MODULE 12 - CERTIFICATION CYBER OPS ASSOCIATE Flashcards

1
Q

Network Topologies

Network Representations

Network architects and administrators must be able to show what their networks will look like.

They need to be able to easily see which components connect to other components, where they will be located, and how they will be connected.

Diagrams of networks often use symbols, like those shown in the figure, to represent the different devices and connections that make up a network.

A

https://snipboard.io/8cdTEp.jpg

A diagram provides an easy way to understand how devices connect in a large network.

This type of “picture” of a network is known as a topology diagram.

The ability to recognize the logical representations of the physical networking components is critical to being able to visualize the organization and operation of a network.

In addition to these representations, specialized terminology is used to describe how each of these devices and media connect to each other:

– Network Interface Card (NIC)

– Physical Port

– Interface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

https://snipboard.io/8cdTEp.jpg

A diagram provides an easy way to understand how devices connect in a large network.

This type of “picture” of a network is known as a topology diagram.

The ability to recognize the logical representations of the physical networking components is critical to being able to visualize the organization and operation of a network.

In addition to these representations, specialized terminology is used to describe how each of these devices and media connect to each other:

– Network Interface Card (NIC)

– Physical Port

– Interface

A

https://snipboard.io/8cdTEp.jpg

A diagram provides an easy way to understand how devices connect in a large network.

This type of “picture” of a network is known as a topology diagram.

The ability to recognize the logical representations of the physical networking components is critical to being able to visualize the organization and operation of a network.

In addition to these representations, specialized terminology is used to describe how each of these devices and media connect to each other:

– Network Interface Card (NIC)

– Physical Port

– Interface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

https://snipboard.io/8cdTEp.jpg

A diagram provides an easy way to understand how devices connect in a large network.

This type of “picture” of a network is known as a topology diagram.

The ability to recognize the logical representations of the physical networking components is critical to being able to visualize the organization and operation of a network.

In addition to these representations, specialized terminology is used to describe how each of these devices and media connect to each other:

– Network Interface Card (NIC)

– Physical Port

– Interface

A

Network Interface Card (NIC) :

A NIC physically connects the end device to the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

https://snipboard.io/8cdTEp.jpg

A diagram provides an easy way to understand how devices connect in a large network.

This type of “picture” of a network is known as a topology diagram.

The ability to recognize the logical representations of the physical networking components is critical to being able to visualize the organization and operation of a network.

In addition to these representations, specialized terminology is used to describe how each of these devices and media connect to each other:

– Network Interface Card (NIC)

– Physical Port

– Interface

A

Physical Port :

A connector or outlet on a networking device where the media connects to an end device or another networking device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

https://snipboard.io/8cdTEp.jpg

A diagram provides an easy way to understand how devices connect in a large network.

This type of “picture” of a network is known as a topology diagram.

The ability to recognize the logical representations of the physical networking components is critical to being able to visualize the organization and operation of a network.

In addition to these representations, specialized terminology is used to describe how each of these devices and media connect to each other:

– Network Interface Card (NIC)

– Physical Port

– Interface

A

Interface :

Specialized ports on a networking device that connect to individual networks. Because routers connect networks, the ports on a router are referred to as network interfaces. Note: The terms port and interface are often used interchangeably.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Topology Diagrams Topology diagrams are mandatory documentation for anyone working with a network.

They provide a visual map of how the network is connected.

There are two types of topology diagrams:

physical and logical.

A

Physical Topology Diagrams

Physical topology diagrams illustrate the physical location of intermediary devices and cable installation, as shown in the figure.

You can see that the rooms in which these devices are located are labeled in this physical topology.

https://snipboard.io/TflmrV.jpg

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Logical Topology Diagrams

Logical topology diagrams illustrate devices, ports, and the addressing scheme of the network, as shown in the figure.

You can see which end devices are connected to which intermediary devices and what media is being used.

https://snipboard.io/HejSIg.jpg

A

The topologies shown in the physical and logical diagrams are appropriate for your level of understanding at this point in the course.

Search the internet for “network topology diagrams” to see some more complex examples.

If you add the word “Cisco” to your search phrase, you will find many topologies using icons that are similar to what you have seen in these figures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Networks of Many Sizes

Now that you are familiar with the components that make up networks and their representations in physical and logical topologies, you are ready to learn about the many different types of networks.

Networks come in all sizes.

They range from simple networks consisting of two computers, to networks connecting millions of devices.

A

Simple home networks let you share resources, such as printers, documents, pictures, and music, among a few local end devices.

Small office and home office (SOHO) networks allow people to work from home, or a remote office.

Many self-employed workers use these types of networks to advertise and sell products, order supplies, and communicate with customers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

usinesses and large organizations use networks to provide consolidation, storage, and access to information on network servers.

Networks provide email, instant messaging, and collaboration among employees.

Many organizations use their network’s connection to the internet to provide products and services to customers. The internet is the largest network in existence.

In fact, the term internet means a “network of networks”. It is a collection of interconnected private and public networks.

A

In small businesses and homes, many computers function as both the servers and clients on the network.

This type of network is called a peer-to-peer network.

– Small Home

– Small Office and Home Office

– Medium to Large

– World Wide

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

In small businesses and homes, many computers function as both the servers and clients on the network.

This type of network is called a peer-to-peer network.

– Small Home

– Small Office and Home Office

– Medium to Large

– World Wide

A

Small Home :

Small Home Networks Small home networks connect a few computers to each other and to the internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In small businesses and homes, many computers function as both the servers and clients on the network.

This type of network is called a peer-to-peer network.

– Small Home

– Small Office and Home Office

– Medium to Large

– World Wide

A

Small Office and Home Office :

Small Office and Home Office Networks

The SOHO network allows computers in a home office or a remote office to connect to a corporate network, or access centralized, shared resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In small businesses and homes, many computers function as both the servers and clients on the network.

This type of network is called a peer-to-peer network.

– Small Home

– Small Office and Home Office

– Medium to Large

– World Wide

A

Medium to Large :

Medium to Large Networks Medium to large networks, such as those used by corporations and schools, can have many locations with hundreds or thousands of interconnected hosts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

In small businesses and homes, many computers function as both the servers and clients on the network.

This type of network is called a peer-to-peer network.

