Network Security Flashcards
What is network security?
- Any activity designed to protect the usability and integrity of your network and data.
- It includes both hardware and software technologies.
- Effective network security manages access to the network.
- It targets a variety of threats and stops them from entering or spreading on your network.
What is AAA?
Authentication, Authorization and Accounting Framework for implanting and ensuring network access security
What is Local Authentication?
Involves storing users’ credentials locally on their devices. Various devices support local authentication, such as PCs, switches, routers, firewalls, etc.
When a user logs in to a computer, Windows verifies the credentials against the credentials in what file?
local “SAM” file.
What is Remote Authentication?
Involves storing user credentials on a remote server for authentication. Centralization of stored usernames and passwords. An example of remote authentication would be a PC password being checked against Active Directory in a domain environment.
What Does AAA Do?
- Authenticate user accounts.
- Control access to resources.
- Audit network activity.
- Ensure policy compliance.
Triple AAA is provided by what service?
RADIUS and TACACS+.
What is Authentication?
Authentication verifies the user’s identity. Users accessing the network must prove who they say they are.
What is Authorization?
Authorization enforces user permissions. After authentication, authorization determines which network resources the user can access.
What is Accounting and Auditing?
Tracks user activity and records what a user does once authorized on the network. Accounting keeps a record of how network resources are used.
What does RADIUS stand for?
Remote Authentication Dial-In User Service (RADIUS)
What does TACACS+ stand for?
Terminal Access Controller Access-Control System Plus (TACACS+)
Does RADIUS use TCP or UDP?
UPD ports 1812/1813 or 1645/1646
* Port 1812 is used for authentication and authorization.
* Port 1813 is used for accounting.
What level of the OSI layer does radius operate?
Layer 2 Data Link Layer
Does RADIUS encrypt usernames, accounting information, or other information?
No only encrypts the password in the packet
Does TACACS+ use TCP or UDP?
TCP port 49
What does TACACS+ encrypt?
Encrypts the entire packet
What level of the OSI layer does TACACS+ operate?
Layer 4 Transport Layer
What 2 features does TACACS support that RADIUS does not?
Authorization and Accounting
What does the TACACS+ protocol provide in a AAA deployment?
Authorization on a per-user or per-group basis
What Is 802.1X Authentication?
Security protocol authenticates new users and devices requesting access to the network.
Which term describes the ability of a web server to keep a log of the users who access the server, as well as the length of time they use it?
Accounting
What is the first required task when configuring server-based AAA authentication?
Enable AAA globally.
What is a characteristic of AAA accounting?
Possible triggers for the aaa accounting exec default command include start-stop and stop-only.
When a method list for AAA authentication is being configured, what is the effect of the keyword local?
It accepts a locally configured username, regardless of case.
A user complains about not being able to gain access to a network device configured with AAA. How would the network administrator determine if login access for the user account is disabled?
Use the show aaa local user lockout command.
Which component of AAA is used to determine which resources a user can access and which operations the user is allowed to perform?
authorization
What are the three components f 802.1X?
● Supplicant
● Authenticator
● Authentication Server
What are two features of 802.1X
● Access Control offers unmatched, secure, identity-based access control at network endpoints.
● Network Security ensures secure networks with minimal impact on end-users and infrastructure.
What is Supplicant?
The client (workstation) receives credentials from a user and submits them to the authenticator. Workstations can be any PC operating system or component of a software application.
What is Authenticator?
This device controls physical access to the network by acting as a proxy between the client (supplicant) and the authentication server. The authenticator relays credentials received from a supplicant to the authentication server and is typically an available network device, such as a switch or an access point.
What is Authentication Server?
This device validates credentials received from an authenticator. The authentication server determines the level of access in the network for an end-user or device.
What is EAP?
Extensible Authentication Protocol (EAP) is an authentication framework that provides transport for request and response parameters
What is MAC Spoofing?
Associating attacker’s MAC address with target’s IP address
What are preventions for ARP Poisoning?
● Identify duplicate MAC addresses.
● Check for suspicious ARP traffic.
● Use static ARP entries.
● Configure port security.
● Use encrypted protocols. Encryption protocols do not prevent ARP poisoning
● Prevent traffic interception and eavesdropping.
What is Identifying multiple MAC addresses associated with a single device
Duplicate MAC addresses
How can you prevent unauthorized devices from accessing the network
Port security
Do encrypted protocols prevent ARP poisoning?
No, but they prevent traffic interception and eavesdropping
In what mode does the switch operate in CAM overflow.
Switch operates in fail-open mode and behaves like a hub. In this mode, it begins forwarding frames out of all switch ports.
What is Dynamic ARP Inspection (DAI)?
Feature that rejects fabricated ARP packets using DHCP snooping. )
True of False by default, all physical ports on a switch learn the MAC addresses of connected clients
True
What are the 3 port security violation modes?
Shutdown, restrict, and protect
What happens in shutdown mode?
Automatically shuts down port and sends notification
What happens in restrict mode?
Drops frames with unfamiliar source MAC addresses and sends a notification.
What happens in protect mode?
Drops frames with unknown source MAC addresses without notification