modull-16

Questions and Answers

What is the primary purpose of Stateful Packet Inspection (SPI) in network security?

• Encrypts all data packets transmitted over the network
• Blocks unsolicited inbound traffic and allows return traffic from internal sessions (correct)
• Enables Telnet access for remote configuration
• Allows all inbound traffic for testing purposes

Which of the following steps is NOT part of Router/Switch Hardening?

• Using broadcasting for encryption purposes (correct)
• Setting a unique device hostname
• Encrypting plaintext passwords
• Limiting login attempts to deter brute force attacks

In the context of configuring SSH on a Cisco device, which command is necessary to activate SSH on vty lines?

• login local, transport input ssh (correct)
• transport input telnet
• set exec-timeout 30
• enable service password-encryption

What is one of the key benefits of using SSH over Telnet?

SSH provides encrypted communication while Telnet does not (D)

Which command would you use to see open ports on a Cisco device?

show ip ports all (A), show control-plane host open-ports (B)

Which of the following describes the characteristic of a Trojan Horse in network security?

Disguises itself as legitimate software and opens backdoors. (D)

What is a common vulnerability associated with policy in network security?

Outdated or nonexistent security policies. (D)

In the context of a Denial of Service (DoS) attack, what is the primary goal?

To disrupt legitimate access to network resources. (A)

Which of the following practices is NOT recommended as a part of the defense-in-depth strategy?

Utilize weak passwords for all accounts. (A)

What type of attack involves unauthorized access to data or systems through password cracking?

Access attack. (D)

Which one of the following is a physical threat to network security?

Environmental threats such as humidity extremes. (C)

What is the function of URL filtering in a firewall?

Restricts access to designated websites or keywords. (B)

Which aspect of the AAA framework addresses the question 'What are you allowed to do?'

Authorization. (B)

Flashcards

Stateful Packet Inspection (SPI)

A security feature that only allows traffic initiated from within the network to return to the network, blocking unsolicited inbound connections.

Cisco AutoSecure

A Cisco IOS feature that helps automate secure configurations, making it easier to implement security best practices.

SSH (Secure Shell)

A secure protocol for remote access that encrypts all communication.

Disabling Unused Services

A process of strengthening security by disabling unnecessary services and protocols on network devices, minimizing the attack surface.

Device Hardening

A method of protecting network devices by implementing strong passwords, secure protocols like SSH, and disabling unnecessary services.

Virus

A malicious program that needs a host file to spread and infects other files when executed.

Worm

A type of malware that self-replicates and doesn't need a host file to spread.

Trojan Horse

Disguised as legitimate software but contains hidden malicious code that compromises security.

Reconnaissance

The process of gathering information about a target network to identify vulnerabilities.

DoS (Denial of Service) Attack

A type of attack that aims to overwhelm a server with requests to prevent legitimate users from accessing it.

Defense-in-Depth

A security approach that uses multiple layers of protection to secure a network.

Authorization

The security process that determines who has access to a network resource.

Accounting

The security process that logs and tracks user actions on a network.

Study Notes

Network Security Fundamentals

• Threat Categories:

  • Information theft (confidential info, trade secrets)
  • Data loss and manipulation (altering/destroying data)
  • Identity theft (using someone else's credentials)
  • Disruption of service (preventing access to network resources)

• Vulnerability Categories:

  • Technological (software bugs, hardware attacks, unpatched OS/applications)
  • Configuration (default settings, weak passwords, misconfigurations)
  • Policy (outdated or nonexistent security policies/procedures)

• Physical Security Threats:

  • Hardware threats (damaging devices like servers, routers)
  • Environmental threats (overheating, humidity extremes, electrical issues)
  • Maintenance threats (poor handling, lack of spares, poor labeling)
  • Implement security measures (locks, surveillance, restricted access, climate control, UPS)

Types of Attacks

• Malware:

  • Virus (needs a host file, spreads on execution)
  • Worm (self-replicates, no host file needed)
  • Trojan Horse (disguised as legitimate software, creates backdoors)

• Network Attacks:

  • Reconnaissance (finding vulnerabilities; ping sweeps, port scans)
  • Access attacks (unauthorized access; password cracking, trust exploitation, port redirection, man-in-the-middle)
  • DoS/DDoS (overwhelm resources; legitimate users lose service)

Network Security: Defense-in-Depth

• Layered Approach: Multiple security devices and services (firewalls, VPNs, IPS, ESA, WSA, AAA servers, network hardening)

• Key Security Practices:

  • Backups (regular config and data backups, offsite storage)
  • Upgrades, Updates, Patches (keep OS/applications current)
  • Strong Passwords (at least 8-10 characters, complex, change often)
  • Disable Unused Services (turn off insecure or unneeded protocols)

• AAA Framework:

  • Authentication (verifying identity)
  • Authorization (determining access rights)
  • Accounting (tracking actions/access)

Firewalls

• Packet Filtering: Blocks traffic by IP or MAC addresses
• Application Filtering: Blocks traffic by port or application type
• URL Filtering: Blocks access to specific websites/keywords
• Stateful Packet Inspection (SPI): Blocks unsolicited inbound traffic, allows return traffic from established internal sessions

Hardening Devices

• Cisco AutoSecure: Automates secure configurations (IOS feature)
• Router/Switch Hardening Steps:
  • Unique hostnames (not default)
  • Strong, encrypted passwords (enable secret)
  • Encrypt passwords (service password encryption)
  • Minimum password length
  • Limit login attempts (prevent brute-force attacks)
  • Set exec-timeout (automatically log out idle sessions)
• SSH: Use SSH (encrypted) instead of Telnet (unencrypted)
• SSH Configuration Steps:
  • Set hostname/domain; generate RSA keys; add local user; activate SSH on vty lines
• Disable Unused Services: Disable unneeded protocols (e.g., Telnet, HTTP) using commands like show ip ports all.

Study Focus

• Be familiar with attack types (reconnaissance, access, DoS)
• Understand device hardening (passwords, SSH, disabling services)
• Master the layered security approach.
• Practice configuration commands on Cisco routers/switches (SSH setup, password policies).