– Small Home

– Small Office and Home Office

– Medium to Large

– World Wide

A

Medium to Large :

World Wide Networks

The internet is a network of networks that connects hundreds of millions of computers world-wide.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

LANs and WANs Network infrastructures vary greatly in terms of:

Size of the area covered

Number of users connected

Number and types of services available

Area of responsibility

A

The two most common types of network infrastructures are Local Area Networks (LANs), and Wide Area Networks (WANs).

A LAN is a network infrastructure that provides access to users and end devices in a small geographical area.

A LAN is typically used in a department within an enterprise, a home, or a small business network.

A WAN is a network infrastructure that provides access to other networks over a wide geographical area, which is typically owned and managed by a larger corporation or a telecommunications service provider.

The figure shows LANs connected to a WAN.

https://snipboard.io/8qdmyW.jpg

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

LANs A LAN is a network infrastructure that spans a small geographical area.

LANs have specific characteristics: LANs interconnect end devices in a limited area such as a home, school, office building, or campus.

A LAN is usually administered by a single organization or individual. Administrative control is enforced at the network level and governs the security and access control policies.

LANs provide high-speed bandwidth to internal end devices and intermediary devices, as shown in the figure.

https://snipboard.io/ZBSFYh.jpg

A

WANs The figure shows a WAN which interconnects two LANs.

A WAN is a network infrastructure that spans a wide geographical area. WANs are typically managed by service providers (SPs) or Internet Service Providers (ISPs).

WANs have specific characteristics: WANs interconnect LANs over wide geographical areas such as between cities, states, provinces, countries, or continents.

WANs are usually administered by multiple service providers. WANs typically provide slower speed links between LANs.

https://snipboard.io/0cIzWB.jpg

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The Three-Layer Network

Design Model

The campus wired LAN uses a hierarchical design model to separate the network topology into modular groups or layers.

Separating the design into layers allows each layer to implement specific functions, which simplifies the network design.

This also simplifies the deployment and management of the network.

The campus wired LAN enables communications between devices in a building or group of buildings, as well as interconnection to the WAN and Internet edge at the network core.

A

A hierarchical LAN design includes the access, distribution, and core layers as shown in the figure.

Hierarchical Design Model

https://snipboard.io/RsecZd.jpg

Each layer is designed to meet specific functions. The access layer provides endpoints and users direct access to the network.

The distribution layer aggregates access layers and provides connectivity to services. Finally, the core layer provides connectivity between distribution layers for large LAN environments.

User traffic is initiated at the access layer and passes through the other layers if the functionality of those layers is required.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Even though the hierarchical model has three layers, some smaller enterprise networks may implement a two-tier hierarchical design.

In a two-tier hierarchical design, the core and distribution layers are collapsed into one layer, reducing cost and complexity, as shown in the figure.

Collapsed Core

https://snipboard.io/1Qx6D9.jpg

A

In flat or meshed network architectures, changes tend to affect a large number of systems.

Hierarchical design helps constrain operational changes to a subset of the network, which makes it easy to manage as well as improve resiliency.

Modular structuring of the network into small, easy-to-understand elements also facilitates resiliency through improved fault isolation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Common Security

Architectures Firewall design is primarily about device interfaces permitting or denying traffic based on the source, the destination, and the type of traffic.

Some designs are as simple as designating an outside network and inside network, which are determined by two interfaces on a firewall.

Here are three common firewall designs.

– Private and Public

– Demilitarized Zone

– Zone-Based Privacy Firewalls

A

Private and Public :

As shown in the figure, the public network (or outside network) is untrusted, and the private network (or inside network) is trusted.

Typically, a firewall with two interfaces is configured as follows: Traffic originating from the private network is permitted and inspected as it travels toward the public network.

Inspected traffic returning from the public network and associated with traffic that originated from the private network is permitted.

Traffic originating from the public network and traveling to the private network is generally blocked.

https://snipboard.io/GOFqy9.jpg

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Common Security

Architectures Firewall design is primarily about device interfaces permitting or denying traffic based on the source, the destination, and the type of traffic.

Some designs are as simple as designating an outside network and inside network, which are determined by two interfaces on a firewall.

Here are three common firewall designs.

– Private and Public

– Demilitarized Zone

– Zone-Based Privacy Firewalls

A

Demilitarized Zone A demilitarized zone (DMZ) is a firewall design where there is typically one inside interface connected to the private network, one outside interface connected to the public network, and one DMZ interface, as shown in the figure.

Traffic originating from the private network is inspected as it travels toward the public or DMZ network. This traffic is permitted with little or no restriction. Inspected traffic returning from the DMZ or public network to the private network is permitted.

Traffic originating from the DMZ network and traveling to the private network is usually blocked. Traffic originating from the DMZ network and traveling to the public network is selectively permitted based on service requirements.

Traffic originating from the public network and traveling toward the DMZ is selectively permitted and inspected. This type of traffic is typically email, DNS, HTTP, or HTTPS traffic.

Return traffic from the DMZ to the public network is dynamically permitted. Traffic originating from the public network and traveling to the private network is blocked.

https://snipboard.io/XTMkoB.jpg

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Common Security

Architectures Firewall design is primarily about device interfaces permitting or denying traffic based on the source, the destination, and the type of traffic.

Some designs are as simple as designating an outside network and inside network, which are determined by two interfaces on a firewall.

Here are three common firewall designs.

– Private and Public

– Demilitarized Zone

– Zone-Based Privacy Firewalls

A

Zone-Based Privacy Firewalls Zone-based policy firewalls (ZPFs) use the concept of zones to provide additional flexibility.

A zone is a group of one or more interfaces that have similar functions or features. Zones help you specify where a Cisco IOS firewall rule or policy should be applied. In the figure, security policies for LAN 1 and LAN 2 are similar and can be grouped into a zone for firewall configurations.

By default, the traffic between interfaces in the same zone is not subject to any policy and passes freely. However, all zone-to-zone traffic is blocked. In order to permit traffic between zones, a policy allowing or inspecting traffic must be configured.

The only exception to this default deny any policy is the router self zone. The self zone is the router itself and includes all the router interface IP addresses. Policy configurations that include the self zone would apply to traffic destined to and sourced from the router.

By default, there is no policy for this type of traffic. Traffic that should be considered when designing a policy for the self zone includes management plane and control plane traffic, such as SSH, SNMP, and routing protocols.

https://snipboard.io/x1OtNm.jpg

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Firewalls A firewall is a system, or group of systems, that enforces an access control policy between networks.

A

Click each button to learn more about firewalls.

