Module 7: Securing the Local Area Network and Cryptographic Systems Flashcards
It is an endpoint security that is employed to protect critical computer systems containing crucial data against viruses and other Internet malware.
host-based intrusion prevention system (HIPS)
three host-based protections
- host-based intrusion prevention system (HIPS)
- host-based firewall
- antivirus/antimalware software
A granular way to protect individual hosts from viruses and malware, and to control the spread of these harmful infections throughout the network.
host-based firewall
The technical architecture that allows organizations to connect anyone, anywhere, anytime, and on any device – securely, reliably, and seamlessly.
Borderless Network
It is the foundation for the Network Infrastructure, providing optimization, scale, and security to collaboration and virtualization.
Borderless Network
What are the different host-based protection/endpoint in a borderless network?
- antivirus/antimalware
- spam filtering
- Uniform Resource Locator (URL) filtering
- blacklisting
- data loss prevention
What are the different modern endpoint security solutions?
- Advanced Malware Protection (AMP)
- Enterprise Security Architecture (ESA)
- Web Security Appliance (WSA)
- Network access control (NAC)
A modern endpoint security solution where its main focus is be to align information security controls and processes with business strategy, goals and objectives.
enterprise security architecture
A modern endpoint security solution which is the practice of applying a comprehensive and rigorous method for describing a current and/or future structure and behavior for an organization’s security processes, information security systems, personnel, and organizational sub-units so that they align with the organization’s core goals and strategic direction.
enterprise security architecture
A modern endpoint security solution which is the methodology and process used to develop a risk-driven security framework and business controls.
enterprise security architecture
A modern endpoint security solution that aims to do exactly what the name implies—control access to a network with policies, including pre-admission endpoint security policy checks and post-admission controls over where users and devices can go on a network and what they can do.
network access control
A modern endpoint security solution which safeguards businesses through broad threat intelligence, multiple layers of malware defense, and vital data loss prevention (DLP) capabilities across the attack continuum.
web security appliance
A modern endpoint security solution which is an all-in-one web gateway that brings you broad protection, extensive controls, and investment value.
Web Security Appliance
A modern endpoint security solution that might integrate the automatic remediation process (fixing non-compliant nodes before allowing access) into the network systems, allowing the network infrastructure such as routers, switches and firewalls to work together with back office servers and end user computing equipment to ensure the information system is operating securely before interoperability is allowed.
Network access control
A modern endpoint security solution that is designed to prevent, detect, and help remove threats in an efficient manner from computer systems.
Advanced Malware Protection
A modern endpoint security solution that is a computer networking solution that uses a set of protocols to define and implement a policy that describes how to secure access to network nodes by devices when they initially attempt to access the network
Network access control
What are the 3 Advance Malware Protection offered by Cisco?
- AMP for endpoints
- AMP for Networks
- AMP for Content Security
A Cisco AMP that integrates with Cisco AMP for Networks to deliver comprehensive protection across extended networks and endpoints.
AMP for endpoints
A Cisco AMP that provides a network-based solution and is integrated into dedicated Cisco ASA Firewall and Cisco FirePOWER network security appliances.
AMP for Networks
A Cisco AMP that is an integrated feature in Cisco Cloud Web Security or Cisco Web and Email Security Appliances to protect against email and web-based advanced malware attacks.
AMP for Content Security
What are the features and benefits of Cisco Email Security solutions?
- Global threat intelligence
- Spam blocking
- Advanced malware protection
- Outbound message control
What are the switch attack categories?
- Spanning Tree Protocol (STP) Attack
- Address Spoofing Attack
- Address Resolution Protocol (ARP) Attack
- Dynamic Host Configuration Protocol (DHCP) Attack
- virtual local area network (VLAN) Attack
- Content Addressable Memory (CAM) Table Attack
An enabling port security command used to learn connected MAC address dynamically
switchport port-security mac-address sticky
An enabling port security command used to manually configure MAC addresses
switchport port-security mac-address
An enabling port security command used to set the maximum number of MAC addresses
switchport port-security maximum value
What are the port security violation modes?
