Security Flashcards

0
Q

Spoofing - what is it? Why do hackers do it?

A

Spoofing is when a hacker assumes a trusted IP or physical (MAC) address to gain access to your network.

This can be done in order to:

• gain root access

• inject malicious data into your
network

  • divert packets to themselves
  • perform a DoS attack
  • set up a larger attack.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
1
Q

DoS

A

Denial of Service attack - hacker will monopolize a networks resources, keeping legitimate users from being able to get service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Zero-day attacks

A

Attack involving a virus that has never been seen “in the wild” before. Zero day attacks are more threatening because the malicious software is unrecognizable and often unidentifiable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Pharming

A

Altering a host file to divert traffic intended for a legitimate site to another site (often an imposter site built by the attacker).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Brute Force Attack

A

A password attack in which all possible password combinations are tried sequentially until the correct one is guessed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Packet Sniffer

A

A program that can intercept and log traffic passing over a digital network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Keylogger

A

A program that detects and logs every keystroke made. Can be used to capture passwords and other confidential information.

 Software keyloggers may be augmented with features that capture user information without relying on keyboard key presses as the sole input. Some of these features include:

 •clipboard logging - captures    
  anything copied to the clipboard

 •screen logging - takes screen 
  shots periodically or in response 
  to user behavior

 •programmatically capturing the
  text in a control

 •recording all search engine 
  queries, IM convos, etc.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the purpose of risk analysis?

A

To quantify the impact of a potential threat.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the two types of risk analysis? What does each type use to measure the impact of a threat?

A

• Quantitative - uses a mathematical
model

• Qualitative - uses a scenario
model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the five stage of the secure network life cycle?

A
  • Initiation
  • Acquisition and development
  • Implementation
  • Operations and maintenance
  • Disposition
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the four different models and frameworks regarding security?

A
  • COBIT
  • ISO 27000
  • ITIL
  • NIST
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

COBIT

A

Control Objectives for Information and Related Technology

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

ISO 27000

A

International Organization for Standardization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

ITIL

A

Information Technology Infrastructure Library

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

NIST

A

National Institute of Standards and Technology

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is war dialing? Why might a network administrator do it?

A

War dialing or wardialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems and fax machines.
Hackers can use the resulting lists for various purposes. It may also be used by security personnel, for example, to detect unauthorized devices, such as modems or faxes, on a company’s telephone network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is wardriving?

A

Wardriving is the act of searching for Wi-Fi wireless networks by a person in a moving vehicle, using a portable computer, smartphone or personal digital assistant (PDA).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is an event? What is an incident?

A

Even - Any observable occurrence in a system or network.

Incident - Any observable occurrence that has a negative consequence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

MTD

A

Maximum Tolerable Downtime - total amount of time the system owner or authorizing official is willing to accept for a mission or a business process outage or disruption; includes all impact considerations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

RTO

A

Recovery Time Objective - the total amount of time a system resource can be unavailable before there is an unacceptable impact on other system resources, supported mission or other business processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

RPO

A

Recovery Point Objective - the point in time (prior to a disruption or system outage) to which business or mission data can be recovered after an outage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

IaaS

A

Infrastructure as as Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

SaaS

A

Software as a Service - software existing in the cloud and being accessed as a service by end-point devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

SGA

A

Security Group Access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Cisco ASA

A

Adaptive security appliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Five Nines

A

The goal of 99.999% up time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What are the three device planes?

A
  • Control
  • Management
  • Data
27
Q

What happens in the Control Plane?

A

Exchanges of routing information take place. Routing protocols run on the control plane.

28
Q

What happens on the Data Plane?

A

Data is actually forwarded.

29
Q

What happens on the Management Plane?

A

Management processes run.

30
Q

NFP

A

Network Foundation Protection

31
Q

What are two Control Plane security measures and what do they do?

A

• CoPP - control plane policing :
regulates the amount of traffic
on the control plane to prevent
DoS attacks

• Routing Protocol Authentication:
authentication solutions that verify
the identity of routers participating
in routing protocols

32
Q

What are some security features associated with the Data Plane and what do they do?

A

• Private VLANs keep data from
different sectors separate.

• ACLs permit or deny specified
traffic over particular links

33
Q

What are some Management Plane security features and what do they do?

A

• AAA - authentication, authorization
and accounting: implements role-
based access control

• NTP, Syslog, SNMP, SSH, TLS

34
Q

Cisco Autosecure

A

One-step automatic security for all three planes.

35
Q

RBAC

A

Role-based access control

36
Q

CCP

A

Cisco Configuration Professional - GUI-based tool that allows you to configure Cisco equipment by using wizards rather than by typing commands at the CLI

37
Q

What does the security audit feature in CCP do?

A

It reviews the security settings on a device and suggests changes. Allows you to select which security features you want activated.

