Đang tải... (xem toàn văn)
Table of Contents 1 Chapter 1 Modern network Security Threats 4 1.1 Section 1.0 Introduction 4 1.1.1 Topic 1.0.1 Introduction 4 1.1.1.1 Page 1.0.1.1 Introduction 4 1.2 Section 1.1 Fundamental Principles of a Secure Network 5 1.2.1 Topic 1.1.1 Evolution of Network Security 5 1.2.1.1 Page 1.1.1.1 Code Red Worm Attack 5 1.2.1.2 Page 1.1.1.2 Evolution of Security Threats 6 1.2.1.3 Page 1.1.1.3 Evolution of Network Security Tools 7 1.2.1.4 Page 1.1.1.4 Threats to Networks 8 1.2.1.5 Page 1.1.1.5 Encryption and Cryptography 9 1.2.2 Topic 1.1.2 Drivers for Network Security 10 1.2.2.1 Page 1.1.2.1 The Hacker 10 1.2.2.2 Page 1.1.2.2 Evolution of Hacking 11 1.2.2.3 Page 1.1.2.3 First Network Attacks 12 1.2.2.4 Page 1.1.2.4 Network Security Professionals 15 1.2.3 Topic 1.1.3 Network Security Organizations 16 1.2.3.1 Page 1.1.3.1 Network Security Organizations 16 1.2.3.2 Page 1.1.3.2 SANS Institute 17 1.2.3.3 Page 1.1.3.3 CERT 18 1.2.3.4 Page 1.1.3.4 (ISC)2 19 1.2.3.4.1 Security certifications offered by (ISC)2 19 1.2.3.5 Page 1.1.3.5 RSS 21 1.2.4 Topic 1.1.4 Domains of Network Security 22 1.2.4.1 Page 1.1.4.1 Network Security Domains 22 1.2.4.2 Page 1.1.4.2 Security Policy 24 1.2.5 Topic 1.1.5 Network Security Policies 25 1.2.5.1 Page 1.1.5.1Network Security Policy 25 1.2.5.2 Page 1.1.5.2 Cisco SecureX Architecture 26 1.2.5.3 Page 1.1.5.3 Cisco SecureX Product Categories 27 1.2.5.4 Page 1.1.5.4 Network Security Policy Objectives 28 1.3 Section 1.2 Viruses, Worms, and Trojan horses 29 1.3.1 Topic 1.2.1 Viruses 29 1.3.1.1 Page 1.2.1.1 Primary Vulnerabilities for End User Devices 29 1.3.1.2 Page 1.2.1.2 Comparison of a Human Virus and a Computer Virus 30 1.3.2 Topic 1.2.2 Worms 31 1.3.2.1 Page 1.2.2.1 Worms 31 1.3.2.2 Page 1.2.2.2 Worm Components 32 1.3.2.3 Page 1.2.2.3 Worm and Virus Exploit Comparison 33 1.3.3 Topic 1.2.3 Trojan horses 34 1.3.3.1 Page 1.2.3.1 Trojan horse Concept 34 1.3.3.2 Page 1.2.3.2 Trojan horse Classifications 35 1.3.4 Topic 1.2.4 Mitigating Viruses, Worms, and Trojan horses 36 1.3.4.1 Page 1.2.4.1 Buffer Overflows 36 1.3.4.2 Page 1.2.4. 2 Antivirus Software 37 1.3.4.3 Page 1.2.4.3 Worm Mitigation 38 1.3.4.4 Page 1.2.4.4 SQL Slammer Worm 39 1.4 Section 1.3 Attack Methodologies 40 1.4.1 Topic 1.3.1 Reconnaissance Attacks 40 1.4.1.1 Page 1.3.1.1 Types of Attacks 40 1.4.1.1.1 Reconnaissance Attacks 40 1.4.1.1.2 Access Attacks 40 1.4.1.1.3 DoS Attacks 40 1.4.1.2 Page 1.3.1.2 Types of Reconnaissance Attacks 41 1.4.1.3 Page 1.3.1.3 Packet Sniffer 42 1.4.1.4 Page 1.3.1.4 Ping Sweeps and Port Scans 43 1.4.1.4.1 Internet information query 43 1.4.1.4.2 Ping sweeps 43 1.4.1.4.3 Port scanning 44 1.4.1.5 Page 1.3.1.5 Mitigating Reconnaissance Attacks 45 1.4.2 Topic 1.3.2 Access Attacks 46 1.4.2.1 Page 1.3.2.1 Access Attacks 46 1.4.2.2 Page 1.3.2.2 Types of Access Attacks 47 1.4.2.2.1 Password attack 47 1.4.2.2.2 Trust exploitation 47 1.4.2.2.3 Port redirection 48 1.4.2.2.4 Maninthemiddle attack 48 1.4.2.2.5 Buffer overflow 49 1.4.2.3 Page 1.3.2. 3 Mitigating Access Attacks 50 1.4.3 Topic 1.3.3 Denial of Service Attacks 51 1.4.3.1 Page 1.3.3.1 DoS Attacks 51 1.4.3.2 Page 1.3.3.2 DoS and DDoS 52 1.4.3.3 Page 1.3.3.3 Types of DoS Attacks 54 1.4.3.3.1 Ping of Death 54 1.4.3.3.2 Smurf Attack 54 1.4.3.3.3 TCP SYN Flood Attack 55 1.4.3.4 Page 1.3.3. 4 DoS Attack Symptoms 56 1.4.4 Topic 1.3.4 Mitigating Network Attacks 57 1.4.4.1 Page 1.3.4.1 Mitigating Network Attacks 57 1.4.4.2 Page 1.3.4.2 Mitigating Reconnaissance Attacks 58 1.4.4.3 Page 1.3.4.3 Mitigating Access Attacks 59 1.4.4.4 Page 1.3.4. 4 Mitigating DoS Attacks 60 1.4.4.5 Page 1.3.4.5 Defending the Network 61 1.5 Section 1.4 Cisco Network Foundation Protection Framework 62 1.5.1 Topic 1.4.1 NFP 62 1.5.1.1 Page 1.4.1.1 NFP Framework 62 1.5.1.2 Page 1.4.1.2 Control Plane 63 1.5.1.3 Page 1.4.1.3 Management Plane 64 1.5.1.4 Page 1.4.1.4 Data Plane 65 1.6 Section 1.5 Chapter Summary 66 1.6.1 Topic 1.5.1 Chapter Summary 66 1.6.1.1 Page 1.5.1.1 Lab Researching Network Attacks and Security Audit Tools 66 1.6.1.2 Page 1.5.1.2 Chapter Summary 66 1.7 Reference 66