- Protect
- Restrict
- Shutdown
A network management protocol used to automate the process of configuring devices on IP networks, thus allowing them to use network services such as DNS, NTP, and any communication protocol based on UDP or TCP.
Dynamic Host Configuration Protocol (DHCP)
It is a security feature that acts like a firewall between untrusted hosts and trusted DHCP servers.
Dynamic Host Configuration Protocol (DHCP) snooping
It is a stateless protocol used for resolving IP addresses to machine MAC addresses.
address resolution protocol
It constructs a large number of forged ARP request and reply packets to overload the switch.
address resolution protocol (ARP) spoofing
It is one of the most frequently used spoofing attack methods.
IP (internet protocol) address spoofing
In an __________ attack, an attacker sends IP packets from a false source address in order to disguise itself.
address spoofing
It is a type of man-in-the-middle attack that can be used to stop network traffic, change it, or intercept it
address resolution protocol (ARP) poisoning
It is a security feature that validates ARP packets in a network.
dynamic address resolution protocol (ARP) inspection
A mitigating ARP attack that allows a network administrator to intercept, log, and discard ARP packets with invalid MAC address to IP address bindings.
dynamic address resolution protocol inspection
An attacker sends IP packets from a false (or “spoofed”) source address in order to disguise itself.
IP (internet protocol) address spoofing
A way to mitigate VLAN attack that helps prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host.
IP (internet protocol) source guard
A security feature that restricts IP traffic on untrusted Layer 2 ports by filtering traffic based on the DHCP snooping binding database or manually configured IP source bindings.
IP (internet protocol) source guard
A Layer 2 protocol that runs on bridges and switches and ensures that you do not create loops when you have redundant paths in your network.
Spanning Tree Protocol (STP)
A port in STP that is not being the designated or root port.
blocked port
It is a port in STP that receives the best BPDU on a bridge is the root port.
root port
This occurs when an attacker, hacker, or an unauthorized user spoof the root bridge in the topology.
spanning tree protocol manipulation attack
It is a port in STP that is the closest to the root bridge in terms of path cost.
root port
It is the only bridge in the STP network that does not have a root port.
root bridge
A reference point for all switches in a spanning-tree topology
root bridge
It is calculated using port cost values associated with port speeds for each switch port along a given path in STP
STP (spanning tree protocol) Path Cost
A port that can send the best BPDU on the segment to which it is connected.
designated port
A port that receives more useful BPDUs from another bridge and is a port blocked.
alternate port
This was introduced to accommodate the additional VLAN information in BPDU
Extended System
ID field
It can only be connected on switch or trunk ports that are connected to a single workstation, switch, or server to allow those devices to connect to the network immediately, instead of waiting for the port to transition from the listening and learning states to the forwarding state.
portfast
It used in selection of root bridge and to prevent loop which is supported only on nontrunking access ports because these ports typically do not transmit or receive BPDUs.
portfast mode
It is used to mitigate STP attacks that provides a way to enforce the root bridge placement in the network.
root guard
It forces a port to always be designated as the root port in STP.
root guard
It is used to mitigate STP attacks that ensures that the port on which it is enabled is the designated port.
root guard
A feature that provides additional protection against Layer 2 forwarding loops (STP loops) and is created when an STP blocking port in a redundant topology erroneously transitions to the forwarding state.
STP (spanning tree protocol) loop guard feature
It is used to mitigate STP attacks that provides additional protection against Layer 2 forwarding loops (STP loops).
loop guard
It causes a switch or trunk port to enter the spanning tree forwarding state immediately, bypassing the listening and learning states.
portfast
Ciphertext can be creating using several methods:
- Transposition
- Substitution
- One-time pad
It is an encrypted text transformed from plaintext using an encryption algorithm.
ciphertext
It is a an encryption technique where plaintext is paired with a random secret key.
one-time pad
It is a method of encryption by which the positions held by units of plaintext are shifted according to a regular system, so that the ciphertext constitutes a permutation of the plaintext.
