1.6 Flashcards
What is the difference between a vulnerability and an exploit?
A vulnerability is a weakness in a system.
An exploit is an attack that takes advantage of that vulnerability.
What is an out-of-band update?
An update released outside of the normal schedule, usually in emergency to address a zero-day exploit or important security discovery.
What is file hashing?
A hash is a unique, short string of text that’s created by running an algorithm against a data source.
- The string is called a “message digest.”
- It allows you to verify the integrity of a downloaded file, because you can compare the downloaded file hash against the posted hash value.
What is FIM?
File Integrity Monitoring
Monitors important OS and application files that should generally never change, and identifies when changes occur.
It can monitor constantly, or on demand.
What are some examples of FIM?
- Windows: SFC (System File Checker
- Linux: Tripwire
- Many host-based IPS options that can monitor any system
What is the difference between a vulnerability scan and a penetration test?
Unlike a vulnerability scan, a penetration test will actually attempt to exploit the vulnerabilities it finds.
What is Flood Guard, and how does it operate?
Also known as Port Security.
A method for preventing unauthorized connections to a switch interface, based on the source MAC address (even if it is forwarded from elsewhere).
- Configure the max number of MAC addresses allowed on an interface (Might just be a single MAC, and/or you might configure an allow list of specific MACs).
- The switch monitors the number of unique MACs
- Once the max is exceeded, port security activates. The default is usually to disable the interface.
What is DHCP Snooping?
Can be enabled on switches to help prevent rogue DHCP servers.
You configure certain interfaces on the switch as trusted, where you know your DHCP server connects. You would then configure the other interfaces as untrusted.
The switch then watches for DHCP conversations, and adds a list of trusted and untrusted devices to a table.
If the switch sees static IP addresses, rogue DHCP server responses, or other invalid traffic patterns, it can filter that traffic out.
What is BPDU?
Bridge Data Protocol Unit
The Spanning Tree control procotol.
STP uses BPDU to communicate between all the different switches on the network.
What is BPDU Guard?
When connecting a device to a network, STP convergence can take 20-30 before the new device is able to communicate.
When BPDU Guard is enabled on a particular switch interface, it will bypass the STP configuration phase so devices can connect and communicate immediately on that interface.
It works because non-switch devices should never send BPDU frames. If the switch detects BPDU frames from that interface, it will disable the interface to prevent a potential loop.
