13 - Security Services Flashcards
What is a Whaling attack?
A Phishing attack targeting high-profile individuals
What is a Pharming attack?
An attack that involves compromising the services that direct users towards a well-known or trusted website e.g. DNS service
What is a Watering hole attack?
An attacker determines which users frequently visit a site, then compromises a site and deposits malware there, only targeting those specific users
What is a AAA server?
Authentication
Authorization
Accounting
Provide a centralized and standardized location for these functions for switches and routers
What is Cisco ISE?
Identity Services Engine
Platform that Cisco implements its AAA services in
What is TACAS+?
Cisco proprietary protocol that separates each of the AAA functions
What port does TACAS+ communicate over?
Encrypted over TCP port 49
What is RADIUS?
Standards based protocols that combines Authentication and Authorization into a single resource
What port does RADIUS communicate over?
UDP ports 1812 and 1813(accounting)
Not completely encrypted
What is a NAD?
Network Access Device
What device usually is considered a NAD/NAS?
A Switch
What is a switch usually referred to in the AAA client role?
A NAD
What 3 basic elements should an effective security program have?
- User awareness
- User training
- Physical access control
What is the issue with some older style IOS passwords?
They create a security exposure because the passwords existed in the configuration file as clear text
What is the command to encrypt passwords normally stored as clear text?
Global command:
service password-encryption
What does IOS add in front of passwords in the config file to signify they are encrypted?
7
True/False: The no service password-encryption command immediately decrypt stored passwords that are encrypted
False
True/False: The password encryption service on IOS is not strong
True
Why is the enable secret command the preferred way for storing passwords?
It stores them as a hash rather than weak encryption
How can you use a different algorithm type for the enable secret command?
enable algorithm-type {sha256 | scrypt } secret test123
True/False: You can configure both username test password test and username test secret test commands at the same time just like enable secret and enable password
False
What sub-command do you use on a vty line to enable an ACL on it?
access-class 3 in
What is the Cisco ASA?
Adaptive Security Appliance (Firewall)
What are firewall security zones used for?
Defining which hosts can initiate new connections from one zone to another
What type of IPS mostly applies logic based on signatures?
Traditional IPS
What do next generation firewalls do differently?
Look at the application layer data to identify the application instead of relying on port numbers. Essentially deep packet inspection
What is AVC?
Application Visibility and Control (Deep packet inspection)
What are 3 key problems with traditional IPS systems?
- IPS compares whole signature database to all messages
- Generates too many events
- Staff must figure out which events are useful
How does a NGIPS improve on IPS?
Examines the context by gathering data from all hosts and their users in order to make more intelligent choices
