Connecting Networks v6.0 Chapter 5

Questions and Answers

Which of the following is NOT a common Layer 2 attack?

• DHCP Attack
• CDP Reconnaissance Attack
• HTTP Flood Attack (correct)
• MAC Address Table Flooding Attack

What role does IP Source Guard (IPSG) play in LAN security?

• It monitors network traffic through SPAN.
• It configures firewalls for security.
• It creates VLANs for network separation.
• It prevents MAC and IP address spoofing. (correct)

Which of the following best describes the purpose of SNMP in network management?

• To monitor network performance and operations. (correct)
• To configure VLANs for traffic management.
• To secure user connections through encryption.
• To prevent Layer 2 attacks.

Which technique is commonly used to secure the transmission of sensitive data over a network?

SSH (A)

What is the primary function of the Cisco Switch Port Analyzer (SPAN)?

To troubleshoot network problems and analyze traffic. (C)

Which common LAN security solution helps protect Layer 2 of a network?

SSH (A)

Which of the following attacks targets the ability to control network traffic by manipulating VLAN configuration?

VLAN Attack (B)

To compile network performance data, which protocol is most suitable for a small to medium-sized business?

SNMP (D)

What command is used to disable a protected port on a switch?

no switchport protected (B)

What is the primary purpose of DHCP snooping?

To mitigate DHCP attacks (B)

Which of the following describes a DHCP spoofing attack?

Configuring a fake DHCP server (A)

What happens during a DHCP starvation attack?

The DHCP server is overloaded with requests (A)

What types of ports does DHCP snooping recognize?

Trusted and untrusted ports (B)

What is typically true about the 'Protected' status of a switchport after being configured as protected?

It is marked as 'true' for protection (B)

What result does enabling DHCP snooping have on unauthorized DHCP server messages?

They are denied and dropped (C)

Which mode must a switch interface be in to use the command 'switchport protected'?

Access mode (B)

What is the primary purpose of DHCP snooping?

To determine which switch ports can respond to DHCP requests (C)

In a DHCP starvation attack, what is the attacker attempting to do?

Overwhelm the DHCP server with requests to exhaust its IP address pool (D)

Which component is responsible for acknowledging DHCP requests from clients?

DHCP Server (A)

What kind of server is involved in a DHCP starvation attack?

Rogue DHCP Server (A)

What is indicated by the DHCP Ack process?

A client has been successfully assigned an IP address (C)

What is a common mitigation strategy against DHCP starvation attacks?

Implement DHCP Snooping (B)

Which component in the DHCP process sends the initial IP address offers to clients?

DHCP Server (B)

What can be the consequence of a successful DHCP starvation attack?

Legitimate clients are unable to obtain IP addresses (D)

What is the purpose of the community string 'batonaug' in SNMP configurations?

To establish a secure connection between SNMP managers and agents. (A)

Which command would you use to restrict SNMP access to specific hosts?

ip access-list standard (A)

What does the command 'snmp-server enable traps' accomplish?

It enables notifications for significant events. (D)

Why is the contact information set to 'Wayne World' in the configuration?

To provide contact information for troubleshooting. (B)

What is the significance of specifying the location as 'NOC_SNMP_MANAGER'?

It indicates the physical location for troubleshooting. (D)

Which IP address is configured for the SNMP manager in the example?

192.168.1.3 (D)

What does the term 'traps' refer to in SNMP configurations?

Notifications sent by the SNMP agent about significant events. (A)

Which version of SNMP is specified in the configuration commands?

2c (D)

What is required to set up RSPAN for traffic monitoring?

A VLAN designated as a RSPAN VLAN (C)

Which command is used to define a VLAN as a remote span on a switch?

SW1(config-vlan)# remote-span (D)

What type of session is initiated on SW1 when monitoring traffic from Fa0/7?

Remote Source Session (B)

What is the purpose of the 'show monitor' command?

To verify the RSPAN and SPAN sessions (A)

What must match between the source and destination switches in RSPAN configuration?

The RSPAN VLAN number (B)

How can SPAN be used as a tool for troubleshooting?

By redirecting traffic to a packet analyzer (A)

What is the role of the 'monitor session' command in the RSPAN setup?

To configure the source and destination for monitoring (D)

Which statement is true regarding the session numbers in RSPAN configuration?

Session numbers can differ between switches (B)

Study Notes

LAN Security

• Common LAN security solutions include routers, firewalls, Intrusion Prevention Systems (IPS), and VPN devices to protect Layers 3 to 7; Layer 2 requires separate protection.
• Common Layer 2 attacks:
  • CDP Reconnaissance Attack
  • Telnet Attacks
  • MAC Address Table Flooding Attack
  • VLAN Attacks
  • DHCP Attacks

LAN Security Best Practices

• Implement IP Source Guard (IPSG) to bind a host’s IP address to its MAC address to prevent MAC and IP address spoofing.
• Use secure variants of protocols like SSH and SCP.
• Configure protected ports to restrict access and improve network security.

DHCP Attacks

• DHCP Spoofing Attack: A malicious attacker sets up a fake DHCP server to assign IP addresses to clients.
• DHCP Starvation Attack: Bombards the DHCP server with requests to exhaust available IP addresses, leading to denial-of-service (DoS).
• Mitigation strategies for DHCP attacks include configuring DHCP snooping and port security.

DHCP Snooping

• Enables the switch to deny unauthorized DHCP server messages from untrusted ports and unauthorized client messages from untrusted DHCP servers.
• Ports recognized by DHCP snooping:
  • Trusted Ports: Connect to legitimate DHCP servers.
  • Untrusted Ports: Connect to hosts that should not provide DHCP services.

Configuring SNMP

• Configuration steps for SNMP include setting the community string, location, contact, host address, and enabling traps for notifications.
• The community string serves as a password for authentication between SNMP manager and agent.
• Proper access control lists (ACLs) restrict SNMP access to designated management hosts for security.

Remote SPAN (RSPAN)

• RSPAN facilitates monitoring network traffic across different switches using a designated RSPAN VLAN.
• Example configuration involves creating an RSPAN VLAN and setting up monitor sessions to specify source and destination ports.

SPAN as a Troubleshooting Tool

• SPAN is utilized by administrators to troubleshoot network issues by redirecting traffic to packet analyzers like Wireshark for analysis.
• Particularly useful for diagnosing problems with slow applications and older systems with faulty network interface cards (NICs).

Description

Explore the key concepts in Chapter 5 of Connecting Networks v6.0, focusing on network security and monitoring. This chapter covers how to mitigate common LAN security attacks and provides insights into configuring SNMP for effective network operations. Test your understanding of these important security concepts!