13 - Security Services Flashcards
What is a Whaling attack?
A Phishing attack targeting high-profile individuals
What is a Pharming attack?
Pharming is a form of cyberattack that sends you to a fake website that looks like the real thing. The user will type in a legitimate web address and is redirected to a fake website that resembles the real website.
Once on the fake site hackers will either attempt to gain access to personal/financial information, or they will use the fake site to infect your computer with viruses, malware, or other malicious software.
Sometimes this is done by having you attempt to login or input information. Therefore, be very cautious of where you are entering personal information and make sure that you aren’t being deceived.
What is a Watering hole attack?
A watering hole attack is a form of cyberattack that targets groups of users by infecting websites that they commonly visit. This watering hole definition takes its name from animal predators that lurk by watering holes waiting for an opportunity to attack prey when their guard is down. Likewise, watering hole attackers lurk on niche websites waiting for a chance to infect websites, and in turn, infect their victims with malware.
A watering hole attack differs from phishing and spear-phishing attacks, which typically attempt to steal data or install malware onto users’ devices but are often equally targeted, effective, and challenging to prevent. Instead, a watering hole attack aims to infect users’ computers then gain access to a connected corporate network. Cyber criminals use this attack vector to steal personal information, banking details, and intellectual property, as well as gain unauthorized access to sensitive corporate systems.
Watering hole attacks are relatively rare, but they continue to have a high success rate. That is because they target legitimate websites that cannot be blacklisted, and cyber criminals deploy zero-day exploits that antivirus detectors and scanners will not pick up. Therefore, watering hole attacks are a significant threat to organizations and users that do not follow security best practices.
What is a AAA server?
An AAA server is a server program that handles user requests for access to computer resources and, for an enterprise, provides authentication, authorization, and accounting (AAA) services.
Authentication is the process of identifying an individual, usually based on a username and password. Authentication is based on the idea that each individual user will have unique information that sets him or her apart from other users.
Authorization is the process of granting or denying a user access to network resources once the user has been authenticated through the username and password. The amount of information and the amount of services the user has access to depend on the user’s authorization level.
Accounting is the process of keeping track of a user’s activity while accessing the network resources, including the amount of time spent in the network, the services accessed while there and the amount of data transferred during the session. Accounting data is used for trend analysis, capacity planning, billing, auditing and cost allocation.
What is Cisco ISE?
Identity Services Engine
Platform that Cisco implements its AAA services in
What is TACAS+?
TACACS+ (Terminal Access Controller Access-Control System) is a AAA protocol that is developed by Cisco. After a while TACACS+ has became a standard protocol that is supported by all vendors. There is also another standard protocol called RADIUS. If you would like to learn more on RADIUS, you can check RADIUS Protocol lesson. You can also reach related rfc, here.
The main duty of TACACS+ is providing device administration. It can also used for netwok access. With this AAA Protocol, network administrators are authenticated to log in the network devices like router, switches, firewalls, etc. in the network.
AAA Protocols can encrypt the full packet or only the passwords. Here,TACACS+ provides a full packet encryption. It encrypts the whole packet. But RADIUS do not encrypt the full packet. It encrypts only passwords, not the full packets. This makes Terminal Access Controller Access-Control System more secure AAA Protocol than RADIUS Protocol.
TACACS+ is also a Client/Server protocol. For different duties (Authenticaiton , Authorization, Accounting), different messages are used between Server and Client. One side is the Client side and the other is the Server side. The messaging between these two end build the session.
TACACS+ uses TCP (Transmission Control Protocol) as a Trasnport Protocol. The TCP Port that is used for this protocol is 49.
What port does TACAS+ communicate over?
Encrypted over TCP port 49
What is RADIUS?
Remote Authentication Dial-In User Service, or RADIUS, is a client-server protocol that secures the connection between users and clients and ensures that only approved users can access the network. It is a networking protocol that offers users a centralized means of authentication and authorization.
Standards based protocols that combines Authentication and Authorization into a single resource
What port does RADIUS communicate over?
UDP ports 1812 and 1813(accounting)
Not completely encrypted
What is a NAD?
Network Access Device
What device usually is considered a NAD/NAS?
A Switch
What is a switch usually referred to in the AAA client role?
A NAD
What 3 basic elements should an effective security program have?
- User awareness
- User training
- Physical access control
What is the issue with some older style IOS passwords?
They create a security exposure because the passwords existed in the configuration file as clear text
What is the command to encrypt passwords normally stored as clear text?
Global command:
service password-encryption
