CCNA2 - Module 10 Flashcards
– This is a coordinated attack from many devices
, called zombies, with the intention of degrading or halting public access
to an organization’s website and resources.
Distributed Denial of Service (DDoS)
– This is an attack in which an organization’s data servers
or hosts are compromised to steal confidential information
.
Data Breach
– This is an attack in which an organization’s hosts are infected with malicious software
that cause a variety of problems. For example, ransomware such as WannaCry encrypts the data on a host and locks access to it until a ransom is paid.
Malware
- provides a
secure connection to remote users
across a public network and into the enterprise network. VPN services can be integrated into the firewall.
Virtual Private Network (VPN) enabled router
- provides
stateful packet inspection
, application visibility and control, anext-generation intrusion prevention system
(NGIPS), advanced malware protection (AMP), and URL filtering.
Next-Generation Firewall (NGFW)
- includes
authentication, authorization, and accounting (AAA) services
. In larger enterprises, these services might be incorporated into an appliance that can manage access policies across a wide variety of users and device types. TheCisco Identity Services Engine (ISE)
is an example of a NAC device.
Network Access Control (NAC)
- are hosts which commonly consist of
laptops, desktops, servers, and IP phones
, as well as employee-owned devices. Endpoints are particularly susceptible to malware-related attacks that originate through email or web browsing. - have typically used traditional host-based security features, such as
antivirus/antimalware
,host-based firewalls
, andhost-based intrusion prevention systems (HIPSs)
. - are best protected by a
combination of NAC, AMP software, an email security appliance (ESA), and a web security appliance (WSA)
.
Endpoints
is designed to monitor Simple Mail Transfer Protocol (SMTP)
. The Cisco ESA is constantly updated by real-time feeds from the Cisco Talos, which detects and correlates threats and solutions by using a worldwide database monitoring system. This threat intelligence data is pulled by the Cisco ESA every three to five minutes.
Cisco ESA device
- is a
mitigation technology for web-based threats
. It helps organizations address the challenges of securing and controlling web traffic. -
combines advanced malware protection, application visibility and control, acceptable use policy controls, and reporting
. - provides complete control over how users access the internet. Certain features and applications, such as chat, messaging, video and audio, can be allowed, restricted with time and bandwidth limits, or blocked, according to the organization’s requirements.
- can
perform blacklisting of URLs, URL-filtering
, malware scanning, URL categorization, Web application filtering, and encryption and decryption of web traffic.
Cisco Web Security Appliance (WSA)
The simplest method of remote access authentication
is to configure a login and password combination on ____________
console, vty lines, and aux ports
AAA
Authentication, Authorization, and Accounting
- provides the
primary framework to set up access control
on a network device. - is a way to
control who is permitted to access a network
(authenticate), what they can do while they are there (authorize), and to audit what actions they performed while accessing the network (accounting).
AAA
- Method
stores usernames and passwords locally
in a network device (e.g., Cisco router). - Users authenticate against the local database.
- Local AAA is ideal for small networks.
Local AAA Authentication
- With the server-based method, the router accesses a central AAA server.
- The AAA server contains the
usernames and password for all users
. - The router uses either the
Remote Authentication Dial-In User Service (RADIUS) or Terminal Access Controller Access Control System (TACACS+)
protocols to communicate with the AAA server. - When there are multiple routers and switches, server-based AAA is more appropriate.
Server-Based AAA Authentication
- is
automatic
and does not require users to perform additional stepsafter authentication
. - governs what users can and cannot do on the network after they are authenticated.
- uses a set of attributes that describes the user’s access to the network. These attributes are used by the AAA server to determine privileges and restrictions for that user.
*
AAA authorization
collects and reports usage data
. This data can be used for such purposes as auditing or billing. The collected data might include the start and stop connection times, executed commands, number of packets, and number of bytes.
AAA accounting
is a port-based access control and authentication protocol
. This protocol restricts unauthorized workstations from connecting to a LAN through publicly accessible switch ports. The authentication server authenticates each workstation that is connected to a switch port before making available any services offered by the switch or the LAN.
IEEE 802.1X standard
- This is a
device running 802.1X-compliant client software
, which is available for wired or wireless devices.
Client (Supplicant)
–The switch acts as an ` intermediary between the client and the authentication server`. It requests identifying information from the client, verifies that information with the authentication server, and relays a response to the client. Another device that could act as authenticator is a wireless access point.
Switch (Authenticator)
–The server validates the identity of the client
and notifies the switch or wireless access point that the client is or is not authorized to access the LAN and switch services.
Authentication server
Examples: Includes MAC address flooding attacks.
MAC Table Attacks
Examples: Includes VLAN hopping and VLAN double-tagging attacks. It also includes attacks between devices on a common VLAN
VLAN Attacks
Examples: Includes DHCP starvation and DHCP spoofing attacks.
DHCP Attacks
Examples: Includes ARP spoofing and ARP poisoning attacks.
ARP Attacks