assets, as we discussed in previous videos, are anything valuable to the organization that must be protected if you are implementing some networks. It could be a property, people, or a database or information stored within the company. So typically, it includes things like company records, client information, or maybe some kind of proprietary software, and so on. In order to provide some network security, it's important to classify the assets. There are some of the basic steps required for you to classify the assets. You need to identify the assets. Identifying the assets totally depends on what kind of asset it is—whether it is an information based. Now again, information includes things like maybe the database or the database files, or maybe some kind of documentation that defines the operations and procedures of the company. Or it can be some kind of software, like maybe some kind of application software you're using in your company, or maybe other kinds of software, like maybe system-related software like an operating system, or maybe some Microsoft Office applications, or it can be any other kind of system-related software, or even something physical. Physical deals with all the physical components, like computers, modems, routers, switches, maybe air conditioners, or power supplies. They all come under a physical kind of asset. So the next thing is that you need to identify the accountability of the asset. Accountability is nothing but the value of that particular asset.
And the actual value of the asset is something we need to figure out because if you're implementing some kind of security depending upon the value of the asset, you need to take some measures to protect that particular asset. If it is a more valuable asset then probably you prefer to apply some more security in the network. Now classification of the asset classification is totally depends upon the confidentiality of that particular asset, the value of that particular asset, the true value, true value majorly the true value is considered as it depends upon the type of asset, so depends upon the value of the asset. You really want to provide some more security if it values more. And also the age of that particular asset, like how long this asset is useful for the company. Because after Sunday period of time specific asset will not be useful. Maybe you have some old records that might not be useful in the next five years. And of course the replacement cost because if any failure in the asset like maybe there's a database file which has been deleted by the user by accidentally or some kind of attack, then how valuable it is and what is the actual cost for the replacement. If, say, a router fails, what is the replacement cost and how long is that particular asset's useful lifetime? So these are the specific conditions we generally see while classifying the assets. And the next thing is, like, roles. Roles represent what is needed to manage these assets. Generally, there are three different types of roles. Owners, like owners, have administrative control over the asset, which means they have full permissions for complete control over that specific asset. And they are like the senior officers in the company—the senior management of the company—who are responsible for managing those particular assets or keeping track of those particular assets, like maybe the CFO of the company or maybe the MD of the company, something like that. and the custody, or the people who do have some technical control of the asset.
And these people are responsible for implementing and executing those particular assets. Assume you have some kind of policy dictated by the owners, such as how things should work or be set up, and the custodians are the people in charge of carrying out those instructions. and finally, the end users. Typically, these users are responsible for protecting and maintaining those assets. As an example, we could say employees, contractors, or third-party providers if you're outsourcing something to a third party. So they do have access to data, and they do have authorized access, and they are responsible for maintaining their particular assets. Now, the classification of the assets depends on different organizations. Like most of the private organizations generally divide the assets into four categories like confidential means highly confidential, maybe your company details or maybe some kind of client information which you don’t want to share with anyone. Some private which is shared only within the company kind of database, sensitive information and public information. Public is like access to everyone, like maybe your web server on the Internet, which needs to be accessed by everyone. Now, similarly, in government organizations, you typically have the designations "top secret," "secret," "confidential," and "sensitive information." So depending upon the organizations, they use different naming conventions to classify the assets. Now, based on that particular classification.
5. Classify Counter Measures
The next thing is classifying the countermeasures. Now, once we identify the risk and the assets of the company, which we did in the previous video, we need to decide what are the different countermeasures, or we can say what are the security steps you're going to apply in your company to reduce the risk of a successful attack. So technically, "countermeasure" means it's like protecting from potential risks or threats or some kind of attack by applying some security policies. So typically, we call them condoms. And once you apply these quantum measures, either we can eliminate the attack or we can at least minimize the impact of that particular attack. Now, mainly, these countermeasures are classified into three main categories. One is administrative controls, physical controls, or technical or logical controls. Administrative control mainly deals with the administrative management of the office. Typically, based on the company's security policies, such as providing some kind of security training to end users or maybe following some standard security policies, or maybe some kind of good hiring practices when you're hiring people or doing some kind of background verification of any contractors or employees before you actually hire them.