38
Q

For management data what should you use instead of telnet to improve security?

A

SSH

39
Q

AAA

A
  • Authentication
  • Authorization
  • Accounting
40
Q

Describe the two modes for Cisco AAA:

A

Administrative - trying to access the router itself (user will be in character mode)

Remote Access - simply using the router as a transit point (users will be in packet mode)

41
Q

How many security levels are there in Cisco secure log? What’s the most severe level?

A

Eight (0-7)

0 is the most severe, 7 is the least

42
Q

What are the two tools you can use to log information about occurrences in your network?

A

Syslog and SNMP

43
Q

What is the major vulnerability SNMP versions up to v3 can create? How does SNMPv3 address this issue?

A

It’s well known that the default community string is “Public”. If you use SNMPv1 or v2 and you don’t change the community string it’s easy for a hacker to use the set and get commands to gain information about a device or change its configuration.
SNMPv3 authenticates the NMS before accepting any community strings from it.

44
Q

What are the two protocols used for communicating between AAA servers and authenticating devices?

A

TACACS+ and RADIUS

45
Q

What protocol does TACACS+ use? What port number?

A

TCP

49

46
Q

What transport layer protocols(s) does RADIUS use? What port numbers?

A

UDP
1645, 1646 (old radius ports)
1645=authentication messages
1646=accounting messages

UDP
1812 and 1813 (new radius ports)
1812=authentication
1813=accounting

47
Q

Which is more secure, RADIUS or TACACS+? Why?

A

TACACS+, because it encrypts the entire packet

48
Q

Which is more universally supported, TACACS+ or RADIUS? Why?

A

RADIUS, because it is a non-proprietary protocol, whereas TACACS+ is a Cisco protocol.

49
Q

When both regular and secret passwords are configured on a device which password is it necessary to use in order to enter privileged executive mode?

A

The secret (encrypted) password

50
Q

What command should be used to encrypt enable, VTY and other passwords in the configuration files?

A

service password-encryption

51
Q

What does IDS stand for?

A

Intrusion detection system

52
Q

What does IPS stand for?

A

Intrusion prevention system

53
Q

What is Syslog and what does it do?

A

Syslog is a way for network devices to send event messages to a logging server – usually known as a Syslog server. The Syslog protocol is supported by a wide range of devices and can be used to log different types of events. For example, a router might send messages about users logging on to console sessions, while a web-server might log access-denied events.

54
Q

Set the line console timeout to 5 minutes:

A

R1>enable
R1#config t
R1(configure)#line console 0
R1(config-line)#exec-timeout 5 0

55
Q

What is a one-way hash?

A

An algorithm that turns messages or text into a fixed string of digits, usually for security or data management purposes. The “one way” means that it’s nearly impossible to derive the original text from the string. A one-way hash function is used to create digital signatures, which in turn identify and authenticate the sender and message of a digitally distributed message.

56
Q

What commands would you use to prevent non-ssh access to your router?

A

Router1(config)#line vty 0 4
Router1(config-line)#transport input ssh

transport input ssh allows only ssh connections on the specified line/s

57
Q

What are the 4 steps to configure a router to act as an SSH client?

A
  1. Configure the hostname command.
  2. Configure the DNS domain.
  3. Generate the SSH key to be used.
  4. Enable SSH transport support for the virtual type terminal (vtys).
58
Q

How do you calculate yearly downtime?

A

100 ([525,600 - d] / 525,600)

59
Q

Allow only SSH traffic on vty lines:

A

Router1> enable

Router1# conf t

Router1(configure)# line vty 0 4

Router1(config-line)# transport input ssh

60
Q

What is the encrypted counterpart to plain text called?

A

Cipher text

61
Q

Designate an NTP server:

A

Router#ntp server [x.x.x.x]

62
Q

What is a type 5 password? Configure a username of Myark with a type 5 password of myarkymyark. How would you configure the same type 5 password without associating it with a username?

A

A password that is encrypted using md5 and stored in the running config. It’s much more secure than a type 0 (plaintext) password, and more secure than a type 7 password.

en
conf t
username Myark secret 0 myarkymyark

en
conf t
enable secret myarkymyark

63
Q

What is a type 0 password? Configure type 0 password thomsowe11 as an enable password. Configure username TomWaits with type 0 password thomsowe11.

A

An unencrypted (plaintext) password. A type zero password is not secure and can be viewed in the running configuration.

enable
conf t
enable password thomsowe11

en
conf t
username TomWaits password thomsowe11

64
Q

What is a type 7 password? Configure a type 7 enable password of econ101. Configure user name Thomas with a type 7 password of econ101.

A

A plain text password that has been encrypted using a weak encryption and stored in the running configuration.

en
conf t
enable password econ101
service password-encryption

en
conf t
username Thomas password econ101
service password-encryption