Section 16: Networking Hardening Flashcards
What is a Simple Network Management Protocol (SNMP)?
Allows us to easily gather information from our various network devices back to a centralized management server
What makes SNMP v3 so secure?
Uses encoded parameters to provide its authentication as a part of the SNMP architecture
What is a Router Advertisement Guard (RA-Guard)?
Operates at Layer 2 of the OSI model for IPv6 network to specify which interfaces are not allowed to have router advertisements on
What is Port Security?
Prevents unauthorized access to a switchport by identifying and limiting the MAC addresses of the hosts that are allowed
What is a Dynamic ARP Inspection (DAI)?
Ensures only valid ARP requests and responses are relayed across the network device
What is Control Plane Policing (CPP)?
Configures a QoS filter that manages the traffic flow of control plane packets to protect the control plane of Cisco IOS routers and switches
What are Private VLANs?
A technique where a VLAN contains switchports that are restricted to using a single uplink
What is DHCP Snooping?
Provides security by inspecting DHCP traffic, filtering untrusted DHCP messages, and building and maintaining a DHCP snooping binding table
What is a Strong Password?
Sufficiently long and complex which creates lots of possible combinations for brute force attacks to be completed in time
What is a Default VLAN labeled as?
VLAN 1
What is a Default VLAN?
Also Known as a NAtive VLAN
A VLAN where untagged traffic is put once it is received on a trunk port
What is Patch Management?
Involves planning, testing, implementing, and auditing of software patches
What is an Access Control List (ACL)?
A list of permissions associated with a given system or network resource
What is Role-Based Access?
Defines the privileges and responsibilities of administrative users who control firewalls and their ACLs
What is an Explicit Deny regarding firewalls?
Blocks matching traffic
What is an Implicit Deny regarding firewalls?
Blocks traffic to anything not explicitly specified
What is MAC Filtering?
Defines a list of devices and only allows those on your Wi-Fi network
What do most WAPs come pre-installed with what type of antenna?
Omnidirectional
What is the pro and con for a WAP using more power levels?
Pro: Covers more area
Con: Radio waves leave the building which isn’t good for security
What is a Wireless Client Isolation?
Prevents wireless clients from communicating with one another
What is a Guest Network Isolation?
Keeps guests away from your internal network communications
What are Pre-Shared Keys (PSK)?
Secures wireless networks, including those protected with WEP, WPA, WPA2, and WPA3
What is an Extensible Authentication Protocol (EAP)?
Acts as a framework and transport for other authentication protocols
What is Geofencing?
A virtual fence created within a certain location
What is a Captive Portal?
A web page displayed to newly connected Wi-Fi users before being granted broader access to network resources
What are some IoT Considerations? List at least 4
- Understand your endpoints
- Patch vulnerabilities
- Change defaults credentials
- Use encryption protocols
- Track and manage your devices
- Conduct test and evaluation
- Segment IoT devices