CCC NET 125 Chapter 11

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Server-based firewalls.

A firewall application that runs on a network operating system such as UNIX or Windows. These are normally access-control applications that run on a general-purpose OS. Because the underlying OS has inherent weaknesses, this type of firewall is generally less secure than an appliance-based device.

Appliance-based.

A firewall that is built into a dedicated hardware device known as a security appliance. These devices are specialized computers that do not have peripherals or hard drives and are less prone to failure.

The key cause of the failure was high humidity, which is an environmental threat.

A key network switch has failed because of excessive humidity. What type of physical threat caused the problem?

tracert 10.1.1.5

A network technician is investigating network connectivity from a PC to a remote host with the address 10.1.1.5. Which command, when issued on a Windows PC, will display the path to the remote host?

ipconfig /displaydns

A particular website does not appear to be responding on a Windows 7 computer. What command could the technician use to show any cached DNS entries for this web page?

! - indicates receipt of an ICMP Echo Reply message. . - Indicates that a time expired while waiting for an ICMP Echo Reply message. U - An ICMP unreachable message was received.

A ping issued from the IOS will yield one of several indications for each ICMP echo that was sent. List and explain the most common indicators.

Have a second router that is connected to another ISP.

A small company has only one router as the exit point to its ISP. Which solution could be adopted to maintain connectivity if the router itself, or its connection to the ISP, fails?

False

A weakness of wireless WPA security is that it uses a static pre-configured key to encrypt/decrypt data.

Authentication: Users and administrators must prove that they are who they say they are. Authorization: Authorization services determine which resources the user can access and which operations the user is allowed to perform. Accounting: Accounting records what the user does, including what is accessed, the amount of time the resource is accessed, and any changes that were made.

AAA, or "triple A" network security services provide the primary framework to set up access control on a network device. List and explain what the AAA represents.

Information theft Identity theft Data loss/manipulation Disruption of service

After the hacker gains access to the network, four types of threats may arise. These are:

show file systems

An administrator wants to back up a router configuration file to a USB drive that is connected to the router. Which command should the administrator use to verify that the USB drive is being recognized by the router?

An attacker is using the ping sweep to gather information on the network, making this a reconnaissance attack.

An attacker runs a ping sweep against a network. What type of attack is this?

show interfaces

Can be used to see the status of each interface

devices to learn about each other

Cisco Discovery Protocol (CDP) operates at the data link layer and allows_________________

On the File menu, click Log. Choose the location to save the file. After capture has been started, execute the show running-config or show startup-config command at the privileged EXEC prompt. When the capture is complete, select Close in the Tera Term: Log window. View the file to verify that is was not corrupted.

Configuration files can be saved/archived to a text file using Tera Term. What are the steps involved?

real-time traffic

Data traffic that carries signal output as it happens or as fast as possible. This is sensitive to latency and jitter.

Service that assigns the IP address, subnet mask, default gateway, and other information to clients. Port 67, 68.

Describe the network service this protocol provides: DHCP

Service that provides the IP address of a site based on host or domain name. Port 53.

Describe the network service this protocol provides: DNS

Services that allow the download and upload of files between a client and server. Port 20, 21.

Describe the network service this protocol provides: FTP

Most web pages are accessed using this; used to transfer information between clients and web servers. Port 80.

Describe the network service this protocol provides: HTTP

Transfers email messages between clients and servers. IMAP port 143. POP port 110. SMTP port 25.

Describe the network service this protocol provides: IMAP, SMTP, POP

Service that allows the remote login to a host. Port 23.

Describe the network service this protocol provides: Telnet

Attack mitigation.

Endpoint security also requires securing Layer 2 devices in the network infrastructure to prevent against Layer 2 attacks such as MAC address spoofing, MAC address table overflow attacks, and LAN storm attacks. This is known as:

Other programs may need the assistance of application layer services to use network resources like file transfer or network print spooling. Though transparent to an employee, these services are the programs that interface with the network and prepare the data for transfer. Different types of data, whether text, graphics or video, require different network services to ensure that they are properly prepared for processing by the functions occurring at the lower layers of the OSI model.

Explain application layer services.

VoIP devices convert analog into digital IP packets. The device could be an analog telephone adapter (ATA) that is attached between a traditional analog phone and the Ethernet switch. After the signals are converted into IP packets, the router sends those packets between corresponding locations.

Explain how VoIP works.

When a Cisco device boots, CDP starts by default. CDP automatically discovers neighboring Cisco devices running CDP, regardless of which Layer 3 protocol or suites are running. CDP exchanges hardware and software device information with its directly connected CDP neighbors.