Table of Contents Page | 1 1 Chapter 1 Modern network Security Threats 1.1 Section 1.0 Introduction 1.1.1 Topic 1.0.1 Introduction 1.1.1.1 Page 1.0.1.1 Introduction • Upon completion of this chapter you will be able to: o Describe the evolution of network security. o Describe the various drivers for network security technologies and applications. o Describe the major organizations responsible for enhancing network security. o Describe a collection of domains for network security. o Describe network security policies. o Describe computer network viruses. o Describe computer network worms. o Describe computer network Trojan Horses. o Describe the techniques used to mitigate viruses, worms, and Trojan Horses. o Explain how reconnaissance attacks are launched. o Explain how access attacks are launched. o Explain how Denial of Service (DoS) attacks are launched. o Describe the techniques used to mitigate reconnaissance attacks, access attacks, and DoS attacks. o Explain how to secure the three functional areas of Cisco routers and switches. Network security is now an integral part of computer networking. Network security involves protocols, technologies, devices, tools, and techniques to secure data and mitigate threats. Network security solutions emerged in the 1960s, but did not mature into a comprehensive set of solutions for modern networks until the 2000s. Network security is largely driven by the effort to stay one step ahead of ill-intentioned hackers. Just as medical doctors attempt to prevent new illness while treating existing problems, network security professionals attempt to prevent potential attacks while minimizing the effects of real-time attacks. Business continuity is another major driver of network security. Network security organizations have been created to establish formal communities of network security professionals. These organizations set standards, encourage collaboration, and provide workforce development opportunities for network security professionals. Network security professionals should be aware of the resources provided by these organizations. The complexity of network security makes it difficult to master all it encompasses. Different organizations have created domains that subdivide the world of network security into more manageable pieces. This division allows professionals to focus on more precise areas of expertise in their training, research, and employment. Network security policies are created by companies and government organizations to provide a framework for employees to follow during their day-to-day work. Network security professionals at the management level are responsible for creating and maintaining the network security policy. All network security practices relate to and are guided by the network security policy. Just as network security is composed of domains of network security, network attacks are classified so that it is easier to learn about them and address them appropriately. Viruses, worms, and Trojan horses are specific types of network attacks. More generally, network attacks are classified as reconnaissance, access, or denial of service (DoS) attacks. Mitigating network attacks is the job of a network security professional. In this chapter, you will master the underlying theory of network security, which is essential before beginning an in-depth practice of network security. The methods of network attack mitigation are introduced here, and the implementation of these methods comprises the remainder of this course. Page | 2 1.2 Section 1.1 Fundamental Principles of a Secure Network 1.2.1 Topic 1.1.1 Evolution of Network Security 1.2.1.1 Page 1.1.1.1 Code Red Worm Attack In July 2001, the Code Red worm attacked web servers globally, infecting over 350,000 hosts, as shown in the figure. The worm not only disrupted access to the infected servers, but also affected the local networks hosting the servers, making them very slow or unusable. The Code Red worm caused a denial of service to millions of users. If the network security professionals responsible for these Code Red-infected servers had developed and implemented a security policy, security patches would have been applied in a timely manner. The Code Red worm would have been stopped and would only merit a footnote in network security history. Network security relates directly to an organization's business continuity. Network security breaches can disrupt e-commerce, cause the loss of business data, threaten people’s privacy, and compromise the integrity of information. These breaches can result in lost revenue for corporations, theft of intellectual property, and lawsuits, and can even threaten public safety. Maintaining a secure network ensures the safety of network users and protects commercial interests. To keep a network secure requires vigilance on the part of an organization’s network security professionals. Network security professionals must constantly be aware of new and evolving threats and attacks to networks, and vulnerabilities of devices and applications. This information is used to adapt, develop, and implement mitigation techniques. However, security of the network is ultimately the responsibility of everyone who uses it. For this reason, it is the job of the network security professional to ensure that all users receive security awareness training. Maintaining a secure, protected