Chapter 4 - Network Foundation Protection Flashcards
What is Network Foundation Protection (NFP)?
NFP is the concept of breaking network infrastructure down into smaller components and then systematically focusing on how to secure each of those components.
What three planes does Network Foundcation Protection cover?
- Management Plane
- Control Plane
- Data Plane
What do CoPP and CPPr have in common?
- They both focus on control plane protection
- They both can identify traffic destined for a router that will likely require direct CPU resources to be used.
Which type of attack can be mitigated by using a routing protocol with authentication?
- Man-in-the-middle attacks
- Denial-of-service attacks
- Reconnaissance attacks
What is CoPP (Control Plane Policing)?
Applied globally to a router, this is a filter which will rate-limit management traffic keep a router from becoming overwhelmed by an attack. Think QoS for valid management traffic, where excess traffic is ignored and not processed by the CPU
What is CPPr (Control Plane Protection)?
Allows for detailed classification of traffic that is going to use a router’s CPU for processing. It is similar to CoPP but with far more options to get granular with identifiying what is to be ignored.
What is Role Based Access Control (RBAC)?
It is a way to organize users into groups (roles) so that permissions and access can be delegated easily.
What is Unicast Reverse Path Forwarding (uRPF)?
This is how a router can mitigate IP spoofing. Packets that enter on an interface are compared to the router’s routing table to see if it is possible that it is coming in on a source interface that really is impossible for that traffic to have originated from.
Why would you want to put an extended access-list closest to a source address?
Place extended ACL’s as close to the source of the traffic as possible to avoid consuming network bandwith, and stop traffic before route lookups are performed.
What happens in a CAM table overflow attack?
A switch at Layer 2 has no more room for mac addresses, so when a new one is received it is forwarded out all of its ports for that VLAN, enabling an attacker to eavesdrop.
What is a DHCP starvation attack?
This is when an attacker requests all the IP addresses available from a DHCP server so that none are availale for clients who really need them.
What is Dynamic ARP Inspection (DAI) used for?
It protects against ARP spoofing and ARP poisoning (incorrect IP to MAC address maps) which can be used for man-in-the-middle attacks.