– Common Firewall Properties

– Firewall Benefits

– Firewall Limitations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Click each button to learn more about firewalls.

– Common Firewall Properties

– Firewall Benefits

– Firewall Limitations

A

Common Firewall Properties :

All firewalls share some common properties: Firewalls are resistant to network attacks.

Firewalls are the only transit point between internal corporate networks and external networks because all traffic flows through the firewall.

Firewalls enforce the access control policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Click each button to learn more about firewalls.

– Common Firewall Properties

– Firewall Benefits

– Firewall Limitations

A

Firewall Benefits :

There are several benefits of using a firewall in a network: They prevent the exposure of sensitive hosts, resources, and applications to untrusted users.

They sanitize protocol flow, which prevents the exploitation of protocol flaws. They block malicious data from servers and clients.

They reduce security management complexity by off-loading most of the network access control to a few firewalls in the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Click each button to learn more about firewalls.

– Common Firewall Properties

– Firewall Benefits

– Firewall Limitations

A

Firewall Limitations :

Firewalls also have some limitations:

A misconfigured firewall can have serious consequences for the network, such as becoming a single point of failure.

The data from many applications cannot be passed over firewalls securely.

Users might proactively search for ways around the firewall to receive blocked material, which exposes the network to potential attack.

Network performance can slow down.

Unauthorized traffic can be tunneled or hidden as legitimate traffic through the firewall.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Firewall Type Descriptions

It is important to understand the different types of firewalls and their specific capabilities so that the right firewall is used for each situation.

– Packet Filtering (Statelss Firewall)

– Statefull Firewall

– Gateway Firewall

– Next Generation Firewall

A

Packet Filtering (Statelss Firewall) :

Packet filtering firewalls are usually part of a router firewall, which permits or denies traffic based on Layer 3 and Layer 4 information.

They are stateless firewalls that use a simple policy table look-up that filters traffic based on specific criteria. For example, SMTP servers listen to port 25 by default.

An administrator can configure the packet filtering firewall to block port 25 from a specific workstation to prevent it from broadcasting an email virus

https://snipboard.io/CfRVWK.jpg

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Firewall Type Descriptions

It is important to understand the different types of firewalls and their specific capabilities so that the right firewall is used for each situation.

– Packet Filtering (Statelss Firewall)

– Statefull Firewall

– Gateway Firewall

– Next Generation Firewall

A

Statefull Firewall :

Stateful firewalls are the most versatile and the most common firewall technologies in use.

Stateful firewalls provide stateful packet filtering by using connection information maintained in a state table.

Stateful filtering is a firewall architecture that is classified at the network layer.

It also analyzes traffic at OSI Layer 4 and Layer 5.

https://snipboard.io/cT9Lm1.jpg

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Firewall Type Descriptions

It is important to understand the different types of firewalls and their specific capabilities so that the right firewall is used for each situation.

– Packet Filtering (Statelss Firewall)

– Statefull Firewall

– Gateway Firewall

– Next Generation Firewall

A

Gateway Firewall :

An application gateway firewall (proxy firewall), as shown in the figure, filters information at Layers 3, 4, 5, and 7 of the OSI reference model.

Most of the firewall control and filtering is done in software. When a client needs to access a remote server, it connects to a proxy server.

The proxy server connects to the remote server on behalf of the client. Therefore, the server only sees a connection from the proxy server.

https://snipboard.io/36pjma.jpg

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Firewall Type Descriptions

It is important to understand the different types of firewalls and their specific capabilities so that the right firewall is used for each situation.

– Packet Filtering (Statelss Firewall)

– Statefull Firewall

– Gateway Firewall

– Next Generation Firewall

A

Next Generation Firewall :

Next-generation firewalls (NGFW) go beyond stateful firewalls by providing:

Integrated intrusion prevention

Application awareness and control to see and block risky apps

Upgrade paths to include future information feeds

Techniques to address evolving security threats

https://snipboard.io/GYM1CH.jpg

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Other methods of implementing firewalls include: :

– Host-based (server and personal) firewall

– Transparent firewall

– Hybrid firewall

A

Host-based (server and personal) firewall :

A PC or server with firewall software running on it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Other methods of implementing firewalls include: :

– Host-based (server and personal) firewall

– Transparent firewall

– Hybrid firewall

A

Transparent firewall :

Filters IP traffic between a pair of bridged interfaces.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Other methods of implementing firewalls include: :

– Host-based (server and personal) firewall

– Transparent firewall

– Hybrid firewall

A

Hybrid firewall :

A combination of the various firewall types.

For example, an application inspection firewall combines a stateful firewall with an application gateway firewall.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Intrusion Prevention and Detection Devices :

A networking architecture paradigm shift is required to defend against fast-moving and evolving attacks. This must include cost-effective detection and prevention systems, such as intrusion detection systems (IDS) or the more scalable intrusion prevention systems (IPS).

The network architecture integrates these solutions into the entry and exit points of the network.

When implementing IDS or IPS, it is important to be familiar with the types of systems available, host-based and network-based approaches, the placement of these systems, the role of signature categories, and possible actions that a Cisco IOS router can take when an attack is detected.

A

The figure shows how an IPS device handles malicious traffic.

IDS and IPS Characteristics https://snipboard.io/zjEgfI.jpg

https://snipboard.io/SqwkcD.jpg

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

IDS and IPS technologies are both deployed as sensors.

An IDS or IPS sensor can be in the form of several different devices:

A router configured with Cisco IOS IPS software

A device specifically designed to provide dedicated IDS or IPS services

A network module installed in an adaptive security appliance (ASA), switch, or router

A

IDS and IPS technologies use signatures to detect patterns in network traffic.

A signature is a set of rules that an IDS or IPS uses to detect malicious activity.

Signatures can be used to detect severe breaches of security, to detect common network attacks, and to gather information.

IDS and IPS technologies can detect atomic signature patterns (single-packet) or composite signature patterns (multi-packet).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

IDS and IPS technologies use signatures to detect patterns in network traffic.

A signature is a set of rules that an IDS or IPS uses to detect malicious activity.

Signatures can be used to detect severe breaches of security, to detect common network attacks, and to gather information.

IDS and IPS technologies can detect atomic signature patterns (single-packet) or composite signature patterns (multi-packet).

A

IDS and IPS technologies use signatures to detect patterns in network traffic.

A signature is a set of rules that an IDS or IPS uses to detect malicious activity.

Signatures can be used to detect severe breaches of security, to detect common network attacks, and to gather information.

