Section 11: Network Design Flashcards
What three kinds of attacks are switches susceptible to?
MAC Flooding, MAC Spoofing, and Physical Tampering
What is MAC Flooding
An attempt to overwhelm the memory in a switch
MAC Spoofing
Attacker masks their own MAC address to pretend they have the MAC address of another device
How do you prevent physical tampering?
Lock it up in a network rack.
Router
Connects two or more networks
Access Control List
An ordered set of rules that a router uses to decide what comes in and what doesn’t
IP Spoofing
Tricks an ACL
Most networks are broken up into three zones. What are they?
The LAN, the WAN, and the DMZ
DMZ
Focused on providing controlled access to publicly available servers that are hosted within your organizational network
Extranet
Specialized type of DMZ that is created for your partner organizations to access over a wide area network
Bastion Hosts
Hosts or servers in the DMZ which are not configured with any services that run on the local network
Jumpbox
A hardened server that provides access to other hosts within the DMZ
Network Access Control
Security technique in which devices are scanner to determined its current state prior to being allowed access onto a given network
Persistent Agents
A piece of software that is installed on the device requesting access to the network
Non-Persistent Agents
Uses a piece of software that scans the device remotely or is installed and subsequently removed after the scan
Most NAC is built on what standard?
802.1x
What do VLANs do?
Segment the network, reduce collisions, organize the network, boost performance, increase security
Switch Spoofing
Attacker configures their device to pretend it is a switch and uses it to negotiate a trunk link to break out of a VLAN
Double Tagging
Attacker adds an additional VLAN tag to create an outer and inner tag (prevented by moving all ports out of default group)
Using ________ can help us secure our internal network by hiding our addresses
NAT
Telephony
Term used to describe devices that provide voice communication to users
Modem
A device that could modulate digital information into an analog signal for transmission over a standard dial-up phone line
War Dialing
Dialing all sorts of numbers in order to gain access. You protect that by using the callback feature
Public Branch Exchange (PBX)
Internal phone system used in large organizations