4.5 Flashcards
Why do we change the default credentials?
Because most devices have default usernames and passwords and it’s very easy to find the defaults for your WAP or router. So for security purposes we need to change them.
Why is it important to avoid common passwords?
Since most of the people use common words as passwords, brute force attackers start with the easy ones.
Why do we upgrade firmware?
Many network devices do not use traditional operation system in which the potential exists for security vulnerabilities. So to plan for the unexpected we need to have our firmware up-to-date at all times.
Why is patch management important?
Because of system stability and security fixes we need to get all the update patches or if there is a service pack available, we need to get it asap and look for monthly updates.
Whats file hashing?
Hashing represents data as a short string of text which has a unique value and it allows us to verify the integrity of a downloaded file.
Why do we disable unnecessary services?
Every service has the potential for trouble but “Unnecessary” isn’t always obvious and might require a lot of research like trial and error(testing and monitoring.
what are the secure protocols we should use?
- SSH(instead of Telnet:terminal sessions)
- SFTP(instead of FTP: file transfer)
- SNMPv3(instead of SNMPv1 and SNMPv2:encrypted communication)
- TLS/SSL(HTTP inside of TLS is HTTPS)
- IPsec(Encrypt at the IP packet level)
Why is generating new keys is important?
We communicate to network devices over encrypted channels and encryption keys are usually managed on the devices. Therefore anyone with the key can potentially decrypt administrative sessions. That’s why updating or changing they keys during the installation.
Why do we disable unused IP ports?
To control traffic based on data within the content we use a firewall to allow or restrict port numbers(TCP and UDP filtering).
Why do we disable unused ports(interfaces)?
We administratively disable unused ports to maintain and secure the port and sometimes add NAC(Network Access Control) so users have to authenticate to be able to communicate,