IDS and IPS technologies can detect atomic signature patterns (single-packet) or composite signature patterns (multi-packet).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Advantages and Disadvantages of IDS and IPS IDS

Advantages and Disadvantages

The table lists the advantages and disadvantages of IDS and IPS.

– Solutions : IDS and IPS

– Advantages and Disadvantages

A

Solution :

IDS Advantages :

No Impact on network (latency, jitter)

No Network impact if there is a sensor failure

No network impact if there is sensor overload

36
Q

Advantages and Disadvantages of IDS and IPS IDS

Advantages and Disadvantages

The table lists the advantages and disadvantages of IDS and IPS.

– Solutions : IDS and IPS

– Advantages and Disadvantages

A

Solution :

IDS Disadvantages :

Response action cannot stop trigger packets

Correct tuning required for response actions

More vulnerable to network security evasion techniques

37
Q

Advantages and Disadvantages of IDS and IPS IDS

Advantages and Disadvantages

The table lists the advantages and disadvantages of IDS and IPS.

– Solutions : IDS and IPS

– Advantages and Disadvantages

A

Solution :

IPS Advantages :

Stops trigger packets

Can use stream normalization techniques

38
Q

Advantages and Disadvantages of IDS and IPS IDS

Advantages and Disadvantages

The table lists the advantages and disadvantages of IDS and IPS.

– Solutions : IDS and IPS

– Advantages and Disadvantages

A

Solution :

IPS Disadvantages :

Sensor issues might affect network traffic

Sensor overloading impacts the network

Some impact on network (latency, jitter)

39
Q

IDS Advantages

An IDS is deployed in offline mode and therefore:

The IDS does not impact network performance.

Specifically, it does not introduce latency, jitter, or other traffic flow issues.

The IDS does not affect network functionality if the sensor fails.

It only affects the ability of the IDS to analyze the data.

A

IDS Disadvantages Disadvantages of an IDS include:

An IDS sensor cannot stop the packets that have triggered an alert and are less helpful in detecting email viruses and automated attacks, such as worms.

Tuning IDS sensors to achieve expected levels of intrusion detection can be very time-consuming.

Users deploying IDS sensor response actions must have a well-designed security policy and a good operational understanding of their IDS deployments.

An IDS implementation is more vulnerable to network security evasion techniques because it is not inline.

40
Q

IPS Advantages Advantages of an IPS include:

An IPS sensor can be configured to drop the trigger packets, the packets associated with a connection, or packets from a source IP address.

Because IPS sensors are inline, they can use stream normalization.

Stream normalization is a technique used to reconstruct the data stream when the attack occurs over multiple data segments.

A

IPS Disadvantages Disadvantages of an IPS include:

Because it is deployed inline, errors, failure, and overwhelming the IPS sensor with too much traffic can have a negative effect on network performance.

An IPS sensor can affect network performance by introducing latency and jitter.

An IPS sensor must be appropriately sized and implemented so that time-sensitive applications, such as VoIP, are not adversely affected.

41
Q

Deployment Considerations :

You can deploy both an IPS and an IDS.

Using one of these technologies does not negate the use of the other. In fact, IDS and IPS technologies can complement each other.

For example, an IDS can be implemented to validate IPS operation because the IDS can be configured for deeper packet inspection offline.

This allows the IPS to focus on fewer but more critical traffic patterns inline.

A

Deciding which implementation to use is based on the security goals of the organization as stated in their network security policy.

42
Q

Types of IPS There are two primary kinds of IPS available:

host-based IPS and network-based IPS.

Host-based IPS

A

Host-based IPS :

Host-based IPS (HIPS) is software installed on a host to monitor and analyze suspicious activity. A significant advantage of HIPS is that it can monitor and protect operating system and critical system processes that are specific to that host.

With detailed knowledge of the operating system, HIPS can monitor abnormal activity and prevent the host from executing commands that do not match typical behavior.

This suspicious or malicious behavior might include unauthorized registry updates, changes to the system directory, executing installation programs, and activities that cause buffer overflows.

Network traffic can also be monitored to prevent the host from participating in a denial-of-service (DoS) attack or being part of an illicit FTP session.

43
Q

Host-based IPS :

HIPS can be thought of as a combination of antivirus software, antimalware software, and a firewall. Combined with a network-based IPS, HIPS is an effective tool in providing additional protection for the host.

A disadvantage of HIPS is that it operates only at a local level. It does not have a complete view of the network, or coordinated events that might be happening across the network.

To be effective in a network, HIPS must be installed on every host and have support for every operating system. The table lists the advantages and disadvantages of HIPS.

A

HIPS Advantages :

Provides protection specific to a host operating system

Provides operating system and application level protection

Protects the host after the message is decrypted

44
Q

HIPS Advantages :

Provides protection specific to a host operating system

Provides operating system and application level protection

Protects the host after the message is decrypted

A

HIPS :

Disadvantages

Operating system dependent

Must be installed on all hosts

45
Q

Network-based IPS A network-based IPS can be implemented using a dedicated or non-dedicated IPS device.

Network-based IPS implementations are a critical component of intrusion prevention.

There are host-based IDS/IPS solutions, but these must be integrated with a network-based IPS implementation to ensure a robust security architecture.

A

Sensors detect malicious and unauthorized activity in real time and can take action when required.

As shown in the figure, sensors are deployed at designated network points.

This enables security managers to monitor network activity while it is occurring, regardless of the location of the attack target.

46
Q

Sample IPS Sensor Deployment

https://snipboard.io/yCSZ3e.jpg

A

Specialized Security Appliances

There are a variety of specialized security appliances available. Here are a few examples.

– AMP (Advanced Malware Protection)

– WSA (Web Security Appliance)

– ESA (Email Security Appliance/Cisco Cloud Email Security)

47
Q

Specialized Security Appliances

There are a variety of specialized security appliances available. Here are a few examples.

– AMP (Advanced Malware Protection)

– WSA (Web Security Appliance)

– ESA (Email Security Appliance/Cisco Cloud Email Security)

A

AMP (Advanced Malware Protection) :

Cisco Advanced Malware Protection (AMP) is an enterprise-class advanced malware analysis and protection solution. It provides comprehensive malware protection for organizations before, during, and after an attack:

Before an attack, AMP strengthens defenses and protects against known and emerging threats.

During an attack, AMP identifies and blocks policy-violating file types, exploit attempts, and malicious files from infiltrating the network.

