Basic Network Security

  1. What are the Goals for applying security to your network?
    • Confidentiality
    • Integrity
    • Availability
  2. When attempting to provide confidentialty for your network, what are you doing?
    Keeping your data private from eavsdropping
  3. What is an example of providing confidentiality for you network?
    Preventing Packet Capturing and replying
  4. What are the mitigation steps for providing confidentiality for your network?
    Use encrytion to hide the contents of the sata in transit
  5. When attempting to provide integrity for your network, what are you doing?
    Keeping your data from being aletered
  6. What is an example of providing integrity for you network?
    preventing Man-in-the-middle attacks
  7. What are the mitigation steps for providing integrity for your network?
    Use hashing to take a fingerprint of your data so you can verify it has not changed from its original form
  8. When attempting to provide Availability for your network, what are you doing?
    Keeping your sata, hosts, and services for their intended purpose
  9. What is an example of providing availability for you network?
    preventing Denial of Service (DoS) attacks
  10. What are the mitigation steps for providing availability for your network?
    Use rate limiting to stop an excessive flow of traffic and install the lateset patches
  11. Why do vulnerabilities exist?
    becauseof coding errors and configuration problems
  12. How is it that the number of vulnerabilities in a network increases?
    • networks become more complex
    • the constant challenge of software developers balancing features and ease of useand at the same time providing a secure product
  13. What are the different types of attacks?
    • Reconnaissance
    • Access
    • Denial of Service
  14. What is a security policy good at?
    good at detailing an organization's overall position on security
  15. What are the different reconnaissance attacks?
    • Packet-capturing software
    • Ping Sweeps
    • Internet Information queries
  16. What is a reconnaissance attack?
    the attacker will begin with trying to discover as much information as possible about your network.
  17. What does packet-capturing software allow the hacker to do?
    capture all packets of data or voice as they traverse the network. The attacker can useinformation in these packets to learn about the type of traffic on the network.
  18. What are ping sweeps?
    when a hacker attempts to ping all possible IP addresses on a subnet. Successful responses to the ping will tell the hacker which hosts are up. The attacker can then follow that up with attempting to scan the listening ports on the hosts todiscover what type of services may be running on them.
  19. How does a hacker use Internet information queries?
    discover information about public hosts on the Internet. These are done using domain name system (DNS) lookups with such tools as nslookup (Windows and Linux), Dig(Linux), and Host (Linux), among others.
  20. How can you reduce the threat of reconnaissance attacks?
    • use cryptographic protocols (such as IPsec, Secure Sockets Layer [SSL], or SecureShell [SSH])
    • usingswitches instead of hubs
  21. What are some examples of access attcks?
    • Password attacks
    • Trust exploitation
    • Man-in-the-middle.
  22. What is Trust exploitation?
    when an attacker elevates his or her privileges
  23. What is a Man-in-the-middle(MiTM) attack?
    capturing data in transit and changing it or using that data to launch another attack
  24. What is A good countermeasure that you should always employ to defend against access attacks?
    keep your operating system and applications current with the latest vendor patches.
  25. What is a denial of service attack?
    when a malicious attacker attempts to deny legitimate access to a network, system,or application
  26. How do you protect against DoS and DDoS attacks?
    • keep your systems up to date with the current patches.
    • configurerate limiting on our Internet facing routers to prevent against traffic floods.
  27. What are the common security appliances?
    • Intruder Prevention Systems (IPS)
    • Adaptive Security Appliance (ASA)
    • Cisco DDoS Guard
    • Anomaly Guard and Protector
    • Cisco Secure Agent (CSA)
    • Network Admission Control (NAC)
    • Monitoring, Analysis, and Response System (MARS)
  28. What is the Cisco Intruder Prevention System (IPS)?
    listens to all traffic on your network to detect an attack. When an attack is matched against a signature, the IPS can automatically modify firewall and accesscontrol lists on your routers to block the attacker
  29. What is the Cisco Adaptive Security Appliance (ASA)?
    It is the replacement to the Cisco PIX firewall. It not only operates as a firewall but can also support antivirus, IPsec, network admission control, IPS, andvirtual private network (VPN) technologies into a single device.
  30. What is Cisco DDoS Guard?
    it protects against distributed denial of service (DDoS) attacks.
  31. What is the Anomaly Guard and Protector also called?
    Cisco Anomaly Guard
  32. What is the Anomaly Guard and Protector?
    it matches only known DDoS signatures; it cannot detect new forms of attacks for which there is no signature. The Anomaly Guard uses behavior analysis to maintain a profile for normal traffic and detect any deviations from the normal traffic profile.It can send alerts or interact with the DDoS guard to mitigate the attack.
  33. What is the Cisco Secure Agent (CSA)?
    software installed on end point systems such as desktop clients, servers, and point-of-sale (POS) systems. It defends against targeted attacks, spyware,rootkits, and day-zero attack (a threat for which no patch has been written).
  34. What are the features of Cisco Secure Agent?
    • a built-in IPS
    • malicious mobile code protection
    • OS patch assurance
    • audit logs
  35. What is the Network Admission Control (NAC) formally known as?
    Cisco Clean Access
  36. What is NetworkAdmission Control (NAC)?
    • allows administrators to authenticate, authorize, evaluate, and remediate wired and wireless users prior to allowing the users on the network
    • It can quarantine and prevent noncompliant end stations from accessing the networkuntil they achieve security policy compliance.
  37. What is Security Monitoring, Analysis, and Response System (MARS)?
    provides security monitoring for security devices and host applications. It offers event aggregation, device discovery, compliance reporting, and notifications
  38. What are the best security practices?
    • Use SSH instead of Telnet
    • Configure access lists to permit only necessary traffic
    • Use difficult passwords that do not use words found in a dictionary
    • Use current Cisco IOS Software
    • Encrypt all passwords in the configuration
    • Disable services that you do not need
Card Set
Basic Network Security
Basic Network Security