Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Net+ 008 > 4.3 Given a scenario, apply network hardening techniques. > Flashcards

4.3 Given a scenario, apply network hardening techniques. Flashcards

1
Q
  • Secure SNMP
A

Secure SNMP, often referred to as SNMPv3, is an enhanced version of the Simple Network Management Protocol (SNMP) that incorporates security features not present in its predecessors, SNMPv1 and SNMPv2c. The primary enhancements include the addition of user authentication, data encryption, and access control, making it more suitable for managing network devices in secure environments. SNMPv3 uses various security models, such as the User-based Security Model (USM), which allows for the specification of user credentials and permissions.

For the exam, you should know that secure SNMP is essential for protecting sensitive data transmitted between network management systems and devices. Key features of SNMPv3 include support for authentication using protocols like HMAC, encryption through protocols such as AES, and the ability to define access controls based on user roles. Understanding the importance of securing SNMP communications helps in designing more resilient network management systems and protecting against unauthorized access and data breaches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  • Router Advertisement (RA) Guard
A

Router Advertisement (RA) Guard is a security feature used in networking to protect against rogue Router Advertisements in an IPv6 network. RA Guard functions by filtering and blocking unauthorized Router Advertisement messages that could be sent by malicious devices or misconfigured hosts. This is critical in preventing attacks such as Man-in-the-Middle (MitM) or Denial of Service (DoS), which can occur if a rogue router claims to be the default gateway, redirecting traffic through itself.

For the exam, it’s important to understand that RA Guard operates at the switch level, ensuring that only legitimate routers can send Router Advertisements on a given VLAN or port. Configuration typically involves specifying which ports or VLANs are trusted to send RA messages, while others are set to block them. Knowing about RA Guard helps in enhancing network security and maintaining the integrity of IPv6 routing information, thereby ensuring that devices receive accurate network configuration details.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  • Port security
A

Port security is a network security feature found on switches that controls access to the switch ports based on MAC addresses. By enabling port security, network administrators can restrict which devices can connect to a switch port, helping to prevent unauthorized access and mitigate security risks such as MAC flooding and spoofing attacks.

For the exam, it’s crucial to know that port security can be configured to allow a specific number of MAC addresses on a port, and if the limit is exceeded, the switch can take actions such as disabling the port, sending alerts, or dropping packets from unknown devices. Understanding the methods of configuring port security, including static MAC address assignments, dynamic learning of MAC addresses, and the violation modes (protect, restrict, or shutdown), is essential for effective network security management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  • Dynamic ARP inspection
A

Dynamic ARP Inspection (DAI) is a security feature used in switched networks to prevent ARP spoofing attacks. By ensuring that only valid ARP requests and responses are relayed, DAI helps to maintain the integrity of the ARP protocol, which is essential for IP address resolution on a local network.

For the exam, it’s important to know that DAI works by intercepting and validating ARP packets before they reach the destination. It checks incoming ARP packets against a trusted database, which typically includes entries from DHCP snooping or statically configured IP-to-MAC address bindings. If an ARP packet does not match an entry in the trusted database, it can be dropped or logged as a potential security threat. Understanding how to configure DAI, including specifying trusted ports and the importance of maintaining an accurate ARP table, is key to protecting network resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  • Control plane policing
A

Control Plane Policing (CoPP) is a network security feature that helps manage and secure the control plane of a network device, such as a router or switch. The control plane is responsible for processing protocols that govern network operations, including routing protocols, management traffic, and other critical functions. CoPP ensures that the control plane remains functional and is not overwhelmed by malicious traffic or excessive legitimate requests.