After an attack, or after a file is initially inspected, AMP goes beyond point-in-time detection capabilities and continuously monitors and analyzes all file activity and traffic, regardless of disposition, searching for any indications of malicious behavior.

If a file with an unknown or previously deemed “good” disposition starts behaving badly, AMP will detect it and instantly alert security teams with an indication of compromise.

It then provides visibility into where the malware originated, what systems were affected, and what the malware is doing.

AMP accesses the collective security intelligence of the Cisco Talos Security Intelligence and Research Group. Talos detects and correlates threats in real time using the largest threat-detection network in the world.

48
Q

Specialized Security Appliances

There are a variety of specialized security appliances available. Here are a few examples.

– AMP (Advanced Malware Protection)

– WSA (Web Security Appliance)

– ESA (Email Security Appliance/Cisco Cloud Email Security)

A

WSA (Web Security Appliance) :

A Cisco Web Security Appliance (WSA) is a secure web gateway that combines leading protections to help organizations address the growing challenges of securing and controlling web traffic.

WSA protects the network by automatically blocking risky sites and testing unknown sites before allowing users to access them. WSA provides malware protection, application visibility and control, acceptable use policy controls, insightful reporting and secure mobility.

While WSA protects the network from malware intrusion, it does not provide protection for users who want to connect to the internet directly outside of the protected network, such as at a public Wi-Fi service.

In this instance, the user’s PC can be infected with malware which can then spread to other networks and devices.

To help protect user PCs from these types of malware infections there is Cisco Cloud Web Security (CWS). CWS together with WSA provides comprehensive protection against malware and the associated impacts.

The Cisco CWS solution enforces secure communication to and from the internet and provides remote workers the same level of security as onsite employees when using a laptop issued by the employer.

Cisco CWS incorporates two main functions, web filtering and web security, and both are accompanied by extensive, centralized reporting.

49
Q

Specialized Security Appliances

There are a variety of specialized security appliances available. Here are a few examples.

– AMP (Advanced Malware Protection)

– WSA (Web Security Appliance)

– ESA (Email Security Appliance/Cisco Cloud Email Security)

A

ESA (Email Security Appliance/Cisco Cloud Email Security) :

A Cisco Email Security Appliance (ESA)/ Cisco Cloud Email Security helps to mitigate email-based threats.

The Cisco ESA defends mission-critical email systems.

The Cisco ESA is constantly updated by real-time feeds from the Cisco Talos, which detects and correlates threats using a worldwide database monitoring system.

50
Q

ESA (Email Security Appliance/Cisco Cloud Email Security) :

PART 2 These are some of the main features of ESA:

– Global threat intelligence

– Spam blocking

– Advanced malware protection

– Outbound message control

A

Global threat intelligence :

Cisco Talos provides a 24-hour view into global traffic activity.

It analyzes anomalies, uncovers new threats, and monitors traffic trends.

51
Q

ESA (Email Security Appliance/Cisco Cloud Email Security) :

PART 2

These are some of the main features of ESA:

– Global threat intelligence

– Spam blocking

– Advanced malware protection

– Outbound message control

A

Spam blocking :

A multilayered defense combines an outer layer of filtering based on the reputation of the sender and an inner layer of filtering that performs a deep analysis of the message.

52
Q

ESA (Email Security Appliance/Cisco Cloud Email Security) :

PART 2

These are some of the main features of ESA:

– Global threat intelligence

– Spam blocking

– Advanced malware protection

– Outbound message control

A

Advanced malware protection :

Includes AMP that takes advantage of the vast cloud security intelligence network of Sourcefire.

It delivers protection across the attack continuum before, during, and after an attack.

53
Q

ESA (Email Security Appliance/Cisco Cloud Email Security) :

PART 2

These are some of the main features of ESA:

– Global threat intelligence

– Spam blocking

– Advanced malware protection

– Outbound message control

A

Outbound message control :

Controls outbound messages to help ensure that important messages comply with industry standards and are protected in transit.

54
Q

Traffic Control with ACLs An Access Control List (ACL)

Is a series of commands that control whether a device forwards or drops packets based on information found in the packet header.

When configured, ACLs perform the following tasks:

A

They limit network traffic to increase network performance. For example, if corporate policy does not allow video traffic on the network, ACLs that block video traffic could be configured and applied.

This would greatly reduce the network load and increase network performance. They provide traffic flow control. ACLs can restrict the delivery of routing updates to ensure that the updates are from a known source.

They provide a basic level of security for network access. ACLs can allow one host to access a part of the network and prevent another host from accessing the same area. For example, access to the Human Resources network can be restricted to authorized users.

They filter traffic based on traffic type.

For example, an ACL can permit email traffic, but block all Telnet traffic. They screen hosts to permit or deny access to network services. ACLs can permit or deny a user to access file types, such as FTP or HTTP.

55
Q

They limit network traffic to increase network performance. For example, if corporate policy does not allow video traffic on the network, ACLs that block video traffic could be configured and applied. This would greatly reduce the network load and increase network performance. They provide traffic flow control.

ACLs can restrict the delivery of routing updates to ensure that the updates are from a known source. They provide a basic level of security for network access. ACLs can allow one host to access a part of the network and prevent another host from accessing the same area.

For example, access to the Human Resources network can be restricted to authorized users. They filter traffic based on traffic type.

For example, an ACL can permit email traffic, but block all Telnet traffic. They screen hosts to permit or deny access to network services. ACLs can permit or deny a user to access file types, such as FTP or HTTP.

A

In addition to either permitting or denying traffic, ACLs can be used for selecting types of traffic to be analyzed, forwarded, or processed in other ways.

For example, ACLs can be used to classify traffic to enable priority processing. This capability is similar to having a VIP pass at a concert or sporting event.

The VIP pass gives selected guests privileges not offered to general admission ticket holders, such as priority entry or being able to enter a restricted area. The figure shows a sample topology with ACLs applied to routers R1, R2, and R3. What Is an ACL?

https://snipboard.io/bSZnGQ.jpg

56
Q

ACLs:

Important Features Two types of Cisco IPv4 ACLs are standard and extended.

Standard ACLs can be used to permit or deny traffic only from source IPv4 addresses.

The destination of the packet and the ports involved are not evaluated.

A

Extended ACLs filter IPv4 packets based on several attributes that include:

Protocol type Source IPv4 address

Destination IPv4 address

Source TCP or UDP ports

Destination TCP or UDP ports

Optional protocol type information for finer control

57
Q

Standard and extended ACLs can be created using either a number or a name to identify the ACL and its list of statements.

