Cisco Networking ITN Module 16 Review

Policy Vulnerabilities

Lack of written security policies, politics, lack of authentication continuity, logical access controls not applied, software and hardware installation and changes do not follow policy, and a nonexistent disaster recovery plan

Technological Vulnerabilities

TCP/IP Protocol, Operating System, or Network Equipment Weaknesses

Denial of Service Attack

The disabling or corruption of networks, systems, or services

Reconnaissance Attack

The discovery and mapping of systems, services, or vulnerabilities

Access Attack

The unauthorized manipulation of data, system access, or user privileges

Configuration Vulnerabilities

Unsecured user accounts, easily guessed passwords, misconfigured settings, unsecured default settings, and misconfigured network equipment

login local

a command used to force the switch to look in the local database for a username and password to authenticate for SSH

ASA Firewall

a dedicated device that provides stateful firewall services ensuring that internal traffic can go out and come back, but external traffic cannot initiate connections to inside hosts

AAA Server

a server that contains a secure database of who is authorized to access and manage network devices

Worm

a type of malware that are standalone programs that do not require a host program or human help to propagate

Virus

a type of malware that propagates by inserting a copy of itself into, and becoming part of, another program

Authenticate, Authorize, and Accounting

a way to control who is permitted to access a network, what actions they perform while accessing the network, and making a record of what was done while they are there

VPN

allows a secure private connection over a public network, using an encrypted 'tunnel'

DDoS Attack

an attack that uses a botnet of compromised computers to disrupt legitimate access to a system

DoS Attack

an attack whose purpose is to disrupt legitimate access to a system

IPS

an intrusion prevention system that monitors incoming and outgoing traffic looking for malware, network attack signatures, and, if it recognizes a threat, it can immediately stop it

Password Attack

any type of attack in which the attacker attempts to obtain and make use of passwords illegitimately

Data loss and Manipulation

breaking into a computer to destroy or alter data records

Information Theft

breaking into a computer to obtain confidential information

service password-encryption

command that encrypts plain text passwords on a router or switch

security passwords min-length

command that enforces the character length of the password on a router or switch

login block-for attempts within

command that prevents brute-force password guessing attacks on a router or switch

exec-timeout

command that sets the timeout in seconds and minutes for the console connection

crypto key generate rsa general-keys modulus

command used to generate an encryption key for SSH on a router or switch

transport input ssh

disables telnet by specifying only SSH in the line configuration command

Port Scans

discovering services on publicly accessible IP addresses that are actively listening that may have vulnerabilities

no ip http server

dispables the built-in web server on a router

show ip ports all

displays open service ports on a router

ESA

email security appliance that filters spam and suspicious emails

Stateful Packet Inspection

firewall feature where incoming packets must be legitimate responses to requests from internal hosts and unsolicited packets are blocked unless permitted specifically

Ping Sweeps

identifying active public IP addresses using fping or gping tools

Hardware Threats

physical damage to servers, routers, switches, cabling plant, and workstations

Maintenance Threats

poor handling of key electrical components (electrostatic discharge), lack of critical spare parts, poor cabling, and poor labeling

Disruption of Service

preventing legitimate users from accessing services to which they are entitled

Packet Filtering

prevents or allows access based on IP or MAC addresses

Application Filtering

prevents or allows access by specific application types based on port numbers

URL Filtering

prevents or allows access to websites based on specific web addresses or keywords

Firewall

protects computers and networks by preventing undesirable traffic from entering internal networks

SSH

protocol used for secure, encrypted remote access to a router, switch, or server

Internet Queries

searching for information on a target using Google search, nslookup, and whois

Password

should be 10 or more characters in length and complex using upper and lowercase letters, numbers, and symbols

Data Backup

stores a copy of the information on a computer to removable backup media that can be kept in a safe place

Environmental Threats

temperature extremes (too hot or too cold) or humidity extremes (too wet or too dry)

Trojan Horse

type of malware named after the wooden horse the Greeks used to infiltrate Troy that is a harmful piece of software that looks legitimate tricking users into loading and executing it on their systems creating back doors to give malicious users access to their system

Port Redirection Attack

using a compromised system as a base for attacks against other targets

Trust Exploitation Attack

using unauthorized privileges to gain access to a system, possibly compromising the target

Electrical Threats

voltage spikes, insufficient supply voltage (brownouts), unconditioned power (noise), and total power loss

WSA

web security appliance that filters known and suspicious internet malware sites

Man-in-the-Middle Attack

when a threat actor is positioned in between two legitimate entities in order to read or modify the data that passes between the two parties

Identity Theft

where personal information is stolen for the purpose of taking over someone's identity