network provides a more stable, functional work environment for everyone. Page | 3 1.2.1.2 Page 1.1.1.2 Evolution of Security Threats “Necessity is the mother of invention.” This saying applies perfectly to network security. In the early days of the Internet, commercial interests were negligible. The vast majority of users were research and development experts. The Internet did not implement security measures, but early users rarely engaged in activities that would harm other users. Early on, networking involved connecting people and machines through communications media. The job of a networker was to connect devices to improve a user’s ability to communicate information and ideas. The early users of the Internet did not spend much time thinking about whether or not their online activities presented a threat to the network or to their own data. When the first viruses were unleashed and the first DoS attack occurred, the world began to change for networking professionals. To meet the needs of users, network professionals learned techniques to secure networks. The primary focus of many network professionals evolved from designing, building, and growing networks to securing existing networks. Today, the Internet is a very different network compared to its beginnings. More people are relying on the network for their personal, financial and business needs. This information must be protected. However, attack tools are much more sophisticated, and highly automated, requiring less technical knowledge to use them than in the past. Drag the red figure across the timeline to view the relationship between sophistication of attack tools versus the technical knowledge required to use them. The job of a network security professional includes ensuring that appropriate personnel are well-versed in network security tools, processes, techniques, protocols, and technologies. It is critical that network security professionals manage the constantly evolving threats to networks. Page | 4 1.2.1.3 Page 1.1.1.3 Evolution of Network Security Tools The evolution of network security tools. 2010 Cisco Security Intelligence Operations 2006 Cisco Zone-Based Policy Firewall 1999 First IPS 1998 Snort IDS 1997 RealSecure IDS 1995 NetRanger IDS 1994 Check Point Firewall 1991 DCE SEAL Application Layer Firewall 1989 AT&T Bell Labs Stateful Firewall 1988 DCE Packet Filter Firewall As network security became an integral part of everyday operations, devices dedicated to particular network security functions emerged. One of the first network security tools was the intrusion detection system (IDS), first developed by SRI International in 1984. An IDS provides real-time detection of certain types of attacks while they are in progress. This detection allows network security professionals to more quickly mitigate the negative impact of these attacks on network devices and users. In the late 1990s, the intrusion prevention system (IPS) began to replace the IDS solution. IPS devices enable the detection of malicious activity and have the ability to automatically block the attack in real- time. In addition to IDS and IPS solutions, firewalls were developed to prevent undesirable traffic from entering prescribed areas within a network, thereby providing perimeter security. In 1988, Digital Equipment Corporation (DEC) created the first network firewall in the form of a packet filter. These early firewalls inspected packets to see if they matched sets of predefined rules, with the option of forwarding or dropping the packets accordingly. Packet filtering firewalls inspect each packet in isolation without examining whether a packet is part of an existing connection. In 1989, AT&T Bell Laboratories developed the first stateful firewall. Like packet filtering firewalls, stateful firewalls use predefined rules for permitting or denying traffic. Unlike packet filtering firewalls, stateful firewalls keep track of established connections and determine if a packet belongs to an existing flow of data, providing greater security and more rapid processing. The original firewalls were software features added to existing networking devices, such as routers. Over time, several companies developed standalone, or dedicated firewalls that enable routers and switches to offload the memory and processor-intensive activity of filtering packets. Cisco’s Adaptive Security Appliance (ASA) is available as a standalone context-aware firewall. For organizations that do not require a dedicated firewall, modern routers, like the Cisco Integrated Services Router (ISR), can be used as sophisticated stateful firewalls. Traditional security relied on the layering of products and using multiple filters. However, as threats became more sophisticated, these