Using numbered ACLs is an effective method for determining the ACL type on smaller networks with more homogeneously defined traffic.

However, a number does not provide information about the purpose of the ACL.

For this reason, a name can be used to identify a Cisco ACL.

A

By configuring ACL logging, an ACL message can be generated and logged when traffic meets the permit or deny criteria defined in the ACL.

Cisco ACLs can also be configured to only allow TCP traffic that has an ACK or RST bit set, so that only traffic from an established TCP session is permitted.

This can be used to deny any TCP traffic from outside the network that is trying to establish a new TCP session.

58
Q

SNMP Simple Network Management Protocol (SNMP) allows administrators to manage end devices such as servers, workstations, routers, switches, and security appliances, on an IP network.

It enables network administrators to monitor and manage network performance, find and solve network problems, and plan for network growth.

A

SNMP is an application layer protocol that provides a message format for communication between managers and agents.

As shown in the figure, the SNMP system consists of two elements.

SNMP manager that runs SNMP management software.

SNMP agents which are the nodes being monitored and managed.

https://snipboard.io/QTYcop.jpg

59
Q

The Management Information Base (MIB) is a database on the agents that stores data and operational statistics about the device.

To configure SNMP on a networking device, it is first necessary to define the relationship between the manager and the agent.

A

The SNMP manager is part of a network management system (NMS).

The SNMP manager runs SNMP management software.

As shown in the figure, the SNMP manager can collect information from an SNMP agent by using the “get” action and can change configurations on an agent by using the “set” action.

In addition, SNMP agents can forward information directly to a network manager by using “traps”.

60
Q

NetFlow NetFlow is a Cisco IOS technology that provides statistics on packets flowing through a Cisco router or multilayer switch.

While SNMP attempts to provide a very wide range of network management features and options, NetFlow is focused on providing statistics on IP packets flowing through network devices.

A

NetFlow provides data to enable network and security monitoring, network planning, traffic analysis to include identification of network bottlenecks, and IP accounting for billing purposes.

For example, in the figure, PC 1 connects to PC 2 using an application such as HTTPS.

61
Q

NetFlow in the Network :

https://snipboard.io/TpHbL5.jpg

NetFlow can monitor that application connection, tracking byte and packet counts for that individual application flow.

It then pushes the statistics over to an external server called a NetFlow collector.

A

etFlow technology has seen several generations that provide more sophistication in defining traffic flows, but “original NetFlow” distinguished flows using a combination of seven fields.

Should one of these fields vary in value from another packet, the packets could be safely determined to be from different flows:

Source IP address Destination IP address

Source port number Destination port number

Layer 3 protocol type

Type of Service (ToS) marking

Input logical interface

62
Q

The first four of the fields NetFlow uses to identify a flow should be familiar.

The source and destination IP addresses, plus the source and destination ports, identify the connection between source and destination application.

The Layer 3 protocol type identifies the type of header that follows the IP header (usually TCP or UDP, but other options include ICMP).

The ToS byte in the IPv4 header holds information about how devices should apply quality of service (QoS) rules to the packets in that flow.

A

The first four of the fields NetFlow uses to identify a flow should be familiar.

The source and destination IP addresses, plus the source and destination ports, identify the connection between source and destination application.

The Layer 3 protocol type identifies the type of header that follows the IP header (usually TCP or UDP, but other options include ICMP).

The ToS byte in the IPv4 header holds information about how devices should apply quality of service (QoS) rules to the packets in that flow.

63
Q

Port Mirroring

A packet analyzer (also known as a packet sniffer or traffic sniffer) is typically software that captures packets entering and exiting the network interface card (NIC).

It is not always possible or desirable to have the packet analyzer on the device that is being monitored.

Sometimes it is better on a separate station designated to capture the packets.

A

Because network switches can isolate traffic, traffic sniffers or other network monitors, such as IDS, cannot access all the traffic on a network segment.

Port mirroring is a feature that allows a switch to make duplicate copies of traffic passing through a switch, and then send it out a port with a network monitor attached.

The original traffic is forwarded in the usual manner. An example of port mirroring is illustrated in the figure.

Traffic Sniffing Using a Switch

https://snipboard.io/4y93rd.jpg

64
Q

Syslog Servers

When certain events occur on a network, networking devices have trusted mechanisms to notify the administrator with detailed system messages.

These messages can be either non-critical or significant.

Network administrators have a variety of options for storing, interpreting, and displaying these messages, and for being alerted to those messages that could have the greatest impact on the network infrastructure.

A

The most common method of accessing system messages is to use a protocol called syslog.

Many networking devices support syslog, including routers, switches, application servers, firewalls, and other network appliances.

The syslog protocol allows networking devices to send their system messages across the network to syslog servers as shown in the figure.

Syslog

https://snipboard.io/HJClbx.jpg

65
Q

The syslog logging service provides three primary functions:

The ability to gather logging information for monitoring and troubleshooting

The ability to select the type of logging information that is captured

The ability to specify the destination of captured syslog messages

A

The syslog logging service provides three primary functions:

The ability to gather logging information for monitoring and troubleshooting

The ability to select the type of logging information that is captured

The ability to specify the destination of captured syslog messages

66
Q

NTP :

It is important to synchronize the time across all devices on the network because all aspects of managing, securing, troubleshooting, and planning networks require accurate and consistent timestamping.

When the time is not synchronized between devices, it will be impossible to determine the order of the events that have occurred in different parts of the network.

A

Typically, the date and time settings on a network device can be set using one of two methods:

Manual configuration of the date and time

Configuring the Network Time Protocol (NTP)

67
Q

As a network grows, it becomes difficult to ensure that all infrastructure devices are operating with synchronized time.

Even in a smaller network environment, the manual method is not ideal.

If a device reboots, how will it get an accurate date and timestamp?

A

A better solution is to configure the NTP on the network.

This protocol allows routers on the network to synchronize their time settings with an NTP server.

A group of NTP clients that obtain time and date information from a single source have more consistent time settings.

When NTP is implemented in the network, it can be set up to synchronize to a private master clock or it can synchronize to a publicly available NTP server on the Internet.

68
Q

NTP networks use a hierarchical system of time sources.

Each level in this hierarchical system is called a stratum.

The stratum level is defined as the number of hop counts from the authoritative source.