transposition cipher
A method of encrypting in which units of plaintext are replaced with ciphertext, according to a fixed system; the “units” may be single letters (the most common), pairs of letters, triplets of letters, mixtures of the above, and so forth.
substitution cipher
An encryption technique that cannot be cracked, but requires the use of a one-time pre-shared key the same size as, or longer than, the message being sent.
one-time pad
Methods used for cryptanalysis:
- Brute-force method
- Ciphertext method
- Known-Plaintext method
- Chosen-Plaintext method
- Chosen-Ciphertext method
- Meet-in-the-Middle method
A method used in cryptanalysis where an attacker knows that a portion of the plaintext and the corresponding ciphertext.
Meet-in-the-Middle method
A method used in cryptanalysis where an attacker tries every possible key with the decryption algorithm knowing that eventually one of them will work.
Brute-Force method
A method used in cryptanalysis where an attacker has the ciphertext of several messages, all of which have been encrypted using the same encryption algorithm, but the attacker has no knowledge of the underlying plaintext.
Ciphertext-Only method
A method used in cryptanalysis where the attacker uses a brute-force attack to try keys until decryption with the correct key produces a meaningful result.
Known-Plaintext method
A method used in cryptanalysis where the attacker chooses which data the encryption device encrypts and observes the ciphertext output.
Chosen-Plaintext method
A method used in cryptanalysis where the attacker chooses different ciphertext to be decrypted and has access to the decrypted plaintext.
Chosen-Ciphertext method
The study of the distribution (and count) of the letters in a text.
Frequency analysis
It is that part of cryptology concerned with the putting of messages into a secret or encrypted form.
Cryptography
The art and science of making and breaking codes and ciphers.
Cryptology
A method of protecting information and communications through the use of codes, so that only those for whom the information is intended can read and process it.
Cryptography
An algorithm used for authentication which is used by modern computers to encrypt and decrypt messages.
Rivest-Shamir-Adleman
An algorithm used for authentication which is a widely used hash function producing a 128-
bit hash value.
message-digest algorithm (MD5)
An algorithm used for authentication which the result of work done on developing a MAC derived from cryptographic hash functions.
Hash-based message authentication code (HMAC)
An algorithm used for authentication that takes the plain text in 64-bit blocks and converts them into ciphertext using 48-bit keys.
DES (Data Encryption Standard)
An algorithm used for confidentiality which is a symmetric-key block cipher created in the early 1970s by an IBM team and adopted by the National Institute of Standards and Technology (NIST).
data encryption standard
An algorithm used for authentication which is a Federal Information Processing Standard for digital signatures, based on the mathematical concept of modular exponentiation and the discrete logarithm problem.
digital signature algorithm
An algorithm that takes an arbitrary amount of data input—a credential—and produces a fixed-size output of enciphered text called a hash value, or just “hash.”
cryptographic hash function
A Cryptographic Hash Function Property that should make it very hard to reconstruct the original password from the output or hash.
Non-reversibility or one-way function
A Cryptographic Hash Function Property where a change in just one bit of the original password should result in change to half the bits of its hash.
Diffusion, or avalanche effect
A Cryptographic Hash Function Property where a given password must always generate the same hash value or enciphered text.
Determinism
A Cryptographic Hash Function Property where it should be hard to find two different passwords that hash to the same enciphered text.
Collision resistance
A Cryptographic Hash Function Property where the hash value should not be predictable from the password.
Non-predictable
It is a hash function that has been deprecated for uses other than as a non-cryptographic checksum to verify data integrity and detect unintentional data corruption.
message digest-5
A well-known hash function that produces a 160-bit hash value from an arbitrary length string.
secure hash algorithm
It is a specific type of message authentication code (MAC) involving a cryptographic hash function in combination with a secret cryptographic key.
keyed hash message authentication code (HMAC)
A cryptographic hash algorithm that can be used to create a 128-bit string value from an arbitrary length string
Message Digest Algorithm 5 (MD5)
The process of generating keys for cryptography.
