CCNA Security

Lab - Researching Network Attacks and Security Audit

Tools/Attack Tools
Objectives
Part 1: Researching Network Attacks
 Research network attacks that have occurred.
 Select a network attack and develop a report for presentation to the class.
Part 2: Researching Network Security Audit Tools and Attack Tools
 Research network security audit tools.
 Select a tool and develop a report for presentation to the class.

Background / Scenario
Attackers have developed many tools over the years to attack and compromise networks. These attacks take
many forms, but in most cases, they seek to obtain sensitive information, destroy resources, or deny
legitimate users access to resources. When network resources are inaccessible, worker productivity can
suffer, and business income may be lost.
To understand how to defend a network against attacks, an administrator must identify network vulnerabilities.
Specialized security audit software, developed by equipment and software manufacturers, can be used to
help identify potential weaknesses. These same tools used by individuals to attack networks can also be used
by network professionals to test the ability of a network to mitigate an attack. After the vulnerabilities are
discovered, steps can be taken to help protect the network.
This lab provides a structured research project that is divided into two parts: Researching Network Attacks
and Researching Security Audit Tools. Inform your instructor about which network attack(s) and network
security audit tool(s) you have chosen to research. This will ensure that a variety of network attacks and
vulnerability tools are reported on by the members of the class.
In Part 1, research network attacks that have actually occurred. Select one of these attacks and describe how
the attack was perpetrated and the extent of the network outage or damage. Next, investigate how the attack
could have been mitigated, or what mitigation techniques might have been implemented to prevent future
attacks. Finally, prepare a report based on the form included in this lab.
In Part 2, research network security audit tools and attack tools. Investigate one that can be used to identify
host or network device vulnerabilities. Create a one-page summary of the tool based on the form included
within this lab. Prepare a short (5–10 minute) presentation to give to the class.
You may work in teams of two, with one person reporting on the network attack and the other reporting on the
tools. All team members deliver a short overview of their findings. You can use live demonstrations or
PowerPoint, to summarize your findings.

Required Resources
 Computer with Internet access for research
 Presentation computer with PowerPoint or other presentation software installed
 Video projector and screen for demonstrations and presentations

© 2021 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 4
Lab - Researching Network Attacks and Security Audit Tools

Part 1: Researching Network Attacks

In Part 1 of this lab, you will research real network attacks and select one on which to report. Fill in the form
below based on your findings.

Step 1: Research various network attacks.

List some of the attacks you identified in your search.
1: Wikileaks.
2: Sony playstation network
3 : Cambridge Analytica
4: WannaCry

Step 2: Fill in the following form for the network attack selected.

Name of attack: Wannacry

Type of attack: Ransomware

Dates of attacks: 14 de Mayo 2017

Computers / Organizations affected: Más de 100,000 computadoras, 74 paises afectados

How it works and what it did:

Fue un Ransomware que afecto a muchos ordenadores a nivel mundial, el mayor numero de
ataques fueron orientados a Rusia, pero Ucrania, la India y Taiwan tambien sufrieron muchos
daños, WannaCry se dividia en 2 partes, la primera era un exploit y la segunda es un cifrador
que se descarga en el ordenador despues de ser infectado, para iniciar el proceso de
infeccion el usuario debia cometer un error, tal como dar clic en un enlace sospechosos
permitiendo que word ejecute macros maliciosas o descargando algun archivo que este
comprometido, el ordenador era secuestrado y se pedian 600 dolares a los usuarios
afectados para desbloquear sus datos.

© 2021 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 4
Lab - Researching Network Attacks and Security Audit Tools

Mitigation options:
Se pudo solucionar encontrando el dominio al cual el virus se dirigia, de esa manera se logro detener
la infeccion y para proteger las demas computadoras se creo Kaspersky lab, actualizaciones de
sistemas operativos y luego varios antivirus fueron implementando a sus firmas de virus a WannaCry.

References and info links:

https://www.kaspersky.es/blog/wannacry-ransomware/10503/

Presentation support graphics (include PowerPoint filename or web links):

------

Part 2: Researching Network Security Audit Tools and Attack Tools

In Part 2 of this lab, research network security audit tools and attack tools. Investigate one that can be used to
identify host or network device vulnerabilities. Fill in the report below based on your findings.

Step 1: Research various network security audit tools and attack tools.
List some of the tools that you identified in your search.
1: Software antivirus.
2: Firewall perimetral de red.
3: Servidor proxy.
4: Cifrado de red de punto final.
5: Escaner de vulnerabilidades

Step 2: Fill in the following form for the network security audit tool/attack tool selected.

Name of tool: ESET NOD32 Antivirus

Developer: ESET

Type of tool (character-based or GUI): Antivirus

Used on (network device or computer host): Computer and network device

Cost: Gratis y 39.99, 59.99, 84.99 dolares

Description of key features and capabilities of product or tool:


Anti-Phishing
 Bloqueo de exploits
 Control de Medios Extraíbles
 UEFI Scanner
 Antivirus y Antispywarel

© 2021 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 4
Lab - Researching Network Attacks and Security Audit Tools

 Sistema de prevención de intrusiones

 Modo de Juego

References and info links:

https://esetcentroamerica.com/comprar/windows/index.html

Reflection
1. What is the impact of network attacks on the operation of an organization? What are some key steps
organizations can take to help protect their networks and resources?
Puede causar aparte de una perdida significativa de información, dinero y recursos, afecta de manera muy
directa la confiabilidad y las finanzas de una empresa, hoy en dia contar con un antivirus no es lo unico que
nos ayuda a blindar a las empresas de los latentes ataques ciberneticos. Existen una serie de tips o recursos
para proteger nuestra red e integridad empresarial.
 Establecer politicas de seguridad.
 Respaldar la informacion y como se puede recuperar.
 Cifrar las comunicaciones de la compañia.
 Utilizar antivirus tanto para pc como para moviles.
 Protéger todos los equipos conectados a la red.
 Adquirir medidas de seguridad como cambiar las contraseñas de la red de vez en cuando.

2. Have you actually worked for an organization or know of one where the network was compromised? If so,
what was the impact on the organization and what did it do about it?
Un ejemplo claro de una empresa que fue afectada en un ataque cibernetico es el caso de RENAULT, una
empresa de vehiculos franceses el cual fue usado como canal para alcanzar bancos rusos, este caso es el
primero en el cual se usa una empresa de automoviles para infectar la red, fue afectada ya que como
medidad para evitar la propagacion del virus, tuvieron que cerrar operaciones en algunas plantas, tales es el
caso de Normandia, Revoz, Eslovenia, eso causo una perdida economico grande a la empresa francesa, el
virus era un ransomware. Su destino eran bancos rusos.
3. What steps can you take to protect your own PC or laptop computer?
 Instalar un antivirus.
 Mantener actualizado el paquete de firmas del software.
 Poner atencion a fuentes de datos desconocidos.
 Mantener precaucion con archivos desconocidos de internet.
 Copias de seguridad de manera periodica.
 Activar la seguridad del navegador.
 Habilitar contraseñas seguras.
 Habilitar listas de control de acceso.

© 2021 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 4