Explain in detail what happens when a Cisco device boots up and has CDP - Cisco Discovery Protocol - enabled.

Applications are the software programs used to communicate over the network. Some end-user applications are network-aware, meaning that they implement application layer protocols and are able to communicate directly with the lower layers of the protocol stack. Email clients and web browsers are examples of this type of application.

Explain network applications.

A worm installs itself by exploiting known vulnerabilities in systems. After gaining access to a host, a worm copies itself to that host and then selects new targets. The attacker then has access to the host, often as a privileged user, then could escalate the privilege level to administrator.

Explain the three step process of a worm attack.

It verifies the proper operation of the protocol stack from the network layer to the physical layer and back without actually putting signal on the media.

Explain what pinging the loopback address 127.0.0.1 does.

Packet filtering: Prevents or allows access based on IP or MAC addresses. Application filtering: Prevents or allows access by specific application types based on port numbers. URL filtering: Prevents or allows access to websites based on specific URLs or keywords. Stateful packet inspection - SPI: Incoming packets must be legitimate responses to requests from internal hosts.

Firewall products use various techniques for determining what is permitted or denied access to a network. List and explain the techniques firewalls use.

Redundancy can be accomplished by installing duplicate equipment, but it can also be accomplished by supplying duplicate network links for critical areas.

How can redundancy be accomplished in a network environment?

Using different nonoverlapping channels for communication.

How can you have multiple ISRs operate in close proximity?

Type ping and then press enter.

How is "extended ping" entered on a Cisco router?

In IP telephony, the IP phone itself performs voice-to-IP conversion. Voice-enabled routers are not required within a network with an integrated IP telephony solution. IP phones use a dedicated server for call control and signaling.

How is IP Telephony different than VoIP?

during peak utilization times

How should traffic flow be captured in order to best understand traffic patterns in a network?

Integrated firewalls.

Implemented by adding firewall functionality to an existing device, such as a router. These are found on most home integrated routers but are also found on higher-end routers that run special operating systems like Cisco IOS.

A small network administrator has the ability to obtain in-person IT "snapshots" of employee application utilization for a significant portion of the employee workforce over time.

In addition to understanding changing traffic trends, a network administrator must also be aware of how network use is changing. What is one method of doing this?

redundancy

In internetworking, a network architecture designed to eliminate network downtime caused by a single point of failure. This includes the replication of devices, services, or connections that support operations even in the occurrence of a failure.

Stateful packet inspection

Incoming packets must be legitimate responses to requests from internal hosts. Unsolicited packets are blocked unless permitted specifically.

Information gathered by the protocol analyzer is evaluated based on the source and destination of the traffic, as well as the type of traffic being sent.

Information gathered by the protocol analyzer is analyzed based on what?

Trojan horse

It is a harmful piece of software that looks legitimate. Users are typically tricked into loading and executing it on their systems. After it is activated, it can achieve any number of attacks on the host, from irritating the user (popping up windows or changing desktops) to damaging the host (deleting files, stealing data, or activating and spreading other malware, such as viruses).

Network documentation - physical and logical topology. Device inventory - list of devices that use or comprise the network. Budget - itemized IT budget, including fiscal year equipment purchasing budget. Traffic analysis - protocols, applications, and services and their respective traffic requirements, should be documented.

List and explain the elements required to scale a network.

Containment: Contain the spread of the worm within the network. Compartmentalize uninfected parts of the network. Inoculation: Start patching all systems and, if possible, scanning for vulnerable systems. Quarantine: Track down each infected machine inside the network. Disconnect, remove, or block infected machines from the network. Treatment: Clean and patch each infected system. Some worms might require complete core system reinstallations to clean the system.

List and explain the recommended steps for worm attack mitigation.

RADIUS: An open standard with low use of CPU resources and memory. It is used by a range of network devices, such as switches, routers, and wireless devices. TACACS+: A security mechanism that enables modular authentication, authorizations, and accounting services. It uses a TACACS+ daemon running on a security server.

List and explain the two most popular options for external authentication of users.

Device identifiers - For example, the configured host name of a switch. Address list - Up to one network layer address for each protocol supported. Port identifier - The name of the local and remote port in the form of an ASCII character string, such as FastEthernet 0/0. Capabilities list - For example, whether this device is a router or a switch. Platform - The hardware platform of the device; for example, a Cisco 1841 series router.

List and explain what information CDP provides about each CDP neighbor device.

Password attacks Trust Exploitation Port Redirection Man-in-the-Middle

List several samples of Access attacks.

