Security Fundamentals Flashcards
What are the four categories of physical threats
Administrative, electrical, environmental, hardware
Electrical threats
inadequate power, unconditioned power, and total loss of power
A ___ is a good line of defense against electrical threats
UPS generator
Hardware threats
physical damage, component damage
To prevent hardware threats
restrict physical access, log physical access
Environmental threats
temperature, and humidity
Environmental threats can be mitigated by climate control systems and ___
monitoring the environment
Administrative threats
maintenance errors, poorly labeled cables
Administrative threats can be mitigated by
using a clear labeling system, maintaining an adequate supply of of spare parts, proper handling of electrical equipment at all times
Reconnaissance attacks
passive attacks that are designed to gather information about a network or network device
Examples of reconnaissance attacks
packet sniffing, ping sweeps, port scans
Packet sniffing is limited to ___ networks
broadcast
Packet sniffing attacks rely on ___ mode operation
promiscuous
Packet sniffing attacks can identify
unencrypted passwords
Packet sniffing attacks can be mitigated by
switched networks, encrypted connections
Packet sniffers are commonly used to
extract clear text passwords from network traffic
Ping sweeps
are used to determine which IP addresses are active within a particular range
Ping sweeps rely on ___ protocol
ICMP
Ping sweeps can be mitigated by
disabling ICMP
Port scans
are used to discover active services, operating system revision, and configured network services
Port scans can be detected by
IDS
Access attacks
are used to gain unauthorized access to network systems
Common access attacks
password attacks, buffer overflow
Cisco password best practices
combination of upper and lower case letters
numbers and punctuation
five plus characters
no real words, slang, jargon
not based on personal information
Buffer overflow attacks
exploit software vulnerabilities to execute malicious code
A buffer overflow occurs when a
program writes data beyond the region of memory that has been allocated to that program
an attacker can use the BO to write arbitrary code into memory and have the code executed by the program
Mitigate buffer overflow attacks
host based IPS, (HIPS), executable space protection, safe programming libraries
___ are the most common form of logical access control
passwords
Local passwords are configured on
the device to which the user is authenticating
Local passwords are stored in the ___
startup configuration
Local passwords are visible in the ___
running configuration
Local passwords are stored as ___ but can be encrypted
plain text
When configuring an encrypted password, you can create multiple privilege levels from 0 to 15. Which privilege level is granted to a user if the privilege level has not been configured in enable password or enable secret commands
15
Level 0 password encryption
indicates that a password is unencrypted
Level 5 password encryption
indicates that the password is an MD5 hash
Level 7 password encryption
indicates that the password was encrypted using Cisco’s original password algorithm
service password-encryption
encrypts all existing and future passwords
no service password-encryption
does not decrypt existing passwords
Passwords must be changed every __ days
90
A password must be __ days old before it can be changed
2
A password cannot be reused until it has been changed ___ times
10
Passwords must be at least ___ characters long
8
Password strings must contain a certain amount of complexity that includes
numbers, letters, and symbols
Type 1 authentication
something you know
Type 2 authentication
something you have
Type 3 authentication
something you are
ACLs
are sets of rules that identify traffic
Standard ACLs
based on the source IP address alone
Extended ACLs
identify traffic based on the source IP, destination IP, protocol and port number
Named ACLs
can either be standard or extended ACLs
implicit deny rule
traffic is dropped unless it is matched by an ACL statement that is configured with the permit keyword
In order for a device to take action on matched traffic, ACLs must first be applied to an
interface, line, route map, or other configuration that supports ACLs
Standard ACLs are numbered in a range from ___ to ___ or from ___ to ___
1 to 99
1300 to 1999
Extended ACLs are numbered in a range from ___
100 to 199
2000 to 2699
PKI encrypts communications based on
public and private key pair
PKI certs can be used in place of
traditional authentication credentials
DHCP spoofing attack
a rouge DHCP server is installed on the network in an attempt to intercept DHCP requests
and respond with its own IP address as the gateway default address
DHCP snooping
monitors DHCP traffic between a trusted DHCP server and untrusted hosts
DHCP snooping binding table
contains mappings between host MAC addresses, IP address, VLANs, and switchports
ip dhcp snooping
globally enables the DHCP snooping feature
DHCP snooping is not enabled on any interfaces until the ___ command is issued
ip dhcp snooping vlan vlan-range
show ip dhcp snooping
verify DHCP snooping configuration on a switch
show ip dhcp snooping binding
view IP-to-MAC
DAI uses ___ transactions to track IP address-to-MAC address bindings
DHCP
DAI enhances security by
intercepting, logging, and discarding ARP packets that have invalid IP-to-MAC address bindings
DAI is configured ___ on a switch for specific VLANs
globally
You cannot configure DAI on ___ interfaces
specific
All ports on a switch are ___ by default
active
By default all switchports use ___ to negotiate trunk mode
dynamic trunking protocol
switchport nonegotiate
prevents any attempts by the switch to negotiate by using DTP
port security protect
the switch will discard the traffic
port security restrict
the switch will discard the traffic, log the unauthorized entry attempt, increment the Security Violation counter, and send a SNMP trap message
port security shutdown
the switch will discard the traffic, log the unauthorized entry attempt, increment the Security Violation counter, and place the port into the error-disabled state
By default, a switchport with port security enabled will be configured for ___ mode
shutdown
To enable an interface that is in the error-disabled state, you must manually
issue the shutdown command, followed by the no shutdown command
