modull-16

Questions and Answers

What is the primary purpose of Stateful Packet Inspection (SPI) in network security?

Encrypts all data packets transmitted over the network

Blocks unsolicited inbound traffic and allows return traffic from internal sessions (correct)

Enables Telnet access for remote configuration

Allows all inbound traffic for testing purposes

Which of the following steps is NOT part of Router/Switch Hardening?

Using broadcasting for encryption purposes (correct)

Setting a unique device hostname

Encrypting plaintext passwords

Limiting login attempts to deter brute force attacks

In the context of configuring SSH on a Cisco device, which command is necessary to activate SSH on vty lines?

login local, transport input ssh (correct)

transport input telnet

set exec-timeout 30

enable service password-encryption

What is one of the key benefits of using SSH over Telnet?

SSH provides encrypted communication while Telnet does not

Which command would you use to see open ports on a Cisco device?

show ip ports all

Which of the following describes the characteristic of a Trojan Horse in network security?

Disguises itself as legitimate software and opens backdoors.

What is a common vulnerability associated with policy in network security?

Outdated or nonexistent security policies.

In the context of a Denial of Service (DoS) attack, what is the primary goal?

To disrupt legitimate access to network resources.

Which of the following practices is NOT recommended as a part of the defense-in-depth strategy?

Utilize weak passwords for all accounts.

What type of attack involves unauthorized access to data or systems through password cracking?

Access attack.

Which one of the following is a physical threat to network security?

Environmental threats such as humidity extremes.

What is the function of URL filtering in a firewall?

Restricts access to designated websites or keywords.

Which aspect of the AAA framework addresses the question 'What are you allowed to do?'

Authorization.

Study Notes

Network Security Fundamentals

• Threat Categories:

  • Information theft (confidential info, trade secrets)
  • Data loss and manipulation (altering/destroying data)
  • Identity theft (using someone else's credentials)
  • Disruption of service (preventing access to network resources)

• Vulnerability Categories:

  • Technological (software bugs, hardware attacks, unpatched OS/applications)
  • Configuration (default settings, weak passwords, misconfigurations)
  • Policy (outdated or nonexistent security policies/procedures)

• Physical Security Threats:

  • Hardware threats (damaging devices like servers, routers)
  • Environmental threats (overheating, humidity extremes, electrical issues)
  • Maintenance threats (poor handling, lack of spares, poor labeling)
  • Implement security measures (locks, surveillance, restricted access, climate control, UPS)

Types of Attacks

• Malware:

  • Virus (needs a host file, spreads on execution)
  • Worm (self-replicates, no host file needed)
  • Trojan Horse (disguised as legitimate software, creates backdoors)

• Network Attacks:

  • Reconnaissance (finding vulnerabilities; ping sweeps, port scans)
  • Access attacks (unauthorized access; password cracking, trust exploitation, port redirection, man-in-the-middle)
  • DoS/DDoS (overwhelm resources; legitimate users lose service)

Network Security: Defense-in-Depth

• Layered Approach: Multiple security devices and services (firewalls, VPNs, IPS, ESA, WSA, AAA servers, network hardening)

• Key Security Practices:

  • Backups (regular config and data backups, offsite storage)
  • Upgrades, Updates, Patches (keep OS/applications current)
  • Strong Passwords (at least 8-10 characters, complex, change often)
  • Disable Unused Services (turn off insecure or unneeded protocols)

• AAA Framework:

  • Authentication (verifying identity)
  • Authorization (determining access rights)
  • Accounting (tracking actions/access)

Firewalls

• Packet Filtering: Blocks traffic by IP or MAC addresses
• Application Filtering: Blocks traffic by port or application type
• URL Filtering: Blocks access to specific websites/keywords
• Stateful Packet Inspection (SPI): Blocks unsolicited inbound traffic, allows return traffic from established internal sessions

Hardening Devices

• Cisco AutoSecure: Automates secure configurations (IOS feature)
• Router/Switch Hardening Steps:
  • Unique hostnames (not default)
  • Strong, encrypted passwords (enable secret)
  • Encrypt passwords (service password encryption)
  • Minimum password length
  • Limit login attempts (prevent brute-force attacks)
  • Set exec-timeout (automatically log out idle sessions)
• SSH: Use SSH (encrypted) instead of Telnet (unencrypted)
• SSH Configuration Steps:
  • Set hostname/domain; generate RSA keys; add local user; activate SSH on vty lines
• Disable Unused Services: Disable unneeded protocols (e.g., Telnet, HTTP) using commands like show ip ports all.

Study Focus

• Be familiar with attack types (reconnaissance, access, DoS)
• Understand device hardening (passwords, SSH, disabling services)
• Master the layered security approach.
• Practice configuration commands on Cisco routers/switches (SSH setup, password policies).