Secure Routing and Switching Flashcards

1
Q

Endpoint Security

A

Includes securing the network infrastructure devices (LAN) and end systems, such as workstations, servers, ip phones, access points, and storage area networking devices

Also encompasses securing layer 2 of the network infrastructure

  • Enabling port security
  • BPDU guard
  • Root guard
  • PVLAN edge
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

2 internal LAN elements that need to be secured

A

Endpoints - various hosts (laptops, phones, servers etc)

Network Infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

3 traditional endpoint securities:

A

Antivirus/antimalware software

Host-based IPS

Host-based firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Antivirus/antimalware software

A

Software installed on a host to detect and mitigate viruses and malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Host-Based Firewall

A

Software installed on a host that restricts incoming and outgoing connections to those initiated by that host only. Some firewall software can also prevent a host from becoming infected and stop infected hosts from spreading malware to other hosts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Host-Based IPS

A

Software installed on the local host to monitor and report on the system configuration and application activity, provide log analysis, event correlation,integrity checking, policy enforcement, rootkit detection, and alerting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Larger organizations now require protection before, during and after an attack. what 7 questions must IT administrators be able to answer?

A
  1. where did it come from?
  2. what was the threat method and the point of entry?
  3. what systems were affected?
  4. what did the threat do?
  5. can i stop the threat and root cause?
  6. how do we recover from it?
  7. how do we prevent it from happening again?
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

5 methods of securing endpoints in a borderless network

A
  1. Spam filtering
  2. data loss prevention (DLP)
  3. antivirus/antimalware software
  4. URL filtering
  5. Blacklisting
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

SPAM filtering

A

provides filtering of SPAM emails before they reach the endpoint

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Data Loss Prevention (DLP)

A

prevents sensitive information from being lost or stolen

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

URL filtering

A

provides filtering of websites before they reach the endpoint

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Blacklisting

A

Identifies websites with bad reputations. Blacklisting immediately blocks connections based on the latest reputation intelligence, removing the need for a more resource-intensive, in depth analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

4 Modern Security solutions for Borderless network enpoints:

A
  1. Antimalware protection (amp)
  2. email security appliance (esa)
  3. web security appliances (wsa)
  4. network admission control (nac)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

the Purpose of Cisco Network Admission Control (NAC)

A

Purpose: is to allow only authorized and compliant systems, managed or unmanaged, to access the network
NAC is also designed to enforce network security, provides authentication, authorization, and posture assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Cisco Network admission control (NAC) uses (6)

A
  1. recognize users, their devices and their roles in the network
  2. evaluate whether machines are compliant with security policies
  3. enforce security policies by blocking, isolating, and repairing non compliant machines
  4. provide easy and secure guest access
  5. simplify non-authenticating device access
  6. audit and report who is on the network
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Email security appliance (ESA) examples:

A

Spam blocking
Advanced malware protection
Outbound message control
Cisco email security appliance

17
Q

steps to mitigate DHCP starvation and dhcp spoofing

A

enable dhcp snooping

18
Q

Steps to mitigate mac address flooding (CAM table overflow)

A

port security

mac address vlan access maps

19
Q

steps to mitigate VLAN hopping

A
  1. tighten up trunk configuration and the negotiation state of unsused ports
  2. place unused ports into a common VLAN
20
Q

mitigate attacks between devices on a common vlan

A

Implement private VLANs (PVLAN)

21
Q

mitigate spanning-tree compromises

A

proactively configure the primary and backup root devices.

and enable root guard.

22
Q

what are spanning-tree compromises?

A

attacking device spoofs the root bridge in the STP topology. if, successful the network attacker can see a variety of frames

23
Q

mitigate mac spoofing

A

use DHCP snooping, port security

24
Q

what is MAC spoofing?

A

attacking device spoofs the mac address of a valid host currently in the CAM table. the switch then forwards frames destined for the valid host to the attacking device

25
Q

Mitigate ARP spoofing

A

Use dynamic arp inspection
DHCP Snooping
port security

26
Q

What is ARP spoofing

A

attacking device crafts ARP replies intended for valid hosts. the attacking device’s MAC address then becomes the destination address found in the layer 2 frames sent by the valid network device

27
Q

Mitigate Secure shell protocol (ssh) and telnet attacks

A

do not use telnet. USE ssh version 2

if you have to use telnet set up acls for those interfaces

28
Q

Setup switchport security and maximum mac addresses to 1 on port 0/4 of a switch

A
en
config t
int g0/4
switchport mode access (has to be access)
switchport port-security
switchport port-security maximum 1
29
Q

commands to setup dhcp snooping on a switch adn set port 0/1 as a trusted port

A
ip dhcp snooping
ip dhcp snooping information option
ip dhcp snooping clan 10,20
int fa0/1
description uplink
switchport mode trunk
switchport trunk allowed vlan 10,20
ip dhcp snooping trust