Device Security Flashcards
What are the ranges for standard ACLs?
1-99
1300-1999
Syntax for an extended numbered ACL
access-list access-list-number {deny | permit} protocol source IP wildcard mask destination IP wildcard mask [log]
3 primary differences that named ACLs have vs numbered
- Names instead of numbers
- Uses ACL subcommands vs global commands to define the ACL
- ACL editing allows users to edit delete and add individual lines
Command to delete a line from a numbered ACL with sequence numbers.
conf t
ip access-list {standard | extended} number
no seq number
Syntax to assign an ACL to a vty
access-class number {in | out}
TCP version of an extended ACL
access-list access-list-number {deny | permit}tcp source source-wildcard [operator [port]] destination destination-wildcard [operator [port]] [log]
If an ACL omits the wildcard mask, what is the implied mask?
0.0.0.0
What are the ranges for extended ACLs?
100 - 199
2000 - 2699
Syntax for a standard numbered ACL
access-list {1-99 | 1300-1999} {permit | deny} [subnet wildcard mask | any ]
Operational command to see: -IPv4 ACLs -All ACLs
show ip access-lists
show access-list
Command to see access list application status on an interface
show ip interface interface
Keyword to add to an ACL to help keep track of it’s activity
log
What are the 3 types of ACLs?
Standard
Extended
Named
Are named ACLs standard or extended?
Either, depends on how they are configured
What is the difference between standard and extended ACLs?
Standard ACLs filter on source address Extended ACLs filter on: Source and Dest IP Source and Dest Port Other criteria
What do extended ACLs filter on?
Source & Dest. IP
Source & Dest. Port
Command to implement an ACL on an interface
ip access-group number|name {in | out}
ACL keyword that means “0.0.0.0” wildcard
host
ACL keyword that means 0.0.0.0 255.255.255.255
any
ACL keywords for
greater than
less than
equal to
gt
lt
eq
Command to instantiate a named ACL
ip access-list {standard | extended} name
If a numbered ACL doesn’t use sequence numbers, how would a user remove one of it’s lines?
They can’t. The ACL must be deleted and re-added entirely.
What effect does the log keyword have on an ACL?
It sends messages to the log file about the activity pertinent to that line in the ACL
What advantage does SNMPv3 have over older versions?
Security
What 3 features in SNMPv3 support higher levels of security?
- Message integrity (tamper detection)
- Authentication
- Encryption
What are the 3 security modes for SNMPv3?
noAuthNoPriv
authNoPriv
authPriv
Configuration keyword for the noAuthNoPriv level of SNMPv3 security
noauth
Configuration keyword for the authNoPriv level of SNMPv3 security
auth
Configuration keyword for the authPriv level of SNMPv3 security
priv
Command to see the status of the SSH service on the device
show ip ssh
5 steps to enabling SSH
- Configure VTY lines to use either local or AAA security
- If local, add usernames
- Configure the ip domain-name
- Create the encryption key
- Enable version 1 or version 2
Command to enable port security on an interface
switchport port-security
2 mandatory and 4 optional steps to enabling port security
- Set a port to either trunk or access mode
- enable port security
Optional - Change the default number of MAC addresses allowed
- Change the default port security violation behavior
- Define any permitted MAC addresses
- Tell the switch to sticky-learn any dynamically learned mac addresses
Command to see the security state of switch ports
show port-security [interface interface]
What are the 3 port security violation options, and which is default?
- Shutdown (default)
- Protect
- Restrict
3 steps to create a key for use in routing authentication
- Create the key chain
- Create the key
- Set the key string
Syntax to create a key chain
conf t
key chain name
Syntax to create a key under a key chain
key #
Syntax to set a text string for a key
key-string text-string
Command to create the encryption key for SSH
crypto key generate rsa
Command to set the device to use SSH2
ip ssh version 2