filters were required to look deeper into network and application layer traffic. Security requirements included more dynamic updates of information and quicker response times to threats. For this reason, Cisco designed the Security Intelligence Operations (SIO). SIO is a cloud-based service that connects global threat information, reputation-based services, and sophisticated analysis to Cisco network security devices to provide stronger protection with faster response times. Page | 5 1.2.1.4 Page 1.1.1.4 Threats to Networks As shown in the figure, in addition to dealing with threats from outside of the network, network security professionals must also be prepared for threats from inside the network. Internal threats, whether intentional or accidental, can cause even greater damage than external threats because of direct access to, and knowledge of, the corporate network and data. Despite this fact, it has taken more than 20 years after the introduction of tools and techniques for mitigating external threats to develop tools and techniques for mitigating internal threats. A common scenario for a threat originating from inside the network is a disgruntled employee with some technical skills and a willingness to do harm. Most threats from within the network leverage the protocols and technologies used on the local area network (LAN) or the switched infrastructure. These internal threats fall into two categories: spoofing and DoS. Spoofing attacks are attacks in which one device attempts to pose as another by falsifying data. There are multiple types of spoofing attacks. For example, MAC address spoofing occurs when one computer accepts data packets based on the MAC address of another computer. DoS attacks make computer resources unavailable to intended users. Attackers use various methods to launch DoS attacks. As a network security professional, it is important to understand the methods designed specifically for targeting these types of threats and ensuring the security of the LAN. Page | 6 1.2.1.5 Page 1.1.1.5 Encryption and Cryptography In addition to preventing and denying malicious traffic, network security also requires that data stay protected. Cryptography, the study and practice of hiding information, is used pervasively in modern network security. Today, each type of network communication has a corresponding protocol or technology designed to hide that communication from anyone other than the intended user. Network data can be encrypted (made unreadable to unauthorized users) using various cryptography applications. The conversation between two IP phone users can be encrypted. The files on a computer can also be encrypted. These are just a few examples. Cryptography can be used almost anywhere that there is data communication. In fact, the trend is toward all communication being encrypted. Cryptography ensures data confidentiality, which is one of the three components of information security: confidentiality, integrity, and availability. Information security deals with protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. Encryption provides confidentiality by hiding plaintext data, as shown in Figure 1. Data integrity, meaning that the data is preserved unaltered during any operation, is achieved by the use of hashing mechanisms. Availability, which is data accessibility, is guaranteed by network hardening mechanisms and backup systems. Evolution of Data Protection Technologies. 2009 Group Encrypted Transport VPN (GET VPN) 2005 SSL VPN 2002 Dynamic Multipoint VPN 2001 Remote-Access IPsec VPN 2000 MPLS VPNs 1999 SSH 1996 Site-to-Site IPsec VPNs 1993 Cisco GRE Tunnels Page | 7 1.2.2 Topic 1.1.2 Drivers for Network Security 1.2.2.1 Page 1.1.2.1 The Hacker The word ‘hackers’ has a variety of meanings. For many, it means Internet programmers who try to gain unauthorized access to devices on the Internet. It is also used to refer to individuals who run programs to prevent or slow network access to a large number of users, or corrupt or wipe out data on servers. But for some, the term hacker has a positive interpretation as a network professional that uses sophisticated Internet programming skills to ensure that networks are not vulnerable to attack. Good or bad, hacking is a driving force in network security. From a business perspective, it is necessary to minimize the effects of hackers with bad intentions. Businesses lose productivity when the network is slow or unresponsive. Business profits are impacted by data loss and data corruption. The job of a network security professional is to stay one step ahead of the hackers by attending training and workshops, participating in security organizations, subscribing to real-time feeds regarding threats, and