NET-04-P1 Switch Security Flashcards
is when attackers change their own physical PC address to conceal their true identity and pose as someone else. For example, an attacker may spoof a MAC address with a legitimate MAC address, to bypass an access control mechanism such as port security
MAC spoofing
is an attack that targets a switch’s MAC table. The idea is to flood the table with a large number of fake addresses. When the list of addresses exceeds the maximum seize of the table, the switch will initiate its fallback mode and begin to act as a hub, meaning every frame will be forwarded to every host on the network
CAM Table Overflow
The feature used to restrict input to an interface by limiting MAC addresses of workstations that are allowed to access a specific port
Port Security
the default violation mode
Shutdown
Ethernet frames with unauthorized source MAC addresses are dropped. The switch provides notification of security violations and keeps count of the number of violations
Restrict
Ethernet frames with unauthorized source MAC addresses are dropped. In this violation mode, the switch does not provide notification regarding this event
Protect
requires static configuration of each allowed MAC address and its assignment to an interface. Most secured method but is very time consuming and open to faulty configuration
Manual
allowed MAC addresses are learned dynamically and are limited to the maximum number configured for the interface. The switch learns the source address of the first few devices associated with the interface. providing a fast and scalable method of operation
Sticky
although the number of default MAC addresses allowed in Port Security is one, the number an be changed within the range of 1 to 3072
Max Allowed MAC address
When a switch port is in Err-disabled mode, the port may have been disabled automatically by the switch operating system, due to port security shutdown mode violation
Err-disabled
This state occurs when two parties, set for point-to-point communication, are configured to use different duplex mode
Duplex Mismatch
A faulty network interface card with software or hardware issues may trigger the Err-disabled state
Bad NIC
When there is a broadcast volume too large for processing in the broadcast domain
Broadcast Storms
presenting the authorized MAC addresses associated with a port and the type (sticky or manually) is done with this command
show port-security address
can be run for a quick overview of the configuration
show port-security
to view specific interface, this command should be used, since it provides more information
show port-security interface [interface]
defines the type of violation rule to be applied to the port
violation
This command define sticky learning, up to maximum of five addresses
mac-address maximum
was developed many years ago to allow users to manage devices from anywhere, via a simple and minimal configuration. however, using Telnet involves a potential security risk because usernames and passwords are sent in plain text on TCP port 23
Telnet
Modern encryption relies heavily on the RSA algorithm since most methods use public and private encryption keys
RSA Encryption
what does CIA stand for
Confidentiality, Integrity, Availability
is when two different keys are used to encrypt and decrypt messages
Asymmetric Encryption
is a command-line interface (CLI) in network devices used to create remote access connections
VTY - Virtual teletype
The primary purpose of creating a computer network is to share resources and enable communication within the network. A router or Layer 3 can handle network segmentation and inter-VLAN communication
SVI - Switched Virtual Interface
command: line vty & login local
Allow Remote Access
Commands: interface vlan 1
ip address
IP Switch settings
Command: crypto key generate rsa
Generate RSA keys
command presents the active SSH sessions on the network advice
Show ssh
displays the version definition, authentication timeout and retries
Show ip ssh
