Network Hardening Flashcards
Hardening
Securing a system by reducing its surface of vulnerabilities
Patch Management
Involves planning, testing, implementing, and auditing of software patches
Four steps for patch management
Planning, Testing, Implementing/Implementation, Auditing
Service
Application that runs in the background, like a print spooler; disable the ones that are not needed
Least Functionality
Process of configuring a device, a server, or a workstation to only provide essential services required by the user
Port Security
Prevents unauthorized access to a switchport by identifying and limiting the MAC addresses of the hosts that are allowed
Private VLAN (port isolation)
A technique where a VLAN contains switchports that are restricted to using a single uplink
Dynamic ARP Inspection (DAI)
Validates the Address Resolution Protocol packets in your network
DHCP Snooping
Provides security by inspecting DHCP traffic, filtering untrusted DHCP messages, and building and maintaining a DHCP snooping binding table
IPv6 Router Advertisement Guard
Mitigates attack vectors based on IPv6
Control Plane Policing (CPP)
Configures a Qos filter that manages the traffic flow of control plane packets to protect the control plane of Cisco IOS routers and switches
SNMP
Allows us to easily gather info from our various network devices back to a centralized management server
Access Control List (ACL)
A list of permissions associated with a given system or network resource
Wireless Client Isolation
Prevents wireless clients from communicating with each other
Guest Network Isolation
Keeps guests away from your internal network communications