perusing security websites on a daily basis. The network security professional must also have access to state-of-the-art security tools, protocols, techniques, and technologies. Network security professionals should have many of the same traits as law enforcement professionals. They should always remain aware of malicious activities and have the skills and tools to minimize or eliminate the threats associated with those activities. Hacking has the unintended effect of creating a high demand for network security professionals. However, relative to other technology professions, network security has the steepest learning curve and requires a commitment to continuous professional development. Page | 8 1.2.2.2 Page 1.1.2.2 Evolution of Hacking Evolution of hacking timeline 1970 • Phone Freaks 1980 • Wardialing 1988 • First internet worm 1993 • First Def. Con Hacking Conference 1994 • First 5-year Federal Prison sentence for Hacking 1995 • Kevin Mitnick initially sentenced to 4 years in prison for hacking credit card accounts. • SATAN Released 1997 • First Malicious Scripts Released and Used by Less Educated Hackers (Script Kiddies). • Nmap Published 1998 • Wardriving 2002 • Melissa Virus Creator Gets 20 Months in Federal Prison 2006 • Vishing, Smishing 2009 • First malicious iPhone worm 2011 • Script kiddies hacked the NBC News Twitter account posting fake updates related to terrorist attacks. Hacking started in the 1960s with phone freaking, or phreaking, which refers to using various audio frequencies to manipulate phone systems. Phreaking began when AT&T introduced automatic switches to their phone systems. The AT&T phone switches used various tones, or tone dialing, to indicate different functions, such as call termination and call dialing. A few AT&T customers realized that by mimicking a tone using a whistle, they could exploit the phone switches to make free long-distance calls. As communication systems evolved, so did hacking methods, as shown in the figure. Wardriving became popular in the 1980s with the use of computer modems. Wardriving programs automatically scanned telephone numbers within a local area, dialing each one in search of computers, bulletin board systems, and fax machines. When a phone number was found, password-cracking programs were used to gain access. Wardriving began in the 1990s and is still popular today. Wardriving refers to users gaining unauthorized access to networks via wireless access points. This is accomplished using a wireless-enabled portable computer or PDA. Password-cracking programs are used to authenticate, if necessary, and there is even software to crack the encryption scheme required to associate to the access point. Other threats have evolved over time. These include network scanning tools such as Nmap, John the Ripper, Cain and Abel and SATAN, as well as remote system administration hacking tools such as Back Orifice. Network security professionals must be familiar with all of these tools. Page | 9 1.2.2.3 Page 1.1.2.3 First Network Attacks Transactions worth trillions of dollars are conducted over the Internet on a daily basis, and the livelihoods of millions of people depend on Internet commerce. For this reason, criminal laws are in place to protect individual and corporate assets. There are numerous cases of individuals who have had to face the court system due to these laws. First Virus Melissa Email Virus - March, 1999. Below is the actual email as distributed. From: ****** Subject: Important Message From ****** To: (50 names from alias list) Here is that document you asked for don’t show anyone else ;-) Attachment: LIST.DOC First Worm The Morris Internet Worm All the following events occurred on the evening of Nov. 2, 1988. 6:00 PM At about this time the Worm is launched. 8:49 PM The Worm infects a VAX 8600 at the University of Utah (cs.utah.edu). 9:09 PM – The Worm initiates the first of its attacks to infect other computers from the infected VAX. 9:21 PM The load average on the system reaches 5. (Load average is a measure of how hard the computer system is working. At 9:30 at night, the load average of the VAX was usually 1. Any load average higher than 5 cause’s delays in data processing.) 9:41 PM The load average reaches 7. 10:01 PM The load average reaches 16. 10:06 PM At this point there are so many worms infecting the system that no new processes can be started. No users can use the system anymore. 10:20 PM The system administrator kills off the worms. 10:41 PM The system is re-infected and the load average reaches 27. 10:49 PM The system administrator shuts down the system. The system is subsequently restarted. 11:21 PM Re-infestation causes the load average to reach 37. Page | 10 [...]