For the exam, it’s essential to know that CoPP works by applying policies to traffic destined for the control plane. By defining specific rules and thresholds for different types of traffic, network administrators can prioritize important control plane traffic while limiting the impact of unwanted or harmful traffic. This helps maintain network stability and performance, especially during high-traffic situations or attacks. Understanding how to configure CoPP and the types of traffic it can protect is crucial for securing network devices effectively.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  • Private VLANs
A

Private VLANs (PVLANs) are a network segmentation technology that enhances security within a single VLAN by isolating devices from each other while still allowing them to communicate with a shared gateway or router. PVLANs allow multiple virtual networks to exist within a single VLAN, creating sub-VLANs that can restrict communication between devices based on their assigned roles. This is particularly useful in environments such as data centers or service provider networks where multiple customers or tenants share the same physical infrastructure.

For the exam, it’s important to understand the different types of PVLANs: primary VLAN, which is the main VLAN containing all ports; isolated VLAN, where ports cannot communicate with each other but can communicate with the primary VLAN; and community VLAN, where ports within the same community can communicate with each other while remaining isolated from other communities. Knowing how to configure and implement PVLANs can help enhance security and traffic management in a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  • Disable unneeded network services
A

Disabling unneeded network services is a security measure aimed at reducing vulnerabilities within a network by turning off services that are not essential for operation. Network services, such as FTP, Telnet, and others, can create potential entry points for attackers. By disabling these services, you limit the opportunities for exploitation, thereby enhancing the overall security posture of the network.

For the exam, it’s important to understand the implications of enabling or disabling network services. Familiarize yourself with common services that may be unnecessary in certain environments and the potential risks they pose if left enabled. Additionally, know how to disable these services through the operating system or network device configurations. Recognizing the importance of this practice in maintaining a secure network environment is essential for your understanding of network security fundamentals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  • Disable unneeded switchports
A

Disabling unneeded switchports is a security practice that involves turning off unused ports on a network switch to prevent unauthorized access and mitigate potential security risks. By disabling these ports, you reduce the attack surface of your network, making it more difficult for intruders to connect devices that could compromise network integrity. This practice is particularly important in environments where physical access to network equipment is possible, as it helps to ensure that only authorized devices can connect.

For the exam, you should know that disabling unused switchports is a part of network hardening and security best practices. Be familiar with how to identify and disable these ports through switch management interfaces or command-line interfaces (CLI). Understanding the importance of this practice in preventing attacks such as unauthorized access or network device compromise is also crucial.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  • Change default passwords
A

Changing default passwords is a critical security practice that involves replacing factory-set passwords on devices, applications, and accounts with unique, strong passwords. Default passwords are often widely known or easily guessable, making systems vulnerable to unauthorized access. By changing these passwords, you significantly reduce the risk of breaches and unauthorized control over the devices or accounts.

For your exam, it’s important to understand that this practice should be part of the initial configuration of any new device or software. Familiarize yourself with the concept of password complexity, which includes using a mix of upper and lower case letters, numbers, and special characters. Additionally, be aware of the best practices for creating strong passwords and the potential consequences of failing to change default passwords, such as security breaches or data loss. Recognizing the role this practice plays in the broader context of network security will be essential for your exam.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  • Password complexity/length
A

Password complexity refers to the requirements set for creating secure passwords, ensuring they are difficult to guess or crack. A complex password typically includes a combination of upper and lower case letters, numbers, and special characters. Password length is also a critical factor; longer passwords are generally more secure as they increase the number of possible combinations, making them harder to brute-force.

For the exam, you should be aware that many organizations implement password policies that specify minimum length and complexity requirements to enhance security. Familiarize yourself with common standards, such as a minimum of 8-12 characters, and the inclusion of different character types. Understanding the importance of these practices in mitigating the risk of unauthorized access and how they contribute to overall network security will be beneficial for your exam preparation. Additionally, knowing the concepts of password expiration and user education regarding password management can also be relevant.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  • Enable DHCP snooping
A

DHCP snooping is a security feature used on network switches to prevent unauthorized or malicious DHCP servers from assigning IP addresses to clients. By enabling DHCP snooping, the switch maintains a binding table that records valid IP addresses and their associated MAC addresses. It allows only trusted DHCP servers to respond to DHCP requests while blocking responses from untrusted sources.