Internet queries, ping sweeps, port scans, and packet sniffers.

List several samples of Reconnaissance attacks.

show running-config show interfaces show arp show ip route show protocols show version

List some of the most popular Cisco IOS show commands.

The Cisco IOS Software version being used. The version of the system bootstrap software, stored in ROM, that was initially used to boot the router. The complete filename of the Cisco IOS image and where the bootstrap program located it. The type of CPU and the amount of RAM. The number and type of physical interfaces. The amount of NVRAM. The amount of flash memory. The currently configured value of the software configuration register in hexadecimal.

List the output from the show version command.

Viruses, worms, trojan horses.

List the three main types of malicious code attacks.

Making illegal online purchases by posing as another person is identity theft.

Making illegal online purchases is what type of security threat?

Reconnaissance attacks - the discovery and mapping of systems, services, or vulnerabilities. Access attacks - the unauthorized manipulation of data, system access, or user privileges. Denial of service - the disabling or corruption of networks, systems, or services.

Network attacks can be classified into three major categories. List and explain each.

protocol analyzer

Network monitoring device gathers information regarding the status of the network and devices attached to it. Also known as a network analyzer, or packet sniffer.

Viewing configuration files, checking the status of device interfaces and processes, and verifying the device operational status.

Network technicians use show commands extensively for:

/all

On a Windows workstation use the switch ____________ for the command ipconfig to see the most information about your NIC settings.

ping of death

On the Internet, this is a denial of service (DoS) attack caused by an attacker deliberately sending an IP packet larger than the 65,536 bytes allowed by the IP protocol. The resources it overloads are disk space, bandwidth, and buffers.

Console ports, vty ports

On which two interfaces or ports can security be improved by configuring executive timeouts?

Changing the default username and password, changing the default Linksys IP address, and changing the default DHCP IP address.

Other security implementations that can be configured on a wireless AP include:

This can be very useful when troubleshooting network traffic issues using a protocol analyzer. Administrators are better able to control access to resources on the network based on IP address when a deterministic IP addressing scheme is used.

Planning and documenting the IP addressing scheme helps the administrator to track device types. Explain two reasons why this is important.

packet filtering

Prevents or allows access based on IP or MAC addresses.

application filtering

Prevents or allows access by specific program types based on port numbers

URL filtering

Prevents or allows access to websites

Personal firewalls.

Reside on host computers and are not designed for LAN implementations. They can be available by default from the OS or can come from an outside vendor. Often used when a host device is directly connected to an ISP and provides protection only for the single host.

A company must have well-documented policies in place and employees must be aware of these rules.

Securing endpoint devices is one of the most challenging jobs of a network administrator, because it involves human nature. What must a company have to accomplish this task?

SSH

Telnet is an unsecure method of accessing a Cisco device "in band". What is a better method?

True

The SSID is a case-sensitive, alphanumeric name for your wireless network.

Technology. Configuring easily guessed passwords creates a vulnerability that can easily be exploited.

The network administrator set the admin password on a new router to pa55w0rd. The security of the router was later compromised. What type of vulnerability allowed the attack?

Through the use of redundant switch connections between multiple switches on the network and between switches and routers.

The smaller the network, the less the chance that redundancy of equipment will be affordable. What is a common way to introduce redundancy in a small network?

Vulnerability, threat, attack.

There are three network security factors. These are:

Technological, configuration, and security

There are three primary vulnerabilities or weaknesses. These are:

Network applications and application layer services.

There are two forms of software programs or processes that provide access to the network:

Worms

These are similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage. In contrast to viruses, which require the spreading of an infected host file, this is standalone software and do not require a host program or human help to propagate.

Identity theft

This is a form of information theft where personal information is stolen for the purpose of taking over someone's identity. Using this information, an individual can obtain legal documents, apply for credit, and make unauthorized online purchases. Identity theft is a growing problem costing billions of dollars per year.

Virus

This is a type of malware that propagates by inserting a copy of itself into, and becoming part of, another program. It spreads from one computer to another, leaving infections as it travels.

Data loss/manipulation

This is breaking into a computer to destroy or alter data records. Examples of data loss: sending a virus that reformats a computer's hard drive. Examples of data manipulation: breaking into a records system to change information, such as the price of an item.

Information theft

This is breaking into a computer to obtain confidential information. Information can be used or sold for various purposes. Example: stealing an organization's proprietary information, such as research and development information.

