Section 8: Securing Networks Flashcards
Switch
Operates at Layer 2
▪ Makes traffic switching decisions based on the MAC address of the
sending and receiving devices through transparent bridging
▪ A switch remembers devices and their switchports based on their MAC
CAM Table and MAC Flood
Content Addressable Memory (CAM) Table
▪ Stores information about the MAC addresses available on any given port
of the switch
o MAC Flood
▪ Causes a MAC address overflow to occur in the CAM table by flooding the
switch with random MAC addresses
Persistent MAC Learning (Sticky MAC)
Persistent MAC Learning (Sticky MAC)
▪ Enables an interface to dynamically associate the first MAC address that
it connected to as an authorized address
What can prevent a switching loop
Spanning Tree Protocol
ARP Poisoning/ARP Spoofing
▪ Sends malicious ARP packets to a default gateway on the network to
change the IP and MAC address pairings in its ARP table
Dynamic ARP Inspection (DAI)
▪ Intercepts all ARP requests and responses and compares each one to the MAC-IP bindings in a trusted table a Cisco switch has access to
6to4
▪ Provides the ability for IPv6 packets to be transmitted over a standard
IPv4 network without the need to create explicit tunnels
Teredo
▪ Provides full IPv6 connectivity for hosts even if they do not have a
connection to a native IPv6 network
Generic Routing Encapsulation (GRE) Tunnel
▪ Carries IPv6 packets across an IPv4 network by encapsulating them inside of GRE IPv4 packets
It is a best practice to include a ____ all rule at the end of an ACL
Most specific rules should be placed at the ___ of the list, with more
generic rules towards the ___
deny
top
bottom
Packet-Filtering Firewall
Packet-Filtering Firewall
o Only inspects the header of the packet to determine if
traffic is allowed or denied based on IP addresses and port
numbers
Similar to an ACL on a router, not very secure.
Kernel Proxy or Fifth Generation Firewall
o Has minimal impact to performance that it has on the
network, even while still conducting a full inspection of the
packet at every layer
Unified Threat Management (UTM)
● Provides the ability to conduct numerous
security functions within a single device or
network appliance
Firewall, VPN, Web Security, Email Spam Filtering, etc… all in one device.
Con: Single point of failure.
Web Application Firewall (WAF)
● Utilizes specific rule sets to prevent common attacks against web applications, such as cross-site scripting and SQL
injections
Deep inspection of http and https packets.
Forward Proxy vs Reverse Proxy
Forward/transparent proxy (Outbound traffic)
● is usually positioned at the edge of your corporate network and
regulates the outbound traffic according to specific policies your
organization has created
▪ Reverse proxy (Inbound traffic)
● content caching, traffic scrubbing (ddos), IP masking, and load balancing
If you host a website, and you have your website in America, you could place a reverse proxy in India, so that all clients in India will be able to access your website faster by connecting to the reverse proxy instead of your server directly.
NAT gateways vs Internet Gateways
NAT gateways
▪ Gives endpoints without public IP addresses access to the internet
without exposing those resources to incoming internet connections.
Only outbound connections are possible, nothing can reach the endpoints from the outside because they have no public IP address.
Internet gateways (Same concept as a reverse proxy)
▪ Allows inbound connections to be initiated from the internet and relays or proxies them to internal resources.
Application Programming Interface (API) gateway
▪ Acts as a reverse proxy to accept all API calls and aggregates the required services to fulfill such requests.
Network Access Control (NAC)
Keeps unauthorized users or devices from accessing a private network. (Via VPN or Directly)
▪ Persistent
● A piece of software installed on a device requesting access to the
network
▪ Agentless NAC Volatile Agent
● Installs the scanning engine on the domain controller instead of
the end point device
Virtual Network Computing (VNC)
▪ Similar to RDP but fully cross-platform and open-source. (RDP only works for windows)
▪ Should only be used in our internal networks because it is not encrypted by default. If you want to access it from external you can VPN or SSH into the network first and then use VNC through that secure connection.
Port 5900
What can prevent cache poisoning?
DNSSEC