For the exam, understand that enabling DHCP snooping is crucial for protecting a network from rogue DHCP attacks, where a malicious actor could set up a fake DHCP server to intercept traffic. Be aware of the configuration steps, including defining trusted ports and the importance of monitoring DHCP messages. Knowing how DHCP snooping interacts with other security features like dynamic ARP inspection and port security can also be valuable for your overall understanding of network security measures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  • Change default VLAN
A

Changing the default VLAN on a switch is an important security practice that helps protect the network from unauthorized access and potential attacks. By default, most switches use VLAN 1 as their management VLAN, which can be a target for attackers. By changing the default VLAN to a non-standard number, network administrators can reduce the risk of VLAN hopping attacks and enhance overall network security.

For the exam, it’s essential to recognize the significance of changing the default VLAN, as it is part of a broader strategy to secure network management interfaces. Understand the steps involved in changing the default VLAN, such as accessing the switch’s configuration interface and assigning a new VLAN ID to the management interface. Be prepared to explain the benefits of this practice, including reducing the attack surface and making it more challenging for malicious users to guess the management VLAN.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  • Patch and firmware management
A

Patch and firmware management refers to the systematic approach of applying updates and fixes to software applications and hardware devices. This process is crucial for maintaining the security, stability, and performance of systems within a network. Patches often address vulnerabilities, bugs, and performance issues, while firmware updates enhance device capabilities and security.

For the exam, it’s important to understand the differences between patch management and firmware management. Patch management focuses on applying updates to software applications and operating systems, ensuring that all known vulnerabilities are addressed. Firmware management deals with the updates that improve the functionality of hardware devices such as routers, switches, and servers. Be prepared to explain the importance of having a regular schedule for updates and the need to test patches in a controlled environment before deployment to avoid potential disruptions in the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  • Access control list
A

An access control list (ACL) is a set of rules used to control network traffic and determine which users or systems are granted or denied access to certain resources. ACLs can be applied to various devices, such as routers and firewalls, and help enhance network security by filtering incoming and outgoing traffic based on specified criteria. These criteria can include IP addresses, protocols, port numbers, and more.

For the exam, you should know the different types of ACLs, primarily standard and extended ACLs. Standard ACLs filter traffic based solely on the source IP address, while extended ACLs can filter based on source and destination IP addresses, protocols, and ports. Additionally, understanding how to create and apply ACLs, as well as their impact on network performance and security, is crucial. Be prepared to explain the importance of correctly configuring ACLs to prevent unauthorized access and ensure proper network segmentation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  • Role-based access
A

Role-based access control (RBAC) is a method of regulating access to network resources based on the roles of individual users within an organization. In this model, permissions are assigned to specific roles rather than to individual users. When a user is assigned a role, they inherit the permissions associated with that role, making it easier to manage access rights for groups of users who require similar access to resources.

For the exam, you should understand the advantages of RBAC, such as improved security, streamlined access management, and reduced administrative overhead. It’s essential to know how RBAC enhances security by ensuring that users only have access to the information and resources necessary for their job functions, thereby minimizing the risk of unauthorized access. Be familiar with common roles in various environments and the principle of least privilege, which is a key concept in RBAC, ensuring that users have the minimum level of access required to perform their duties.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Firewall rules - Explicit deny

A

Explicit deny refers to a specific rule within a firewall configuration that actively blocks traffic based on predefined criteria. This type of rule is essential in establishing a security posture, as it allows network administrators to control what traffic can enter or exit a network. An explicit deny rule will take precedence over any allow rules, ensuring that unauthorized or unwanted traffic is denied access to the network.

For the exam, you should recognize that explicit deny rules are crucial for implementing a security model that adheres to the principle of least privilege. Knowing how to configure these rules effectively can help mitigate potential security threats and vulnerabilities. Be aware that firewalls typically have an implicit deny rule at the end of their ruleset, which denies all traffic not explicitly allowed by preceding rules. Understanding the ordering of firewall rules and the importance of prioritizing explicit deny rules can help you design and manage secure network environments effectively.