The synchronized time is distributed across the network using NTP.

The figure displays a sample NTP network.

A

NTP Stratum Levels :

https://snipboard.io/mIUFyR.jpg

NTP servers are arranged in three levels known as strata:

– Stratum 0

– Stratum 1

– Stratum 2 and lower strata

69
Q

NTP Stratum Levels :

https://snipboard.io/mIUFyR.jpg

NTP servers are arranged in three levels known as strata:

– Stratum 0

– Stratum 1

– Stratum 2 and lower strata

A

Stratum 0 :

An NTP network gets the time from authoritative time sources.

These authoritative time sources, also referred to as stratum 0 devices, are high-precision timekeeping devices assumed to be accurate and with little or no delay associated with them.

70
Q

NTP Stratum Levels :

https://snipboard.io/mIUFyR.jpg

NTP servers are arranged in three levels known as strata:

– Stratum 0

– Stratum 1

– Stratum 2 and lower strata

A

Stratum 1 :

The stratum 1 devices are directly connected to the authoritative time sources.

They act as the primary network time standard.

71
Q

NTP Stratum Levels :

https://snipboard.io/mIUFyR.jpg

NTP servers are arranged in three levels known as strata:

– Stratum 0

– Stratum 1

– Stratum 2 and lower strata

A

Stratum 2 and lower strata :

The stratum 2 servers are connected to stratum 1 devices through network connections.

Stratum 2 devices, such as NTP clients, synchronize their time using the NTP packets from stratum 1 servers.

They could also act as servers for stratum 3 devices.

72
Q

Smaller stratum numbers indicate that the server is closer to the authorized time source than larger stratum numbers.

The larger the stratum number, the lower the stratum level.

The max hop count is 15.

Stratum 16, the lowest stratum level, indicates that a device is unsynchronized.

Time servers on the same stratum level can be configured to act as a peer with other time servers on the same stratum level for backup or verification of time.

A

Smaller stratum numbers indicate that the server is closer to the authorized time source than larger stratum numbers.

The larger the stratum number, the lower the stratum level.

The max hop count is 15.

Stratum 16, the lowest stratum level, indicates that a device is unsynchronized.

Time servers on the same stratum level can be configured to act as a peer with other time servers on the same stratum level for backup or verification of time.

73
Q

AAA Servers :

The table lists the three independent security functions provided by the AAA architectural framework.

– Authentication

– Authorization

– Accounting

A

Authentication :

Users and administrators must prove that they are who they say they are.

Authentication can be established using username and password combinations, challenge and response questions, token cards, and other methods.

AAA authentication provides a centralized way to control access to the network.

74
Q

AAA Servers :

The table lists the three independent security functions provided by the AAA architectural framework.

– Authentication

– Authorization

– Accounting

A

Authorization :

After the user is authenticated, authorization services determine which resources the user can access and which operations the user is allowed to perform.

An example is “User ‘student’ can access host serverXYZ using SSH only.”

75
Q

AAA Servers :

The table lists the three independent security functions provided by the AAA architectural framework.

– Authentication

– Authorization

– Accounting

A

Accounting :

Accounting records what the user does, including what is accessed, the amount of time the resource is accessed, and any changes that were made.

Accounting keeps track of how network resources are used.

An example is “User ‘student’ accessed host serverXYZ using SSH for 15 minutes.”

76
Q

Terminal Access Controller Access-Control System Plus

(TACACS+) and

Remote Authentication Dial-In User Service (RADIUS)

are both authentication protocols that are used to communicate with AAA servers. Whether TACACS+ or RADIUS is selected depends on the needs of the organization.

A

While both protocols can be used to communicate between a router and AAA servers, TACACS+ is considered the more secure protocol.

This is because all TACACS+ protocol exchanges are encrypted, while RADIUS only encrypts the user’s password.

RADIUS does not encrypt usernames, accounting information, or any other information carried in the RADIUS message.

The table lists the differences between the two protocols.

– Functionality – TACACS+ AND RADIUS

– Standard – TACACS+ AND RADIUS

– Transport – TACACS+ AND RADIUS

– Protocol CHAP – TACACS+ AND RADIUS

– Confidentiality – TACACS+ AND RADIUS

– Customization – TACACS+ AND RADIUS

– Accounting – TACACS+ AND RADIUS

77
Q

While both protocols can be used to communicate between a router and AAA servers, TACACS+ is considered the more secure protocol.

This is because all TACACS+ protocol exchanges are encrypted, while RADIUS only encrypts the user’s password.

RADIUS does not encrypt usernames, accounting information, or any other information carried in the RADIUS message.

The table lists the differences between the two protocols.

– Functionality – TACACS+ AND RADIUS

– Standard – TACACS+ AND RADIUS

– Transport – TACACS+ AND RADIUS

– Protocol CHAP – TACACS+ AND RADIUS

– Confidentiality – TACACS+ AND RADIUS

– Customization – TACACS+ AND RADIUS

– Accounting – TACACS+ AND RADIUS

A

Functionality – TACACS+ AND RADIUS :

TACACS+ :

Separates AAA according to the AAA architecture, allowing modularity of the security server implementation

RADIUS :

Combines authentication and authorization but separates accounting, allowing less flexibility in implementation than TACACS+

78
Q

While both protocols can be used to communicate between a router and AAA servers, TACACS+ is considered the more secure protocol.

This is because all TACACS+ protocol exchanges are encrypted, while RADIUS only encrypts the user’s password.

RADIUS does not encrypt usernames, accounting information, or any other information carried in the RADIUS message.

The table lists the differences between the two protocols.

– Functionality – TACACS+ AND RADIUS

– Standard – TACACS+ AND RADIUS

– Transport – TACACS+ AND RADIUS

– Protocol CHAP – TACACS+ AND RADIUS

– Confidentiality – TACACS+ AND RADIUS

– Customization – TACACS+ AND RADIUS

– Accounting – TACACS+ AND RADIUS

A

Standard – TACACS+ AND RADIUS :

TACACS+ : Mostly Cisco supported

RADIUS : Open/RFC standard

79
Q

While both protocols can be used to communicate between a router and AAA servers, TACACS+ is considered the more secure protocol.

This is because all TACACS+ protocol exchanges are encrypted, while RADIUS only encrypts the user’s password.

RADIUS does not encrypt usernames, accounting information, or any other information carried in the RADIUS message.

The table lists the differences between the two protocols.

