📘 CCNA 200-301 v1.1
5.1 Define key security concepts (threats, vulnerabilities, exploits, and mitigation
techniques)
In networking and IT, security is about protecting devices, data, and networks from bad things that can happen. To understand security, we need to know four main ideas: threats, vulnerabilities, exploits, and mitigation techniques.
1. Threats
- Definition: A threat is anything that can cause harm to your network, devices, or data.
- In IT: Threats can be software, hardware, or people that try to damage or access your network without permission.
- Examples of threats in IT:
- Malware: Software designed to damage or steal data (e.g., viruses, ransomware).
- Hackers: People who try to break into systems to steal or destroy information.
- Phishing attacks: Emails or messages tricking users to give passwords or sensitive information.
- Denial of Service (DoS) attacks: Overloading a server so it stops working.
Key point: Threats are potential dangers—they exist whether or not your system is weak.
2. Vulnerabilities
- Definition: A vulnerability is a weak spot in your network, device, or system that can be exploited by a threat.
- In IT: It’s like a flaw or misconfiguration that makes a network or device easy to attack.
- Examples of vulnerabilities:
- Default passwords on routers or switches.
- Outdated software with known bugs.
- Open ports on a firewall that shouldn’t be open.
- Misconfigured access control lists (ACLs) that allow unauthorized access.
Key point: Vulnerabilities are weaknesses. Without them, many threats cannot succeed.
3. Exploits
- Definition: An exploit is a method or tool used by attackers to take advantage of a vulnerability.
- In IT: It’s the action that turns a vulnerability into a real problem.
- Examples of exploits:
- Malware that targets a specific software bug to gain access to a system.
- SQL injection attacks that take advantage of poorly coded websites.
- Brute force attacks on weak passwords.
Key point: Exploits are the “how” attackers use vulnerabilities to cause damage.
4. Mitigation Techniques
- Definition: Mitigation techniques are steps you take to reduce or stop threats, vulnerabilities, and exploits.
- In IT: These are methods to protect networks and devices from attacks.
- Examples of mitigation techniques:
- Firewalls: Block unauthorized traffic from entering the network.
- Antivirus/Antimalware software: Detect and remove harmful programs.
- Strong passwords and authentication: Use complex passwords and multi-factor authentication.
- Software updates and patches: Fix vulnerabilities in operating systems or applications.
- Network segmentation: Separate parts of the network so attacks don’t spread easily.
- Access control lists (ACLs): Only allow the right users to access network resources.
- Encryption: Protect data from being read by attackers.
Key point: Mitigation is about prevention, detection, and response to reduce risks.
Putting it all together (IT perspective)
Think of a network as a set of devices, servers, and users:
- Threat: A hacker wants to steal data from your server.
- Vulnerability: Your server is running outdated software.
- Exploit: Hacker uses malware that targets that outdated software.
- Mitigation: You update your software, use a firewall, and enable antivirus to stop the attack.
✅ Summary Table
| Concept | What it is | IT Example |
|---|---|---|
| Threat | Something that can cause harm | Virus, hacker, phishing |
| Vulnerability | Weakness that can be attacked | Default passwords, outdated software |
| Exploit | Method to take advantage of weakness | Malware, SQL injection |
| Mitigation | Protection methods | Firewalls, updates, ACLs, antivirus |