Disruption of service

This is preventing legitimate users from accessing services to which they should be entitled. Examples: Denial of Service (DoS) attacks on servers, network devices, or network communications links

FAT16

To be compatible with a Cisco router, a USB flash drive must be formatted in a _________________ format.

Capture traffic during peak utilization times to get a good representation of the different traffic types. Perform the capture on different network segments; some traffic will be local to a particular segment.

To determine traffic flow patterns, it is important to:

1. Secure file and mail servers in a centralized location. 2. Protect the location from unauthorized access by implementing physical and logical security measures. 3. Create redundancy in the server farm that ensures if one device fails, files are not lost. 4. Configure redundant paths to the servers.

To help ensure availability to network services, the network designer should take the following steps:

Use a password length of at least 8 characters, preferably 10 or more characters. Make passwords complex. Avoid passwords based on repetition, common dictionary words, or other easily identifiable pieces of information. Deliberately misspell a password. Change passwords often. Do not write passwords down and leave them in obvious places.

To protect network devices, it is important to use strong passwords. What are standard guidelines for creating strong passwords?

Real-Time Transport Protocol - RTP and Real-Time Transport Control Protocol - RTCP are two protocols that support this requirement.

To transport streaming media effectively, the network must be able to support applications that require delay-sensitive delivery. List two protocols that support this requirement.

Change default values for the SSID, usernames, and passwords. Disable broadcast SSID. Configure encryption using WEP or WPA.

What are some basic security measures you can take with an ISR?

Default usernames and passwords should be changed immediately. Access to system resources should be restricted to only the individuals that are authorized to use those resources. Any unnecessary services and applications should be turned off and uninstalled when possible.

What are some simple steps that should be taken that apply to most operating systems?

Cost, speed and types of ports/interfaces, expandability, operating system features and services.

What are the factors to consider when planning a small network?

no cdp run

What command can you use to disable CDP globally?

copy run usbflash0:/

What command do you use to copy the configuration file to the USB flash drive?

Threats include the people interested and qualified in taking advantage of each security weakness. Such individuals can be expected to continually search for new exploits and weaknesses.

What do network threats include?

It returns a list of hops as a packet is routed through a network.

What does the Microsoft command tracert or the Cisco IOS command traceroute accomplish?

Reveals the IP address of a neighboring device.

What does the show cdp neighbors detail command reveal about a neighboring device?

The IP address, status, and protocol.

What does the show ip interface brief output display?

Information about the currently loaded software version, along with hardware and device information.

What does the show version command on a switch display?

A protocol analyzer.

What enables a network professional to quickly compile statistical information about traffic flows on a network?

Traffic should be captured on different network segments during peak utilization times to ensure that all traffic types are collected.

What factors should be taken into account when using a protocol analyzer to determine traffic flow in a network?

IP address, subnet mask, default gateway.

What information does the ipconfig command give you?

Wired Equivalency protocol - WEP - is an advanced security feature that encrypts network traffic as it travels through the air. It uses preconfigured keys to encrypt and decrypt data.

What is WEP?

To transport streaming media effectively, the network must be able to support applications that require delay-sensitive delivery.

What is a concern when implementing Real-time applications?

A process for studying the network at regular intervals to ensure that the network is working as designed. It is more than a single report detailing the health of the network at a certain point in time. It is accomplished over a period of time.

What is a network baseline?

Service set identifier, a case-sensitive, alphanumeric name for your wireless network, used to tell wireless devices which WLAN they belong to and with which other devices they can communicate.

What is a wireless SSID?

A multifunction device.

What is an integrated router (ISR)?

Download security updates from the operating system vendor and patch all vulnerable systems.

What is considered the most effective way to mitigate a worm attack?

Vulnerability is the degree of weakness that is inherent in every network and device. This includes routers, switches, desktops, servers, and even security devices.

What is network vulnerability?

firewalls

What is one of the most effective security tools available for protecting users from external threats?

Create a central patch server that all systems must communicate with after a set period of time. Any patches that are not applied to a host are automatically downloaded from the patch server and installed without user intervention.

What is one solution to the management of critical security patches?

The most effective way to mitigate a worm attack is to download security updates from the operating system vendor and patch all vulnerable systems.

What is the most effective way to mitigate a worm attack?

Containment Inoculation Quarantine Treatment

What is the order of steps recommended to mitigate a worm attack?

Network protocols support the applications and services used by employees in a small network.

What is the purpose of Network protocols?

Allows the administrator to move around to different directories and list the files in a directory, and to create subdirectories in flash memory or on a disk.

What is the purpose of the Cisco IOS File System (IFS)?

