day 9

Question 1

router threats

Answer 1

.

Question 2

masquerading (spoofing)

Answer 2

occurs when an attacker manipulates and falsifies information and is used to hide an attacker’s identity or fool devices into thinking the traffic legitimate.

Question 3

session hijacking

Answer 3

the exploitation of a valid computer session to gain unauthorized access to information or services in a computer system

Question 4

rerouting

Answer 4

includes manipulating router updates to cause traffic flow to unauthorized destinations, sometimes called route injection attacks

Question 5

denial of service (DoS)

Answer 5

cause disruptions by overwhelming the targeted system with improperly formatted traffic

Question 6

eavesdropping and information theft

Answer 6

the unauthorized viewing and collection of network traffic, usually accomplished with a packet-sniffing program

Question 7

Router configuration hardening

Answer 7

all unnecessary services should be disabled in a router configuration

Question 8

TCP and UDP small servers

Answer 8

routers contain services that are not necessary and should be disabled

Question 9

small server services to disable

Answer 9

Port service description
7 echo this command echos what is typed
9 discard this service was designed to aid in troubleshooting links along a comm path..once it reaches its intended destination, it is discarded
13 daytime this command returns system date and time
19 chargen this command generates a 72-character string of ASCII characters from remote host

Question 10

finger service

Answer 10

used for querying a host about its logged in users

Question 11

Network Time Protocol (NTP)

Answer 11

used to keep their time-of-day clocks accurate and in sync.

uses port 123

Question 12

boot network

Answer 12

allows cisco devices to load their configuration files from over the network, and is sometimes referred to as a configuration auto-loading

Question 13

Internet Control Message Protocol (ICMP)

Answer 13

supports IP traffic by relaying information about paths, routes, and network conditions

Question 14

destination unreachable

Answer 14

a router can report that a network, system, or port on a distant system is unreachable,

Question 15

redirect

Answer 15

informs a host that a packet was sent to the wrong destination, and tells the sending machine the correct destination…arises when there is more than one router on a LAN

Question 16

address mask reply

Answer 16

provide a method to determine their network mask information. to a hacker, this information may be used to identify routers and to collect subnet information, useful in mapping out networks

Question 17

DNS lookups

Answer 17

by default, IOS sends DNS name queries to the broadcast address 255.255.255.255. This makes it very susceptible to DNS poisoning.
Either name a specific server or turn off the service

Question 18

HTTP and HTTPS servers

Answer 18

enables web based administration. HTTPS is secure, but takes little knowledge to use.
ports 80 and 443

Question 19

IP source routing

Answer 19

IP packets are 20-60 bytes long. hackers can place IP’s in the extra 40 bytes to direct traffic to those addresses, bypassing the routing tables.

Question 20

strict source routing

Answer 20

hops specified in the IP header must be followed exactly

Question 21

loose source routing

Answer 21

some hops are specified and routers will determine how to route to those specified hops

Question 22

SNMP services

Answer 22

SNMP is vulnerable because of the amount of info it contains.
SNMP V1 and V2 send info in the clear, v3 sends it encrypted.
uses ports 161 and 162

Question 23

proxy ARP

Answer 23

routers respond to ARP queries, enabling them to use MAC addresses to talk to other networks rather than using IP addresses

Question 24

IP directed broadcasts

Answer 24

permit a host on one LAN segment to send broadcast messages on a different LAN.
allows smurf and fraggle attacks to occur

Question 25

unicast reverse-path forwarding (uRPF) verification

Answer 25

helps mitigate problems caused by the introduction of malformed or forged (spoofed) IP source addresses into a network by discarding packets lacking a verifiable IP source address must first enable CEF

Question 26

uRPF syntax

Answer 26

``` Router#config t router(config)#ip cef router(config)#interface eth 0/0 router(config)#ip verify unicast reverse-path router(config-if)#exit ```

Question 27

local access

Answer 27

usually involves a direct connection to the console port of a device

Question 28

Console (CON)

Answer 28

configure the console line to time out exec sessions so if an administrator forgets to log out, the device will log him or her out automatically

Question 29

CON syntax

Answer 29

Router#config t router(config)#line con 0 router(config)#exec-timeout 5 0 router(config-if)#exit

Question 30

Auxiliary (AUX)

Answer 30

some administrators connect a modem to the auxiliary port to facilitate remote administration via dial-up

Question 31

AUX syntax

Answer 31

Router#config t router(config)#no exec router(config)#transport input none router(config-if)#exit

Question 32

Remote access

Answer 32

typically involves TELNET, SSH, HTTPS, or SNMP connections to the router from a computer on the same or a different subnet. not recommended

Question 33

Virtual Terminal (VTY) lines

Answer 33

VTY login should be disabled if remote admin is not necessary. VTY lines are disabled by default if there is no password set, they are disabled

Question 34

SSH

Answer 34

there are two versions of SSH, V 1 and V 2, but neither are compatible with each other.

Question 35

accounts

Answer 35

for internal logging, an account should be created for each user.

Question 36

user accounts become vulnerable when:

Answer 36

they are created without passwords they are assigned to privilege levels higher than level 1 account names can be determined if the finger service is running on the router

Question 37

login local

Answer 37

admins must change the interface login because login local prompts user for username and password

Question 38

passwords

Answer 38

service password-encryption only enables type 7 password | enable secret uses an MD5 hash to secure passwords

Question 39

privilege levels

Answer 39

0 user restricted to 5 commands 1-14 user restricted to basic level operations 15 global administration capabilities

Question 40

logging

Answer 40

logs errors to a syslog host. uses UDP port 514

Question 41

logging syntax

Answer 41

Router#logging buffered router(config)#logging trap info router(config)#logging facility local router(config)#logging 14.2.9.6

Question 42

ACL's

Answer 42

used to permit or deny packets using permit or deny statements based on addresses, ports or protocols. are used on IP and IP extended

Question 43

ACL types

Answer 43

IP standard access list 1-99 or 1300-1999 | IP extended access list 100-199 or 2000-2699

Question 44

ACL's

Answer 44

must be created in the routers global config mode | access lists are read from top to bottom and end with an implicit deny statement

Question 45

more on ACL's

Answer 45

- ACL's are applied to each interface - standard access lists should be applied to the router nearest the destination - extended access lists should be applied nearest the source of the traffic - access lists should be applied to the interface inbound - access lists are called groups when applied to an interface in config-if mode and are applied to either the incoming or outgoing side of an interface. ip access-group 100 in