Chapter 1. Security Threats

With the increase of hacking attacks, worms, viruses, and other networking threats, security is a major problem in today's networks. 10 to 15 years ago, security was a simple problem requiring simple solutions; in those days, the Internet was small and had only a small number of universities and government agencies connected to it. Aging passwords were used to protect accounts, and simple packet-filtering firewalls were used to restrict traffic flows. However, today is a different world from more than a decade ago. With the explosion of the Internet, the proliferation of software applications, and the ingenuity of hackers, security has become a complex problem that requires a well-thought-out security solution to deal with it. The security solution must be capable of dealing with the security threats that your network will face, but it also must allow your company to reach its business goals and must be flexible enough to adapt to network topology and technology changes.

This chapter contains a brief overview of the kinds of threats that you will face in securing your network, as well as some generic solutions that you can use to deal with these threats. Understanding these topics will greatly help you choose and implement the correct Cisco security feature on your router. The main purpose of this book is to explain how to use a Cisco perimeter router as a complete firewall solution or as a component of a firewall solution. The end of the chapter explains the Cisco Security Model, which is used to implement security solutions.


Most hackers are intimate with UNIX operating systems; thus, most hacking, as well as security tools, is done in UNIX. Many tools are available for Windows platforms, but most of these are expensive commercial products. Therefore, if you are interested in becoming a security specialist, I highly recommend that you become familiar with the UNIX operating system, network administration with UNIX, and how to use many of the different security tools in a UNIX environment. At a minimum, most security job positions require this level of expertise. One of my favorite UNIX system administration books is Unix Systems Administration Handbook (3rd Edition), by Evi Nemeth, Garth Snyder, Scott Seebass, and Trent T. Hein (Prentice Hall PTR, August 2000). I used the first edition of this book to help me with my UNIX skills more than a decade ago; it is simple to read and easy to understand.