The arp command enables the creation, editing, and display of mappings of physical addresses to known IPv4 addresses.

What is the purpose of the arp command?

Application layer services prepare the data for transfer over the network; they are based on standards and do not provide any sort of human interface. Application programs interface with the user.

What is true of an application layer service?

A Trojan horse is a program that is disguised as another program to trick the user into executing it.

What name is given to a program that is disguised as another program to attack a system?

The show version command will display the configuration register.

What show command can be issued on a Cisco router to view the configuration register value?

A smurf attack overloads a network link by causing multiple Echo Replies to be directed against a target, making it a denial of service attack.

What type of attack is a smurf attack?

voice

What type of traffic would most likely have the highest priority through the network?

Redundancy is eliminating any single point of failure. This could include equipment or links. Keeping a configured device as a spare will assist in the troubleshooting process but is not considered redundancy. Additionally having a switch that functions at both Layer 2 and Layer 3 is still a single point of failure and is not considered redundancy.

What would be considered examples of redundancy in network design?

show file systems

When backing up to a USB port, it is a good idea to issue the _______________________________ command to verify that the USB drive is there and confirm the name.

On a TFTP server or a USB drive.

Where can backup configuration files be stored?

security passwords min-length

Which Cisco IOS command ensures that all configured passwords are a minimum of a specified length?

service password-encryption

Which Cisco IOS command prevents unauthorized individuals from viewing passwords in plaintext in the configuration file?

show file systems

Which command can be used to view the file systems on a Catalyst switch or Cisco router?

ping

Which command is an effective way to test connectivity?

RouterA(config)# login block-for 30 attempts 2 within 10

Which command will block login attempts on RouterA for a period of 30 seconds if there are 2 failed login attempts within 10 seconds?

network documentation

Which element of scaling a network involves identifying the physical and logical topologies?

FTP and FTPS allow files to be moved on the network. HTTP and HTTPS allow communication between a host and a web server. Telnet and SSH both allow remote login to a device. Secure versions of these protocols should be used whenever possible.

Which network protocol should a network administrator use to remotely configure a network device?

use a RADIUS server to pass authentication traffic

Which of the following is not a basic security measure for wireless?

The five focus areas when implementing a small network are cost, expandability, manageability, speed, and ports. Type of cable run would fall under cost, upgrades to network devices are part of expandability, prioritization of data traffic and IP addressing schemes are part of manageability, bandwidth requirement is part of speed, and number of interfaces required would be ports.

Which planning and design factors would be considered as part of manageability focus when implementing a small network?

'U' may indicate that a router along the path did not contain a route to the destination address and that the ping was unsuccessful.

Which statement is true about Cisco IOS ping indicators?​

Voice traffic is very sensitive to delay and should be given the highest priority on the network.

Which type of traffic should be given the highest priority on a network?

It generates new, dynamic keys each time a client establishes a connection with the AP.

Why is Wi-Fi protected access - WPA - a better choice than WEP?

By carefully planning and documenting the address space, troubleshooting, access control, and security are greatly simplified.

Why should the IP addressing scheme be carefully planned and documented?

It allows possible latency issues to be detected. If the ping test is successful with a longer value, a connection exists between the hosts, but latency might be an issue on the network.

Why would a network administrator enter a longer timeout period than the default when running an extended ping from a router?

With stateful packet inspection - SPI - only legitimate responses from internal requests are permitted through the firewall.

With regard to firewall technology, what is stateful packet inspection?

VoIP

_____ allows users of analog phones to take advantage of the IP network.

exec-timeout 10

disconnect a user after a set time of inactivity

show protocols

displays information about any configured protocols running on the router

show version

displays system hardware and software information, including the value of the configuration register.

show arp

displays the contents of the router's ARP table

show ip route

displays the contents of the router's IP routing table

ping ip address

provides a method for checking the protocol stack and IPv4 address configuration on a host as well as testing connectivity to local or remote destination hosts

tracert address

returns a list of hops as a packet is routed through a network

banner motd #message#

set a security notice to users who connect to the device

SSH

telnet is un-secure so connect using this protocol to manage a Cisco device

ping 127.0.0.1

verify the internal IP configuration on the local host


Kaugnay na mga set ng pag-aaral

Hazmat Familiarization and Safety In Transportation

View Set

ccp 2.1.1 Study: Two-Year and Four-Year Colleges

View Set

CK-12 Biology 10.3: Microevolution and the Genetics of Populations

View Set

12.1.5 Incident Response Section Quiz

View Set

AP Statistics - Semester 1 Final

View Set