In addition, a security audit and test, as well as change controls and confirmation controls, are derived from this. So mainly the administrative control deals with something like the administration department, like hiding the people or managing the people and the resources. And you'll almost certainly need to follow some best practices to ensure that we don't have any vulnerabilities from people. The physical control deals with physical security issues such as appointing security guards or applying logs or safe fragments, or installing some kind of intruder detection system, or setting up a UPS to ensure proper power supply during power outages. It also refer can be like fire suppression systems or the positive air flow systems. So these are mainly dealing with something like physical controls, mostly in the security codes. We are unlikely to deal with these two types of confirmations because our primary focus will be on technical or theological controls, such as installing firewall security devices called firewalls to define policies. what traffic should be allowed on the internet. What traffic should not be allowed or monitoring specific traffic with IPS. monitoring some kind of malicious traffic and setting up some VPNs. Providing some connectivity between the sites or remote access through the internet ensuring some kind of tech-accessory radio service for authentications. Some one-time passwords Smart cards. biometric authentication devices and also implementing some kind of Nexus network admission control system. It's like when a guest user connects, he should probably be assigned to the guest VLAN and should only be able to access the internet; he should not be able to access anything other than the internet. It means this cash user should not be allowed to enter my company's network. That's.
6. Classify Vulnerabilities
The next thing is something called vulnerabilities. Vulnerabilities are flaws in your network, possibly in your system code, or any other flaw that an attacker can exploit to launch an attack. So this particular weakness will reduce the security assurance of your network. As a result, some of the examples, such as vulnerability, may be included in the protocols. You might be using some protocols that are more vulnerable to attacks, or maybe some older operating systems if you are using them, or maybe some kind of application vulnerability. Like you have some mistake in the software code which is used by the attacker to introduce some kind of attacks. Or, in terms of designs, perhaps you don't design your network properly, and an attacker discovers that vulnerability, which you can then exploit to launch an attack. the next thing if you want to classify the different types of vulnerabilities, there are plenty because if you want to provide applied some quantum measure, vulnerability needs to be classified. As an example, understanding the weaknesses in the system or network is important in order to prevent certain types of threats and make certain types of appropriate contributions. So there are different types of vulnerabilities, like maybe policy flaws. as well as your company. There are some security policies applicable. Maybe some issues with the policy or maybe some kind of designing issues. Implementing some protocols that are vulnerable to some kind of attack or misconfiguration in the network that results in communication denial, or it could be any kind of misconfiguration issue, such as incorrect configurations. Software Vulnerabilities humans are also vulnerable twosome kind of attacks where they cannot it just provides some confidential information or some kind of malicious software like virus worms.
7. Network Security - Design Principles
Next thing, we'll talk about some design principles for network security. Now, to properly secure your network, we need to make sure that we are following some basic design principles. Some of them will be discussed here, like the first one starting with network security policies. The network security policies are nothing, but it's like a set of rules that we are going to define in the company that tell what resources they can access and what resources they cannot access. Assume you have some accounts, as in this example. Now we can say an accounts user should be able to only access the resources in the accounts or finance departments, and they should be able to access some internet, but they should not be able to access anything other than that. Perhaps you have an HR department that should have access to all HR-related information other than the Internet.
Or perhaps you have some IT personnel as well as engineers. security engineer can make these changes. Routine fishing engineers can make these changes. So you need to define some kind of security policies because most of the end users, especially the account user, are trying to access some information other than what's defined, and if he's not aware of that, then we can't do anything. So we need to define some policies, like when the employee or the user joins, they should be educated on all the policies, like network security policies, like what they can access and what they cannot access, and what are the rules they should follow? The main job of the network security engineer is once these rules are defined, so probably the network engineer is going to follow these rules or a guide and based on that particular guide he's going to configure the network to make sure that account users should only access the resources on the accounts or on the internet. As a network security engineer, it is our responsibility to properly configure, change, or monitor, log all of these things in accordance with policies, and respond to attacks. If any attack occurs, the next thing is defense in depth.
