What are the Goals for applying security to your network?
When attempting to provide confidentialty for your network, what are you doing?
Keeping your data private from eavsdropping
What is an example of providing confidentiality for you network?
Preventing Packet Capturing and replying
What are the mitigation steps for providing confidentiality for your network?
Use encrytion to hide the contents of the sata in transit
When attempting to provide integrity for your network, what are you doing?
Keeping your data from being aletered
What is an example of providing integrity for you network?
preventing Man-in-the-middle attacks
What are the mitigation steps for providing integrity for your network?
Use hashing to take a fingerprint of your data so you can verify it has not changed from its original form
When attempting to provide Availability for your network, what are you doing?
Keeping your sata, hosts, and services for their intended purpose
What is an example of providing availability for you network?
preventing Denial of Service (DoS) attacks
What are the mitigation steps for providing availability for your network?
Use rate limiting to stop an excessive flow of traffic and install the lateset patches
Why do vulnerabilities exist?
becauseof coding errors and configuration problems
How is it that the number of vulnerabilities in a network increases?
- networks become more complex
- the constant challenge of software developers balancing features and ease of useand at the same time providing a secure product
What are the different types of attacks?
- Denial of Service
What is a security policy good at?
good at detailing an organization's overall position on security
What are the different reconnaissance attacks?
- Packet-capturing software
- Ping Sweeps
- Internet Information queries
What is a reconnaissance attack?
the attacker will begin with trying to discover as much information as possible about your network.
What does packet-capturing software allow the hacker to do?
capture all packets of data or voice as they traverse the network. The attacker can useinformation in these packets to learn about the type of traffic on the network.
What are ping sweeps?
when a hacker attempts to ping all possible IP addresses on a subnet. Successful responses to the ping will tell the hacker which hosts are up. The attacker can then follow that up with attempting to scan the listening ports on the hosts todiscover what type of services may be running on them.
How does a hacker use Internet information queries?
discover information about public hosts on the Internet. These are done using domain name system (DNS) lookups with such tools as nslookup (Windows and Linux), Dig(Linux), and Host (Linux), among others.
How can you reduce the threat of reconnaissance attacks?
- use cryptographic protocols (such as IPsec, Secure Sockets Layer [SSL], or SecureShell [SSH])
- usingswitches instead of hubs
What are some examples of access attcks?
- Password attacks
- Trust exploitation
What is Trust exploitation?
when an attacker elevates his or her privileges
What is a Man-in-the-middle(MiTM) attack?
capturing data in transit and changing it or using that data to launch another attack
What is A good countermeasure that you should always employ to defend against access attacks?
keep your operating system and applications current with the latest vendor patches.
What is a denial of service attack?
when a malicious attacker attempts to deny legitimate access to a network, system,or application
How do you protect against DoS and DDoS attacks?
- keep your systems up to date with the current patches.
- configurerate limiting on our Internet facing routers to prevent against traffic floods.
What are the common security appliances?
- Intruder Prevention Systems (IPS)
- Adaptive Security Appliance (ASA)
- Cisco DDoS Guard
- Anomaly Guard and Protector
- Cisco Secure Agent (CSA)
- Network Admission Control (NAC)
- Monitoring, Analysis, and Response System (MARS)
What is the Cisco Intruder Prevention System (IPS)?
listens to all traffic on your network to detect an attack. When an attack is matched against a signature, the IPS can automatically modify firewall and accesscontrol lists on your routers to block the attacker
What is the Cisco Adaptive Security Appliance (ASA)?
It is the replacement to the Cisco PIX firewall. It not only operates as a firewall but can also support antivirus, IPsec, network admission control, IPS, andvirtual private network (VPN) technologies into a single device.
What is Cisco DDoS Guard?
it protects against distributed denial of service (DDoS) attacks.
What is the Anomaly Guard and Protector also called?
Cisco Anomaly Guard
What is the Anomaly Guard and Protector?
it matches only known DDoS signatures; it cannot detect new forms of attacks for which there is no signature. The Anomaly Guard uses behavior analysis to maintain a profile for normal traffic and detect any deviations from the normal traffic profile.It can send alerts or interact with the DDoS guard to mitigate the attack.
What is the Cisco Secure Agent (CSA)?
software installed on end point systems such as desktop clients, servers, and point-of-sale (POS) systems. It defends against targeted attacks, spyware,rootkits, and day-zero attack (a threat for which no patch has been written).
What are the features of Cisco Secure Agent?
- a built-in IPS
- malicious mobile code protection
- OS patch assurance
- audit logs
What is the Network Admission Control (NAC) formally known as?
Cisco Clean Access
What is NetworkAdmission Control (NAC)?
- allows administrators to authenticate, authorize, evaluate, and remediate wired and wireless users prior to allowing the users on the network
- It can quarantine and prevent noncompliant end stations from accessing the networkuntil they achieve security policy compliance.
What is Security Monitoring, Analysis, and Response System (MARS)?
provides security monitoring for security devices and host applications. It offers event aggregation, device discovery, compliance reporting, and notifications
What are the best security practices?
- Use SSH instead of Telnet
- Configure access lists to permit only necessary traffic
- Use difficult passwords that do not use words found in a dictionary
- Use current Cisco IOS Software
- Encrypt all passwords in the configuration
- Disable services that you do not need