Cisco chapter 10-13

Question 1

Common Network Attacks

Answer 1

1. Distributed Denial of Service (DDos)
2. Data Breach
3. Malware

Question 2

VPN Router

Answer 2

A VPN-enabled router provides a secure connection to remote users across a public network and into the enterprise network. VPN services can be integrated into the firewall.

Question 3

Next-Generation Firewall (NGFW)

Answer 3

An NGFW provides stateful packet inspection, application visibility and control, a next-generation intrusion prevention system (NGIPS), advanced malware protection (AMP), and URL filtering.

Question 4

Endpoints

Answer 4

Laptops, Desktops, Servers, Tablets, Phones, and BYODs

Question 5

Network Access Control (NAC)

Answer 5

A NAC device includes authentication, authorization, and accounting (AAA) services. In larger enterprises, these services might be incorporated into an appliance that can manage access policies across a wide variety of users and device types. The Cisco Identity Services Engine (ISE) is an example of a NAC device.

Question 6

Functions of Cisco Email Security Appliance (ESA)

Answer 6

1. Block known threats
2. Remediate against stealth malware that evaded initial detection.
3. Discard emails with bad links
4. Block access to newly infected sites
5. Encrypt content in outgoing email to prevent data loss

Question 7

Cisco Web Security Appliance WSA

Answer 7

Controls how users access the internet. Can block messaging, video, audio or restrict them. Can also blacklist URLs, filter URLs, scan for malware, categorize URLs, filter web applications, and encrypt and decrypt traffic over the web.

Question 8

Authentication with Local Password

Answer 8

Using a password to log in to the switch and SSH for remote login can be helpful.

Question 9

AAA

Answer 9

1. Authentication
2. Authorization
3. Accounting

Question 10

Authentication

Answer 10

1. Local Authentication - usernames and passwords are stored in the network device itself.
2. Server-based authentication - server stores log in info and the network device accesses it.

Question 11

Authorization

Answer 11

Is automatic and does not require the users to perform additional steps for authentication.

Question 12

Accounting

Answer 12

Collects ad reports user data. It also is used in authentication to log what users did while on the network. This can help identify when users performed malicious activities.

Question 13

IEE 802.1 X

Answer 13

A port-based access control and authentication protocol that restricts unauthorized workstations from connecting to a LAN through public switch ports.

Question 14

MAC Table Attacks

Answer 14

Includes MAC address flooding attacks.

Question 15

VLAN Attacks

Answer 15

Includes VLAN hopping and VLAN double-tagging attacks. It also includes attacks between devices on a common VLAN.

Question 16

DHCP Attacks

Answer 16

Includes DHCP starvation and DHCP spoofing attacks.

Question 17

ARP Attacks

Answer 17

Includes ARP spoofing and ARP poisoning attacks.

Question 18

Address Spoofing Attacks

Answer 18

Includes MAC address and IP address spoofing attacks.

Question 19

STP Attacks

Answer 19

Includes Spanning Tree Protocol manipulation attacks.

Question 20

Layer 2 Attack Mitigation

Answer 20

1. Port Security
2. DHCP Snooping
3. Dynamic ARP Inspector DAI
4. IP Source Guard IPSG

Question 21

Common ways to secure unused ports on a layer 2 switch

Answer 21

Turn them off

Question 22

Common ways to prevent MAC address attacks

Answer 22

Enable Port security

Question 23

What commands do you use to enable port security?

Answer 23

1. Interface f0/#
2. switchport mode access
3. switchport port-security
4. end

Question 24

Learning and Limiting MAC address

Answer 24

1. Manually entered - assign static MAC addresses
2. Dynamically Learned - current MAC address is secured unless the switch reboots.
3. Dynamically Learned -Sticky - sticks Mac address to the running config

Question 25

Port Security Aging

Answer 25

1. Absolute-secured address is deleted after a certain amount of time
2. Inactivity - the secured address is deleted only if they are inactive for a specified amount of time.

Question 26

Parameters for port security aging

Answer 26

1. Static - Enable aging for a statically configured secure address on this port
2. time time - Specify the aging time for this port
3. type absolute - set the absolute aging time
4. type inactivity - set inactivity aging time.

Question 27

Security Violation Modes on a layer 2 switch

Answer 27

1. Shutdown(default) - when a new address is discovered, the port shuts down. Must toggle to reactivate.
2. Restrict - drops the packets and must remove mac addresses on the table to allow them to pass. Generates a sys log
3. Protect - this is the least secure. It does the same as restrict but does not generate a sys log or increase the violation counter

Question 28

Types of Vlan attacks

Answer 28

1. Vlan Spoofing- DTP messages can be sent by the attacker to have the switch enter trunk mode and allow them to target Vlans.
2. Vlan hopping - double tagging a frame with two Vlan-ids. The example used an 802.1Q frame

Question 29

How to Mitigate Vlan Attacks

Answer 29

1. Disable DTP
2. Diable unused ports and put them on an unused Vlan