Key generation
It refers to managing cryptographic keys within a cryptosystem. It deals with generating, exchanging, storing, using and replacing keys as needed at the user level.
Key management
A key management characteristics which removes KM from use prior to the end of its normal cryptoperiod for reasons that include key compromise, removal of an entity from an organization, etc.
key revocation
A key management characteristics which any media on which the KM was stored should be erased in a manner that removes all traces of the KM so that it cannot be recovered by either physical or electronic means.
Key destruction
A key management characteristics which is a specific time span during which a cryptographic key setting remains in effect.
key lifetime
A key management characteristics where keys must be stored securely to maintain communications security.
Key storage
A key management characteristics where prior to any secured communication, users must set up the details of the cryptography.
Key exchange
It refers to the set of all possible permutations of a key.
Key space
it is usually designed to be large enough to make such a key search infeasible.
key space
What are the different cryptographic keys?
- symmetric key
- asymmetric key
- digital signature
- hash key
A type of encryption where only one key (a secret key) is used to both encrypt and decrypt electronic information.
Symmetric encryption
A cryptographic value that is calculated from the data and a secret key known only by the signer.
Digital signature
Two classes of encryption algorithms
- symmetric encryption algorithm
- asymmetric encryption algorithm
A deterministic algorithm operating on fixed-length groups of bits, called blocks.
block cipher
A cipher that uses an unvarying transformation or a symmetric key.
block cipher
A type of encryption algorithm that process an individual bit, byte, or character of plaintext at a time
Stream cipher
An algorithm used for confidentiality which takes the plain text in 64-bit blocks and converts them into ciphertext using 48-bit keys
DES (Data Encryption Standard)
An algorithm used for confidentiality of data that uses symmetric algorithm and will take 6.4 days to crack using COPACABANA.
data encryption standard
It is an algorithm that encrypts with the first key (k1), decrypts using the second key (k2), then encrypts with the third key (k3).
triple data encryption standard
An algorithm used for confidentiality of data where key size can be 128, 192, and 256 bits.
advanced encryption standard
An algorithm that is based on substitution–permutation network.
advanced encryption standard
It is an algorithm replaced DES and needs 4.6 billion years to crack.
triple data encryption standard
An algorithm used for confidentiality of data that uses symmetric algorithm and will take 149 trillions years to crack.
advanced encryption standard
An algorithm which is a pseudorandom function family in that it can easily generate arbitrary portions of the keystream without having to start from the beginning.
software-optimized encryption algorithm
An algorithm which uses is a stream cipher optimized for machines with a 32-bit word size and plenty of RAM with a reported performance of around 4 cycles per byte.
software-optimized encryption algorithm
An algorithm where the router and peer must support IPSec.
software-optimized encryption algorithm
It is an algorithm used for securely exchanging cryptographic keys over a public communications channel.
diffie-hellman algorithm
What are the different protocols that uses asymmetric key algorithm?
- Internet Key Exchange (IKE)
- Secure Socket Layer (SSL)
- Secure Shell (SSH)
- Pretty Good Privacy (PGP)
An asymmetric key algorithm which is often used as a method of exchanging encryption keys and/or authentication keys through an unsecured medium like the Internet.
Internet Key Exchange (IKE)
An asymmetric key algorithm which is often used for key management purposes in IPSec networks.
Internet Key Exchange (IKE)
An asymmetric key algorithm which provides several alternative options for strong authentication, and it protects the communications security and integrity with strong encryption.
Secure Shell (SSH)
An asymmetric key algorithm which is a method for secure remote login from one computer to another.
Secure Shell (SSH)
An asymmetric key algorithm which is an encryption-based Internet security protocol.
Secure Socket Layer (SSL)
An asymmetric key algorithm which is an encryption program that provides cryptographic privacy and authentication for data communication.
Pretty Good Privacy (PGP)
An asymmetric key algorithm used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications
Pretty Good Privacy (PGP)
The transformation of a string of characters into a usually shorter
fixed-length value or key that represents the original string.
Hashing
Digital Signature Properties
- authentic
- unalterable
- not reusable
- cannot be repudiated
