Secure Networking Threats

This chapter covers the following topics:

  • The Attack Process
  • Attacker Types
  • Vulnerability Types
  • Attack Results
  • Attack Taxonomy

Though the enemy be stronger in numbers, we may prevent him from fighting. Scheme so as to discover his plans and the likelihood of their success.

Sun Zi, The Art of War

That vulnerability is completely theoretical.


As discussed in Chapter 2, "Security Policy and Operations Life Cycle," when considering the characteristics of your network security system, you must understand the likely threats your network will encounter. The bulk of the information contained in this chapter outlines the various attack classes you must consider when designing your network. Because this book is focused on the network rather than the computer, the threats are oriented accordingly. Application layer attacks, for example, are grouped into one subheading and summarized, while network-based attacks are highlighted in more detail.

The material in this chapter can be used in three ways:

  • As the foundation information necessary to complete the risk analysis referenced in Figure 2-1. You still must map the threats discussed here against your own environment, but this will be a good start.
  • As foundation material going into Chapter 4, "Network Security Technologies." Chapter 4 presents the network security technologies at your disposal. The capability of these technologies to mitigate the threats outlined in this chapter should be a main criterion in selecting specific technologies for your network security system.
  • As a frame of reference. Later in the book, sample secure network designs are presented. The threats outlined here can be evaluated against those designs to determine the effectiveness of the entire network security system.


This is not the "learn how to hack" chapter. If you are looking for that sort of information, you would be better served by a book focused on that subject. This chapter merely attempts to describe the kinds of attacks so that you have a frame of reference for the terms you'll read about in the rest of the book. It is also worth noting that the skill sets required to break something and to fix something do not overlap 100 percent.

The following sections outline the attack process, types of attackers, and the varieties of vulnerabilities, and they set up the final two sections that cover attack results and attack classes.

Part I. Network Security Foundations

Network Security Axioms

Security Policy and Operations Life Cycle

Secure Networking Threats

Network Security Technologies

Part II. Designing Secure Networks

Device Hardening

General Design Considerations

Network Security Platform Options and Best Deployment Practices

Common Application Design Considerations

Identity Design Considerations

IPsec VPN Design Considerations

Supporting-Technology Design Considerations

Designing Your Security System

Part III. Secure Network Designs

Edge Security Design

Campus Security Design

Teleworker Security Design

Part IV. Network Management, Case Studies, and Conclusions

Secure Network Management and Network Security Management

Case Studies



Appendix A. Glossary of Terms

Appendix B. Answers to Applied Knowledge Questions

Appendix C. Sample Security Policies

INFOSEC Acceptable Use Policy

Password Policy

Guidelines on Antivirus Process


Network Security Architectures
Network Security Architectures
ISBN: 158705115X
EAN: 2147483647
Year: 2006
Pages: 249
Authors: Sean Convery © 2008-2020.
If you may any questions please contact us: