Chapter 8 Flashcards
What is the default password setting for console 0?
Console access is open by default.
What is the default security settings for Telnet and SSH?
Disabled by default
Securing user mode with a simple password means what
Console and/or tenlet users must enter a password (no username)
Command for entering console line configuration mode from global configuration mode
line console 0
Two login authentication methods for Cisco switches that use username/passwords
Manually setting up unique username/passwords for each switch
Using a AAA (authentication, authorization, and accounting) server
Protocols used by AAA servers
RADIUS or TACACS+
What does a Cisco switch need to begin accepting SSH connections?
Cryptography Key used to encrypt data
Command to list status information about the ssh server
show ip ssh
Command to list the ssh clients connected to the switch
show ssh
Benefits of ssh2 over ssh1
Improves security algorithms and adds banner support
2 Commands set set support for telnet and ssh
transport input all
transport input telnet ssh
Command to set support for telnet, ssh
From the vty line subcommand: transport input {all|none|telnet|ssh}
command to encrypt stored passwords so they aren’t stored as cleartext in config file
service password-encryption
Command to turn off password encryptions
no service password-encryption
Effect of turning off password encryption
No immediate effect. Passwords are still stored encrypted until a change to the password is made
Enable Password command versus Enable Secret Password
Both set password for enable mode. Enable Secret Password is newer and more secure because it encrypts the enable password in the config
Three popular banner types
MOTD, Exec, Login
MOTH banner
Shown before the login prompt. Used for temporary messages that change from time to time
Login Banner
Shown at the login prompt. Used for permanent messages (“Unauthorized user prohobited”)
Exec Banner
Shown after successful login. Provide information that should be hidden from unauthorized users
command to list all commands stored in the history file
show history
command to disable syslog messages on the console screen
in global config, no logging console
All types of port security have 3 common concepts
Define max number of source MAC addresses allowed for an interface / watch incoming frames & keep a list of unique MAC addresses & a counter of unique addresses / When counter pushes past max, shut the port down
Before setting up port security on an interface, you must define what –
The type of interface - static access or a trunk interface
