Secure Routing and Switching Flashcards
Endpoint Security
Includes securing the network infrastructure devices (LAN) and end systems, such as workstations, servers, ip phones, access points, and storage area networking devices
Also encompasses securing layer 2 of the network infrastructure
- Enabling port security
- BPDU guard
- Root guard
- PVLAN edge
2 internal LAN elements that need to be secured
Endpoints - various hosts (laptops, phones, servers etc)
Network Infrastructure
3 traditional endpoint securities:
Antivirus/antimalware software
Host-based IPS
Host-based firewall
Antivirus/antimalware software
Software installed on a host to detect and mitigate viruses and malware
Host-Based Firewall
Software installed on a host that restricts incoming and outgoing connections to those initiated by that host only. Some firewall software can also prevent a host from becoming infected and stop infected hosts from spreading malware to other hosts.
Host-Based IPS
Software installed on the local host to monitor and report on the system configuration and application activity, provide log analysis, event correlation,integrity checking, policy enforcement, rootkit detection, and alerting
Larger organizations now require protection before, during and after an attack. what 7 questions must IT administrators be able to answer?
- where did it come from?
- what was the threat method and the point of entry?
- what systems were affected?
- what did the threat do?
- can i stop the threat and root cause?
- how do we recover from it?
- how do we prevent it from happening again?
5 methods of securing endpoints in a borderless network
- Spam filtering
- data loss prevention (DLP)
- antivirus/antimalware software
- URL filtering
- Blacklisting
SPAM filtering
provides filtering of SPAM emails before they reach the endpoint
Data Loss Prevention (DLP)
prevents sensitive information from being lost or stolen
URL filtering
provides filtering of websites before they reach the endpoint
Blacklisting
Identifies websites with bad reputations. Blacklisting immediately blocks connections based on the latest reputation intelligence, removing the need for a more resource-intensive, in depth analysis
4 Modern Security solutions for Borderless network enpoints:
- Antimalware protection (amp)
- email security appliance (esa)
- web security appliances (wsa)
- network admission control (nac)
the Purpose of Cisco Network Admission Control (NAC)
Purpose: is to allow only authorized and compliant systems, managed or unmanaged, to access the network
NAC is also designed to enforce network security, provides authentication, authorization, and posture assessment
Cisco Network admission control (NAC) uses (6)
- recognize users, their devices and their roles in the network
- evaluate whether machines are compliant with security policies
- enforce security policies by blocking, isolating, and repairing non compliant machines
- provide easy and secure guest access
- simplify non-authenticating device access
- audit and report who is on the network