Now, defense in depth is like a multilayer approach for protecting your network. As an example, suppose I'm installing a firewall in my network, and then we have some specific servers, and we want the users to be connected to the Internet in order to access this service. So we define some firewall policies on the firewall and, based on the policies, traffic is allowed or denied. Now, if the attacker tries to access the servers, he may introduce malicious traffic that firewalls may not detect and that can spread throughout the network. Adding the firewall is really good. However, you must also use a multi-layer approach, such as multiple levels of security, in which you install some kind of antivirus or IPS devices in the network, and at the end users, we generally install some kind of antivirus programmers so that the end devices can detect that, or an IPS device that will detect some kind of malicious traffic, or possibly some kind of firewalls that can filter at the application level firewalls or next generation firewalls. So this is what we call defense in depth. defense in depth. We provide some security in multiple places so that it makes it very difficult for the attacker to get into the network because, when you are just insuring the firewalls, maybe the firewalls have some vulnerabilities, or maybe if you are just using antivirus, maybe all the attacks will not be deleted by the antivirus. But if you are doing this militarchy method, you have multiple levels of security. In general, the next thing is like network segmentation. Network segmentation deals with separating the traffic into zones. Like, you just place all the servers in a separate VLAN, and maybe you just place all the resources in separate VLANs, maybe some kind of DMZ VLAN and some land VLANs, and also make sure that your internet traffic is also separated. So this will ensure that we install some kind of firewalls or security devices or routers, which will decide what traffic is allowed between land and DMZ or DMZ and land, who can access the servers, and which users can access them, or what kind of security policies you want to apply. As a result, segmenting your network rather than putting everything on the same network will make this much easier. So the normal segmentation depends upon like we segment the network based on the assets type or the value or the level of security you want to apply into different VLANs. Typically, we refer to them as zones.
Now the next principle you need to follow is similar to lease privileges. Lease privileges are similar to, say, if I have an end user and we want to give this end user the bare minimum of privileges. Like this end user, let's say the user does not have admin rights, which means he cannot install the application. So he just has very basic access. He only needs to log into the computer, connect to the internet, and use some basic applications. That's it. So you should not give full access to any user, and we will be giving a very minimum access—whatever is required for him to do his job. It can be like, let's say, the users on the Internet. We implement some policies saying that all the traffic and the users sitting on the land can access the internet, but not everything on the internet, so you cannot download the files. So we just give the users the bare minimum of access; what do they need to do basic tasks like confirm some kind of ACL that will deny all traffic and only allow specific traffic that they want? It is up to you whether data should be transferred from land to the internet or from land to specific servers. The next step is similar to the separation of duties. Separation of duties means that no single user or individual should be able to execute a set of tasks, just as there is a possibility that a user, say, tries to copy some files or may end up deleting the files, which can cause a problem in general, or perhaps he's trying to copy the file so that he can leak this file outside the network.
So we need to make sure that that particular user does not have a single level of access. So that means in order to copy the file, probably he should get some permissions from the next level, or he should be able to log in with some user account in order to open the file; maybe he just has read permissions, but he cannot move that particular file. So, similar to multiple user permissions, it's critical that if an event occurs, you do some kind of logging that whenever any user tries to delete or log into the server, you probably need to keep track of when he logged in and what different actions he took, more like an accounting kind of thing. There is also something recommended, so it's really important to prevent a single person from logging into the devices and maybe accidentally deleting or copying the files. The next thing is like the weakest link. Humans are considered the weakest link in your network because they are easily manipulated by social engineering attacks. So typically we need to make sure that the users we need to educate the users probably not to use any kind of weak passwords. Do not use their own names or their pet names probably as a password and we need to educate them to use some complex passwords as well as we need to educate them not to share their credentials or the login details with any unknown persons either on phone or by emails. So keep in mind that the weakest link is humans. Finally, we must ensure that any activity occurring in your network is not caused by users attempting to log into servers, copying files, changing configurations, or changing network configuration. This all should be audited and accounted for by using some external service triple A service we'll talk about this later on sections by using some triplet tech access which can be used for forensic analysis. Accountability is also important so that you can keep track of who logged in and what changes he made, as well as ensure that when the user logs in, we have proper evidence that the user logged in and made some changes.
So when looking for preparing, you need Cisco CCIE Security certification exam dumps, practice test questions and answers, study guide and complete training course to study. Open in Avanset VCE Player & study in real exam environment. However, Cisco CCIE Security exam practice test questions in VCE format are updated and checked by experts so that you can download Cisco CCIE Security certification exam dumps in VCE format.
Cisco CCIE Security Certification Exam Dumps, Cisco CCIE Security Certification Practice Test Questions and Answers
Do you have questions about our Cisco CCIE Security certification practice test questions and answers or any of our products? If you are not clear about our Cisco CCIE Security certification exam dumps, you can read the FAQ below.
Purchase Cisco CCIE Security Certification Training Products Individually