Topic 6 - Infrastructure Security Flashcards
what port the Port security is applied to?
Access port
Can Port security be applied to Trunk port?
No. Can be applied to only Access port
What happens to port when the violation occurs?
interface will shutdown
What method is used to stop interfaces to shutdown when violation occurs?
Switchport port security Violation protect
Explain what the below modes does:
1 - Port Security PROTECT:
2 - Port Security RESTRICT:
3 - Port Security Shutdown
PROTECT - Drops all the packets from the insecure hosts at the port-security process level but does not increment the security-violation count
RESTRICT: Drops all the packets from the insecure hosts at the port-security process level and increments the security-violation count
SHUTDOWN: Shuts down the port if there is a security violation.
Explain
Static port security
AND
Dynamic port security
Set the MAC addresses that are allowed to use the port. If less than the maximum are set than the remaining are learned dynamically.
Switch(config-if)#switchport port-security mac-address
Sticky port
Enable sticky learning on the interface
Switch(config-if)#switchport port-security mac-address sticky
Maximum MAC Addresses port
Set the number of MAC addresses allowed to use this port
Switch(config-if)#switchport port-security maximum (1-3072)
Violation Actions port security
Set the action to be taken when port-security is violated
Switch(config-if)#switchport port-security violation {protect | restrict | shutdown}
Protect - Least secure, Frames from unsecured MAC’s are not forwarded.
Restrict - Medium Secure, Frames from unsecured MAC’s are not forwarded + Syslog + SNMP trap ( message to Monitoring tool ) + Violation counter
Shutdown - Default one and it shuts down
Error-disabled recovery
Once port security is violated on an interface, the interface will go to err-disabled. To return it to normal, do the following:
Switch#show interface status err-disabled
Switch#config t
Switch(config)#interface f0/1
Switch(config-if)#shutdown
Switch(config-if)#no shutdown
After the port is disabled and to bring back automatically, what command do we use?
Errdisable recovery
To Automatically, recover once the port is recovered from Error disabled
Explain DHCP Snooping ?
DHCP snooping (a good thing) is a security feature, typically on a switch, that acts like a firewall between untrusted hosts and trusted DHCP servers DHCP snooping is enabled on a per-VLAN basis and is inactive by default
Explain 802.1x ?
- A client-server-based access control and authentication protocol preventing unauthorized clients from connecting to a LAN through publicly accessible ports unless they are properly authenticated
- The authentication server authenticates each client connected to a switch port before making available any services offered by the switch or the LAN
- After authentication is successful, normal traffic can pass through the port
Explain Nondefault native VLAN?
- The default native VLAN is VLAN1
- The nondefault native VLAN means you changed the native VLAN to be something other than VLAN 1.
- There are a lot of things that are defaulted to VLAN 1 and that means a lot of bad things can happen either accidentally or by way of purposeful exploits.
- VLAN hopping by way of double tagging is one such exploit. It can be easily averted by using a nondefault native vlan
Types of access lists?
Standard, Extended and Named