17
Q

Firewall rules - Implicit deny

A

Implicit deny is a fundamental security principle applied in firewall configurations that automatically blocks all traffic unless there are explicit allow rules defined. This means that if a specific type of traffic is not explicitly permitted by a rule in the firewall’s configuration, it will be denied by default. This approach helps enhance network security by ensuring that only authorized traffic can access the network.

For the exam, it’s important to understand that implicit deny acts as a safety net for network security. It ensures that any traffic not explicitly allowed is automatically rejected, which reduces the risk of unauthorized access. Firewalls commonly implement an implicit deny rule at the end of their ruleset, serving as a final measure to protect against unwanted traffic. Familiarizing yourself with how implicit deny functions within the context of firewall rules and network security will help you design more secure network environments.

18
Q
  • MAC filtering
A

MAC filtering is a security feature used in networks to control access based on the unique Media Access Control (MAC) addresses of devices. Each network interface card (NIC) has a specific MAC address, which can be used to identify and allow or deny devices attempting to connect to the network. By configuring a router or wireless access point to allow only specified MAC addresses, administrators can create a more secure environment, preventing unauthorized devices from gaining access.

For the exam, it’s important to note that while MAC filtering can enhance security, it is not foolproof. Attackers can spoof MAC addresses, making it possible for unauthorized devices to bypass these filters. Thus, MAC filtering should be used in conjunction with other security measures, such as strong encryption and network segmentation, to provide a more robust defense. Understanding how MAC filtering works, its benefits, and its limitations will be beneficial for your network security knowledge.

19
Q
  • Antenna placement
A

Antenna placement refers to the strategic positioning of antennas to optimize wireless network performance. Proper antenna placement is crucial for maximizing coverage, minimizing interference, and ensuring reliable connectivity in wireless networks. Factors such as the physical environment, obstacles like walls and furniture, and the desired coverage area play significant roles in determining the best antenna locations.

For the exam, you should understand the principles of line-of-sight, the impact of obstructions on signal strength, and the concept of overlapping coverage areas for multiple access points. Additionally, knowing how different antenna types, such as omnidirectional and directional antennas, affect coverage and signal distribution can be essential. Effective antenna placement can significantly improve network performance, making it a key consideration in wireless network design and implementation.

20
Q
  • Power levels
A

Power levels in networking refer to the strength of the signals transmitted by devices such as access points and routers. These levels are measured in milliwatts (mW) or decibels relative to one milliwatt (dBm). Proper power levels are critical for ensuring adequate wireless coverage while minimizing interference with other devices.

For your exam, you should be aware of how different power levels can affect coverage and signal quality. Too low a power level may result in weak signals and dead zones, while too high a power level can lead to excessive overlap and interference between access points. It’s also essential to understand regulations regarding power levels in different regions, as these can limit how much power a device can transmit. Balancing power levels is crucial for optimizing network performance and ensuring reliable connections for users.

21
Q
  • Wireless client isolation
A

Wireless client isolation is a security feature that prevents wireless clients connected to the same access point or network from communicating directly with each other. This means that devices on the same Wi-Fi network, such as smartphones, laptops, or tablets, cannot see or access one another, enhancing privacy and security.

For the exam, you should understand the purpose of wireless client isolation, which is primarily to protect sensitive data on devices from being accessed by other users on the same network. It is especially useful in environments like public Wi-Fi networks, where many users are connected. You might also encounter terms like “client isolation” or “AP isolation” that refer to similar functionalities. Additionally, knowing how to enable or configure this feature on various access points can be beneficial, as it contributes to maintaining a secure wireless environment.

22
Q
  • Guest network isolation
A

Guest network isolation refers to the practice of segregating guest users from the main internal network to enhance security and protect sensitive resources. This isolation ensures that guests can access the internet and any designated resources without being able to interact with the devices or data on the corporate network.