– Functionality – TACACS+ AND RADIUS

– Standard – TACACS+ AND RADIUS

– Transport – TACACS+ AND RADIUS

– Protocol CHAP – TACACS+ AND RADIUS

– Confidentiality – TACACS+ AND RADIUS

– Customization – TACACS+ AND RADIUS

– Accounting – TACACS+ AND RADIUS

A

Transport – TACACS+ AND RADIUS :

TACACS+ : TCP

RADIUS : UDP

80
Q

While both protocols can be used to communicate between a router and AAA servers, TACACS+ is considered the more secure protocol.

This is because all TACACS+ protocol exchanges are encrypted, while RADIUS only encrypts the user’s password.

RADIUS does not encrypt usernames, accounting information, or any other information carried in the RADIUS message.

The table lists the differences between the two protocols.

– Functionality – TACACS+ AND RADIUS

– Standard – TACACS+ AND RADIUS

– Transport – TACACS+ AND RADIUS

– Protocol CHAP – TACACS+ AND RADIUS

– Confidentiality – TACACS+ AND RADIUS

– Customization – TACACS+ AND RADIUS

– Accounting – TACACS+ AND RADIUS

A

Protocol CHAP – TACACS+ AND RADIUS :

TACACS+ : Bidirectional challenge and response as used in Challenge Handshake Authentication Protocol (CHAP)

RADIUS : Unidirectional challenge and response from the RADIUS security server to the RADIUS client

81
Q

While both protocols can be used to communicate between a router and AAA servers, TACACS+ is considered the more secure protocol.

This is because all TACACS+ protocol exchanges are encrypted, while RADIUS only encrypts the user’s password.

RADIUS does not encrypt usernames, accounting information, or any other information carried in the RADIUS message.

The table lists the differences between the two protocols.

– Functionality – TACACS+ AND RADIUS

– Standard – TACACS+ AND RADIUS

– Transport – TACACS+ AND RADIUS

– Protocol CHAP – TACACS+ AND RADIUS

– Confidentiality – TACACS+ AND RADIUS

– Customization – TACACS+ AND RADIUS

– Accounting – TACACS+ AND RADIUS

A

Confidentiality – TACACS+ AND RADIUS :

TACACS+ : Entire packet encrypted

RADIUS : Password encrypted

82
Q

While both protocols can be used to communicate between a router and AAA servers, TACACS+ is considered the more secure protocol.

This is because all TACACS+ protocol exchanges are encrypted, while RADIUS only encrypts the user’s password.

RADIUS does not encrypt usernames, accounting information, or any other information carried in the RADIUS message.

The table lists the differences between the two protocols.

– Functionality – TACACS+ AND RADIUS

– Standard – TACACS+ AND RADIUS

– Transport – TACACS+ AND RADIUS

– Protocol CHAP – TACACS+ AND RADIUS

– Confidentiality – TACACS+ AND RADIUS

– Customization – TACACS+ AND RADIUS

– Accounting – TACACS+ AND RADIUS

A

Customization – TACACS+ AND RADIUS

TACACS+ : Provides authorization of router commands on a per-user or per-group basis

RADIUS : Has no option to authorize router commands on a per-user or per-group basis

83
Q

While both protocols can be used to communicate between a router and AAA servers, TACACS+ is considered the more secure protocol.

This is because all TACACS+ protocol exchanges are encrypted, while RADIUS only encrypts the user’s password.

RADIUS does not encrypt usernames, accounting information, or any other information carried in the RADIUS message.

The table lists the differences between the two protocols.

– Functionality – TACACS+ AND RADIUS

– Standard – TACACS+ AND RADIUS

– Transport – TACACS+ AND RADIUS

– Protocol CHAP – TACACS+ AND RADIUS

– Confidentiality – TACACS+ AND RADIUS

– Customization – TACACS+ AND RADIUS

– Accounting – TACACS+ AND RADIUS

A

Accounting – TACACS+ AND RADIUS :

TACACS+ : Limited

RADIUS : Extensive

84
Q

VPN

A VPN is a private network that is created over a public network, usually the internet, as shown in the figure.

Virtual Private Network

A

VPN

A VPN is a private network that is created over a public network, usually the internet, as shown in the figure.

Virtual Private Network

https://snipboard.io/m1r7ap.jpg

85
Q

VPN :

Instead of using a dedicated physical connection, a VPN uses virtual connections that are routed through the internet from the organization to the remote site.

The first VPNs were strictly IP tunnels that did not include authentication or encryption of the data.

For example, Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco that can encapsulate a wide variety of network layer protocol packet types inside IP tunnels.

This creates a virtual point-to-point link to Cisco routers at remote points over an IP internetwork.

A

VPN :

A VPN is virtual in that it carries information within a private network, but that information is actually transported over a public network.

A VPN is private in that the traffic is encrypted to keep the data confidential while it is transported across the public network.

86
Q

VPN :

A VPN is a communications environment in which access is strictly controlled to permit peer connections within a defined community of interest.

Confidentiality is achieved by encrypting the traffic within the VPN.

Today, a secure implementation of VPN with encryption is what is generally equated with the concept of virtual private networking.

A

VPN :

In the simplest sense, a VPN connects two endpoints, such as a remote office to a central office, over a public network, to form a logical connection.

The logical connections can be made at either Layer 2 or Layer 3.

Common examples of Layer 3 VPNs are GRE, Multiprotocol Label Switching (MPLS), and IPsec.

Layer 3 VPNs can be point-to-point site connections, such as GRE and IPsec, or they can establish any-to-any connectivity to many sites using MPLS.

IPsec is a suite of protocols developed with the backing of the IETF to achieve secure services over IP packet-switched networks.

87
Q

VPN :

IPsec services allow for authentication, integrity, access control, and confidentiality.

With IPsec, the information exchanged between remote sites can be encrypted and verified. VPNs are commonly deployed in a site-to-site topology to securely connect central sites with remote locations.

They are also deployed in a remote-access topology to provide secure remote access to external users travelling or working from home. Both remote-access and site-to-site VPNs can be deployed using IPsec.

A

IPsec services allow for authentication, integrity, access control, and confidentiality.

With IPsec, the information exchanged between remote sites can be encrypted and verified. VPNs are commonly deployed in a site-to-site topology to securely connect central sites with remote locations.

They are also deployed in a remote-access topology to provide secure remote access to external users travelling or working from home. Both remote-access and site-to-site VPNs can be deployed using IPsec.