12 - Network Security Basics Flashcards
What are the three general goals of adversaries?
access to information
modification of information
denial of access to information
What is an adversary?
An entity that poses a threat to the operation of a network device
What is a passive attack?
do not modify data and typically involve the monitoring of data flows between systems
ie packet sniffing
What is an active attack?
typically modify or disrupt the flow of data
ie denial of service attack
What is a close-in attack?
those that rely on the close physical proximity of the attacker to the target system
ie an attacker watching a user type in a password
What is an insider attack?
involves a user that normally has some form of access to the target system
ie employee transferring confidential data
What is a distribution attack?
occurs when a malicious user modifies hardware or software prior to installation
ie a software backdoor created by the vendor
What are the four types of physical threats to a network?
electrical
hardware
environmental
administrative
What are the two most threatening types of environmental threats?
temperature
humidity
What are some tools used in a reconnaissance attack?
ping sweeps
packet sniffing
port scans
What is promiscuous mode?
it will no longer ignore data that is no specifically addressed to the device
What is an access attack?
used to gain unauthorized access to network systems
What are some tools used to protect assets in a network?
antivirus software
antispyware software
ids and ips
firewalls
What banner is always displayed prior to login?
the login banner
What banner is displayed prior to login for telnet but not ssh?
the MOTD or message of the day banner
What banner is displayed prior to the login banner?
MOTD banner
What banner is displayed once the user successfully authenticates?
exec banner
What are the three types of warning banners?
login banner
exec banner
motd banner
What is the command for banner logins?
banner motd
banner login
banner exec
What is the command for reverse telnet sessions?
banner incoming
What command is needed for the password command to work on vty, aux, or console sessions?
login
What command is needed to encrypt passwords on a cisco device?
service password-encryption
What command is needed for the password command to work on vty, aux, or console sessions?
login local
What are the three phases of AAA?
Authentication-verifying a users identity
authorization-verifying the level of access for a user
accounting-process of recording the use of resources
What AAA standard is cisco proprietary?
Tacacs+
What organization standardizes Radius?
IETF or internet engineering task force
What AAA standard combines authentication and authorization?
Radius
What AAA standard encrypts the entire contents of the packet?
tacacs+
What AAA standard only encrypts the password in a packet?
Radius
What port/ports is used in Radius AAA?
udp 1812 for authentication
udp 1813 for accounting
What port/ports is used in Tacacs+ AAA?
tcp 49 for all three
How do you configure AAA?
aaa new-model
username backup secret B0s0n
What happens automatically when the aaa new-model command is issued?
local authentication is automatically applied to all interfaces and vty lines but not the console line
What does enable password 0 mean?
the 0 indicates the password is unencrypted
What does enable password 7 mean?
the 7 indicates the password is encrypted with ciscos original password algorithm
What does enable secret 5 mean?
the 5 indicates the password is and md5 hash
What is a logging severity of 0?
emergencies
What is a logging severity of 1?
alerts
What is a logging severity of 2?
critical
What is a logging severity of 3?
errors
What is a logging severity of 4?
warnings
What is a logging severity of 5?
notifications
What is a logging severity of 6?
informational
What is a logging severity of 7?
debugging
What is the default logging severity for console, monitor, and buffer?
all severities or debugging
What command is used to send log messages to the vty lines?
logging monitor
Where does logging buffered send log messages?
to the local device in memory, cleared out on reboots
What command can you use to verify logging?
sh logging
What command/commands are used to configure logging to a server?
logging host 10.10.10.10
logging trap 5
What are best practices for unused switchports?
to shut them off
How do you disable dynamic trunking protocol?
manually configuring an access or trunk port
switchport nonegotiate
What does the switchport port-security mac-address sticky command do?
the switch will automatically create static mac address entries for that port, they will be lost on a reboot unless the writ mem command is issued
What is the default port-security violation?
shutdown
What does the port-security violation of protect do?
the switch will discard the traffic
What does the port-security violation of restrict do?
discard the traffic, log the attempt, increment the security violation counter, and send and snmp trap message
What does the port-security violation of shutdown do?
discard the traffic, log the attempt, increment the security violation counter, and place the port in err-disabled
What command is used to verify port security on an interface?
sh port-security int fa0/1
What command is used to verify that an NTP client is successfully authenticated?
sh ntp assoiations detail
What is the default severity level for monitoring to a syslog server?
informational or 6
What is the default date/time stamp for log messages?
uptime since routers last reboot