Network Hardening Flashcards
securp snmp
simple network management protocol
monitors and controls servers switches routers firewalls and other devices
which snmp versions have encrypted network traffic
snmpV3
- Hardening technique focusing on router advertisements sent with IPv6
Router Advertisement (RA) guard
- Prevent unauthorized users from connecting to a switch interface
- Will alert or disable the port
Port security
Port security operation
Configure the max number of source MAC addresses on an interface
- Can also configure specific MAC addresses
- The switch monitors the number of unique MAC address and maintains a list of every source MAC address
- Once you exceed the maximum, port security activates and will disable the port or send an alert to the administrator
A security feature on a switch that monitors ARP messages in order to detect faked ARP messages
Dynamic ARP Inspection (DAI)
How does DAI work?
DAI tracks trusted IP to MAC bindings (using DHCP Snooping database).
- DAI has “Trusted” and “Untrusted” ports.
- Trusted ports aren’t checked, Untrusted ports are verified that they have an approved MAC.
Control Plane Policing (CoPP)
A policy applied to the control plane of a router to protect the CPU from high rates of traffic that could impact router stability.
- Protects against denial of service or reconnaissance
- Can also block any non-management traffic
What is the management (control) plane?
Used for access and management of network devices
What is the data plane?
A conceptual component of a network device that performs the actual operation over data flows. Eg. Packet forwarding
restrict access between interfaces
even on the same Vlan
port isolation
A security technique to turn off ports on a network device that are not required or currently in use
Disabling unused interfaces
A form of network access control that makes someone authenticate regardless of connection type to a when connecting to a network
802.1X Network Access Control
- Every port is a possible entry port
- Close everything except required ports
- Can be controlled with a firewall - NGFW would be ideal
- Disable or filter any unused services from any network communication
- Use Nmap or similar port scanner to verify which ports are being used by your applications
Disable unnecessary ports and services
- Most devices have default usernames and passwords
- Make sure to change them!
- The right credentials provide full control - Admin access
Changing default credentials
- Don’t want users on the same VLAN that’s used by management traffic
- Have separate VLAN just for that traffic
Change default VLAN
- A security feature on switches whereby DHCP messages on the network are checked and filtered
- The switch inspects DHCP traffic to ensure the host is not trying to spoof its MAC address
- Can be used to prevent rogue DHCP servers from operating on the network
DHCP snooping
The process of regularly applying patches and updates to software
Patch management
- Access is based on the role a person plays in an organization
- Allows unrestricted access and if the credentials for this account are shared, risk of compromise is greatly magnified
Role-based access
- List of permissions associated with a system resource
- Specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects
- Each entry in specifies a subject and an operation
Access Control List (ACL
- A set of individual instructions to control the actions of a firewall
- Most include implicit deny - If there’s no explicit rule in the rule list, the traffic is blocked
Firewall rules
- Limit access through the physical hardware address
- Additional administration required for configuring which MAC addresses are allowed
- Will have to add new allowed addresses for visitors and new people on the network
- Security through obsurity
MAC filtering
Authentication framework frequently used in wireless networks which supports multiple authentication methods w/o having to pre-negotiate a particular one
EAP (Extensible Authentication Protocol)
- The use of GPS or RFID technology to create a virtual geographic boundary, enabling software to trigger a response when a mobile device enters or leaves a particular area, such as deny or allow
- Example - Disabling the camera on a mobile device when it enters a building where you don’t want someone taking pictures
Geofencing
- Web page accessed with a browser that is displayed to newly connected users of a Wi-Fi or wired network before they are granted broader access to network resources
- Only allows HTTP traffic and redirects the HTTP traffic to a remediation server
Captive portal