For the exam, it’s important to understand that guest network isolation is typically implemented in environments like hotels, cafes, and offices where visitors require internet access but should not have any access to the internal network. This can be achieved through VLANs or separate SSIDs, which effectively create different network segments. Be familiar with the advantages of this approach, such as minimizing security risks and maintaining privacy for internal users, as well as the best practices for configuring and managing guest networks securely.

23
Q
  • Preshared keys (PSKs)
A

Preshared keys (PSKs) are cryptographic keys shared between two parties prior to establishing a secure communication channel. PSKs are commonly used in wireless security protocols, particularly in WPA and WPA2, where they serve as a means to authenticate users and encrypt data transmitted over the network.

For the exam, it’s essential to understand that PSKs are typically used in scenarios where the number of users is limited, such as in home networks or small offices. They simplify the setup process because users only need to enter a single key to access the network. However, PSKs can present security risks if not managed properly, as anyone with access to the key can join the network. You should be aware of best practices like using complex, lengthy keys and regularly updating them to enhance security. Additionally, in larger or more sensitive environments, consider alternatives like 802.1X for more secure authentication methods.

24
Q
  • EAP
A

Extensible Authentication Protocol (EAP) is an authentication framework commonly used in network access technologies, particularly in wireless networks and point-to-point connections. EAP allows for various authentication methods, such as passwords, digital certificates, or tokens, enabling flexible and secure user verification.

For the exam, it’s important to know that EAP is not a specific protocol but a framework that supports multiple authentication mechanisms. Some common EAP methods include EAP-TLS (which uses certificates for authentication), EAP-PEAP (which encapsulates a second EAP exchange in a secure tunnel), and EAP-TTLS. Understanding how EAP works is crucial for network security, as it provides a way to implement secure wireless authentication. Be familiar with its role in 802.1X networks, where it works alongside a RADIUS server to provide robust authentication for users and devices accessing the network.

25
Q
  • Geofencing
A

Geofencing is a location-based service that uses GPS, RFID, Wi-Fi, or cellular data to create a virtual boundary around a specific geographic area. When a device enters or exits this predefined zone, it triggers a response or action, such as sending a notification or logging the event. Geofencing is commonly used in various applications, including marketing, security, and fleet management.

For the exam, you should understand how geofencing works and its potential applications. It’s important to note that geofencing can enhance security by enabling location-based access controls, allowing or restricting access to network resources based on a user’s physical location. Familiarize yourself with its use in mobile applications, where businesses can send targeted advertisements to users when they are within a specific area. Additionally, be aware of privacy considerations, as geofencing relies on tracking users’ locations, which raises questions about consent and data security.

26
Q
  • Captive portal
A

A captive portal is a web page that users are directed to when they connect to a public Wi-Fi network. This page often requires users to take specific actions before they can access the Internet. Actions can include accepting terms of service, entering credentials, or providing payment information. Captive portals are commonly used in places like coffee shops, airports, and hotels to manage network access and ensure users comply with the network’s policies.

For the exam, it’s essential to know the purpose and functionality of captive portals. They serve as a mechanism to authenticate users and can help in monitoring and controlling access to the network. Understand that while captive portals can enhance security and user accountability, they can also pose challenges, such as usability issues and potential privacy concerns. Additionally, be familiar with the differences between open and secured captive portals, as well as how captive portals can integrate with other security measures like RADIUS for authentication.

27
Q

IoT access considerations

A

IoT access considerations refer to the various factors that must be evaluated when integrating Internet of Things (IoT) devices into a network. These devices often operate in diverse environments and interact with other systems, making security and access management crucial. Key considerations include ensuring secure device authentication, managing access control policies, and implementing proper encryption protocols for data transmission.

For the exam, you should be familiar with the risks associated with IoT devices, such as unauthorized access, data breaches, and potential vulnerabilities due to weak security measures. Understanding how to establish network segmentation to isolate IoT devices from critical systems is important. You should also know about the role of device management solutions in monitoring and controlling IoT access, as well as how to apply best practices for firmware updates and security patches to protect these devices from emerging threats.

Net+ 008 (26 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions