Module 10 Flashcards
What does AAA stand for in network security?
Authentication, Authorization, Accounting
AAA provides a framework for network access control.
What is Local AAA Authentication?
Stores usernames and passwords locally in a network device
Ideal for small networks.
What is Server-Based AAA Authentication?
Router accesses a central AAA server using RADIUS or TACACS+ protocols
More appropriate for networks with multiple devices.
What is the purpose of AAA Authorization?
Governs what users can and cannot do on the network after authentication
Uses attributes to determine user privileges.
What does AAA Accounting do?
Collects and reports usage data for auditing or billing
Logs data such as connection times and executed commands.
What is the IEEE 802.1X standard?
A port-based access control and authentication protocol
Restricts unauthorized workstations from connecting to a LAN.
What roles do devices play in 802.1X authentication?
Client (Supplicant), Switch (Authenticator), Authentication Server
Each has a specific function in the authentication process.
What types of attacks are categorized under Layer 2 Security Threats?
MAC Table Attacks, VLAN Attacks, DHCP Attacks, ARP Attacks, Address Spoofing Attacks, STP Attacks
These attacks exploit vulnerabilities at Layer 2 of the OSI model.
What is a MAC Address Table Attack?
Involves flooding a switch with fake source MAC addresses until the table is full
This can disrupt normal network operations.
What is a VLAN Hopping Attack?
Enables traffic from one VLAN to be seen by another VLAN without a router
This attack can compromise network segmentation.
What is DHCP Snooping?
A security feature that prevents DHCP starvation and DHCP spoofing attacks
Helps to secure DHCP operations on a network.
What is Dynamic ARP Inspection (DAI)?
Prevents ARP spoofing and ARP poisoning attacks
It verifies ARP packets on the network.
What is IP Source Guard (IPSG)?
Prevents MAC and IP address spoofing attacks
It ensures that only valid IP addresses are used on a network.
True or False: Layer 2 vulnerabilities can affect all layers above it.
True
Compromise at Layer 2 can render security measures at higher layers ineffective.
What is the function of a Next-Generation Firewall (NGFW)?
Provides stateful packet inspection and advanced malware protection
It integrates multiple security functions into one device.
Fill in the blank: The primary use of AAA accounting is to combine it with AAA _______.
authentication
This provides a log of user actions and helps in auditing.
What does the Cisco Email Security Appliance (ESA) do?
Monitors SMTP, blocks known threats, and encrypts outgoing email
It uses real-time threat intelligence to enhance email security.
What does the Cisco Web Security Appliance (WSA) provide?
Mitigation technology for web-based threats and application visibility
It controls web traffic based on organizational policies.
What is Port Security?
Prevents MAC address flooding attacks and DHCP starvation attacks
It limits the number of MAC addresses that can be learned on a port.
What is an example of an attack that can be mitigated by implementing BPDU Guard?
STP Attack
BPDU Guard protects against manipulation of the Spanning Tree Protocol.
What is IP address spoofing?
IP address spoofing is when a threat actor hijacks a valid IP address of another device on the subnet or uses a random IP address.
How can IP and MAC address spoofing be mitigated?
Implementing IP Source Guard (IPSG).
What is a STP attack?
A STP attack involves threat actors manipulating Spanning Tree Protocol (STP) to spoof the root bridge and change the topology of a network.
How can STP attacks be mitigated?
By implementing BPDU Guard on all access ports.
What information does CDP provide?
CDP provides the IP address of the device, IOS software version, platform, capabilities, and the native VLAN.
How can the exploitation of CDP be mitigated?
Limit the use of CDP on devices or ports.
What is a DHCP starvation attack?
An attack that aims to create a DoS for connecting clients by leasing all available IP addresses with bogus MAC addresses.
What is a rogue DHCP server?
A rogue DHCP server provides false IP configuration parameters to legitimate clients.
What types of misleading information can a rogue DHCP server provide?
It can provide:
* Wrong default gateway
* Wrong DNS server
* Wrong IP address
What is ARP spoofing?
ARP spoofing is when an attacker sends a gratuitous ARP message containing a spoofed MAC address to a switch, allowing for a man-in-the-middle attack.
How can ARP spoofing be mitigated?
By implementing Dynamic ARP Inspection (DAI).
What is a MAC address table overflow attack?
An attack that floods a switch with fake source MAC addresses until the switch’s MAC address table is full.
What happens when a switch’s MAC address table is full?
The switch treats incoming frames as unknown unicast and floods all traffic out all ports on the same VLAN.
What is a VLAN hopping attack?
A VLAN hopping attack allows traffic from one VLAN to be seen by another VLAN without the aid of a router.
What is a VLAN double-tagging attack?
An attack where a hidden 802.1Q tag is embedded inside a frame with another 802.1Q tag, allowing it to reach a different VLAN.
How can VLAN hopping and double-tagging attacks be mitigated?
By implementing trunk security guidelines such as:
* Disable trunking on all access ports
* Disable auto trunking on trunk links
* Ensure the native VLAN is only used for trunk links.
What command disables CDP globally on a device?
no cdp run
What command enables CDP globally on a device?
cdp run
What command disables CDP on a port?
no cdp enable
What command enables CDP on a port?
cdp enable
True or False: CDP information is sent in encrypted broadcasts.
False
What tool can be used for DHCP starvation attacks?
Gobbler
What does the Dynamic ARP Inspection (DAI) do?
DAI helps to prevent ARP spoofing and ARP poisoning.
What is a gratuitous ARP?
An unsolicited ARP Reply sent by a client.
Fill in the blank: The tool _______ can flood a switch with bogus frames to create a MAC address table overflow attack.
macof
What is the primary function of DHCP servers?
To dynamically provide IP configuration information to clients.
What is an example of a DHCP spoofing attack?
A rogue DHCP server providing an invalid IP address to clients.