... why it is so important for the security policy of an organization to require timely updates and patches for operating systems and applications • o o o o o o o o o o o o o o o o o o 1988 1999 May 20 00 July 20 01 January 20 03 August 20 03 August 20 03 November 20 03 January 20 04 April 20 04 August 20 05 January 20 06 January 20 07 20 07 June 20 08 July 20 09 June 20 11 September 20 12 Examples of other worms that... DECSYSTEM20 FAMILY; THE DECSYSTEM -20 20, 20 20T, 20 60, AND 20 60T THE DECSYSTEM -20 FAMILY OF COMPUTERS HAS EVOLVED FROM THE TENEX OPERATING SYSTEM AND THE DECSYSTEM-10 COMPUTER ARCHITECTURE BOTH THE DECSYSTEM -20 60T AND 20 20T OFFER FULL ARPANET SUPPORT UNDER THE TOPS -20 OPERATING SYSTEM THE DECSYSTEM -20 60 IS AN UPWARD EXTENSION OF THE CURRENT DECSYSTEM 20 40 AND 20 50 FAMILY THE DECSYSTEM -20 20 IS A... organization Page | 22 1 .2. 5 Topic 1.1.5 Network Security Policies 1 .2. 5.1 Page 1.1.5. 1Network Security Policy The network security policy is a broad, end-to-end document designed to be clearly applicable to an organization’s operations The policy is used to aid in network design, convey security principles, and facilitate network deployments The network security policy outlines rules for network access,... activity on the network to use for reprimanding or prosecuting violators As a network security professional, it is also important to maintain familiarity with network security organizations These organizations often have the latest information on threats and vulnerabilities Page | 13 1 .2. 3 Topic 1.1.3 Network Security Organizations 1 .2. 3.1 Page 1.1.3.1 Network Security Organizations Network security professionals... between organizations Page | 21 1 .2. 4 .2 Page 1.1.4 .2 Security Policy The 12 domains of network security provide a convenient separation for the elements of network security While it is not important to memorize these 12 domains, it is important to be aware of their existence and formal declaration by the ISO They will serve as a useful reference in your work as a network security professional One of... in which they thrive Page | 12 1 .2. 2.4 Page 1.1 .2. 4 Network Security Professionals As a result of hacker exploits, the sophistication of hacker tools, and government legislation, network security solutions developed rapidly in the 1990s By the late 1990s, many sophisticated network security solutions had been developed for organizations to strategically deploy within their networks With these solutions... information regarding security advisories, email scams, backup vulnerabilities, malware spreading via social network sites, and other potential threats Note: The Chrome browser does not support RSS feeds by default An RSS extension must be used to view RSS feeds Page | 19 1 .2. 4 Topic 1.1.4 Domains of Network Security 1 .2. 4.1 Page 1.1.4.1 Network Security Domains It is vital for a network security professional... vital for a network security professional to understand the drivers for network security, be familiar with the organizations dedicated to network security, and have an understanding of the various network security domains Domains provide an organized framework to facilitate learning about network security There are 12 network security domains specified by the International Organization for Standardization... viruses are spread by USB memory sticks, CDs, DVDs, network shares, or email Email viruses are now the most common type of virus Page | 28 1.3 .2 Topic 1 .2. 2 Worms 1.3 .2. 1 Page 1 .2. 2.1 Worms Worms are a particularly dangerous type of hostile code They replicate themselves by independently exploiting vulnerabilities in networks Worms usually slow down networks Whereas a virus requires a host program to... Information Security and Risk Management • Legal, Regulations, Compliance and Investigations • Operations Security • Physical (Environmental) Security • Security Architecture and Design • Telecommunications and Network Security Page | 18 1 .2. 3.5 Page 1.1.3.5 RSS US-CERT RSS Feed In addition to the websites of the various security organizations, one of the most useful tools for the network security professional . | 19 1 .2. 4 Topic 1.1.4 Domains of Network Security 1 .2. 4.1 Page 1.1.4.1 Network Security Domains It is vital for a network security professional to understand the drivers for network security, . critical that network security professionals manage the constantly evolving threats to networks. Page | 4 1 .2. 1.3 Page 1.1.1.3 Evolution of Network Security Tools The evolution of network security. Remote-Access IPsec VPN 20 00 MPLS VPNs 1999 SSH 1996 Site-to-Site IPsec VPNs 1993 Cisco GRE Tunnels Page | 7 1 .2. 2 Topic 1.1 .2 Drivers for Network Security 1 .2. 2.1 Page 1.1 .2. 1 The Hacker The word