CCNA4 Chapter 5 Exam Network Security and Monitoring
DHCP snooping and port security
Configure __________ on the switch to mitigate DHCP attacks.
CDP database
CDP information includes the: •IP address of the device •IOS software version •platform •capabilities •native VLAN The device receiving the CDP message updates its ______.
periodic, unencrypted
CDP information is sent out CDP-enabled ports in _______________ broadcasts.
Network traffic
must be monitored for malicious traffic.
switched infrastructure
the _____________ does not enable port mirroring by default
Cisco Discovery Protocol (CDP)
— is a proprietary Layer 2 link discovery protocol. — enabled on all Cisco devices by default — can automatically discover other ___-enabled devices and help auto-configure their connection — Network administrators also use ___ to help configure and troubleshoot network devices.
port security
—Configure _________ on the switch to mitigate MAC address table overflow attacks —allows an administrator to statically specify MAC addresses for a port, or to permit the switch to dynamically learn a limited number of MAC addresses. By limiting the number of permitted MAC addresses on a port to one, port security can be used to control unauthorized expansion of the network. —a cisco solution that prevents many types of attacks including CAM table overflow attacks & DHCP starvation attacks
3, 7
Organizations commonly implement security solutions using routers, firewalls, Intrusion Prevention System (IPSs), and VPN devices. These protect the elements in Layer ___ up through Layer ___.
no cdp run
To disable CDP globally on a device, use the_____________ global configuration mode command.
Layer 2 LANs
_______ are often considered to be a safe and secure environment.
DHCP snooping
a cisco solution that prevents DHCP starvation & spoofing attacks
Authentication, Authorization, and Accounting (AAA)
Authenticate and authorize administrative access to the device using _____ with either TACACS+ or RADIUS protocols
MAC address flooding attack
One of the most basic and common LAN switch attacks is the ____________. This attack is also known as a MAC address table overflow attack, or a CAM table overflow attack.
operational network
Monitoring an ________ can provide a network administrator with information to proactively manage the network and to report network usage statistics to others.
port analyzers and IPS devices
Network administrators use ______________ to help with this task.
no cdp enable
To disable CDP on a port, use the ___________ interface configuration command.
limit
To mitigate the exploitation of CDP, ___ the use of CDP on devices or ports.
DHCP spoofing attack
Type of DHCP attack wherein an attacker configures a fake DHCP server on the network to issue IP addresses to clients. This type of attack forces the clients to use both a false Domain Name System (DNS) server and a computer which is under the control of the attacker as their default gateway.
DHCP starvation attack
Type of DHCP attack wherein an attacker floods the DHCP server with bogus DHCP requests and eventually leases all of the available IP addresses in the DHCP server pool. After these IP addresses are issued, the server cannot issue any more addresses, and this situation produces a denial-of-service (DoS) attack as new clients cannot obtain network access.
Telnet DoS Attack
Type of Telnet attack wherein the attacker continuously requests Telnet connections in an attempt to render the Telnet service unavailable and preventing an administrator from remotely accessing a switch. This can be combined with other direct attacks on the network as part of a coordinated attempt to prevent the network administrator from accessing core devices during the breach.
Brute Force Password Attack
Type of Telnet attack wherein the attacker may use a list of common passwords, dictionary words, and variations of words to discover the administrative password. If the password is not discovered by the first phase, a second phase begins. The attacker uses specialized password auditing tools. The software creates sequential character combinations in an attempt to guess the password.
Switch Spoofing Attack
__________ attempts to gain VLAN access by configuring a host to spoof a switch and use the 802.1Q trunking protocol and the Cisco-proprietary Dynamic Trunking Protocol (DTP) feature to trunk with the connecting switch. A type of VLAN attack
Collecting and reviewing
__________ this information over time enables a network administrator to see and project growth, and may enable the administrator to detect and replace a failing part before it completely fails.
Dynamic ARP Inspection (DAI)
a cisco solution that prevents ARP spoofing & ARP poisoning attacks
IP Source Guard (IPSG)
a cisco solution that prevents MAC & IP add spoofing attacks
Link activity, error rates, and link status
are a few of the factors that help a network administrator determine the health and usage of a network.
•MAC Address Table Flooding Attack •VLAN Attacks •DHCP Attacks
common attacks against L2 infra that is focused on disrupting network operation
•CDP Reconnaissance Attack •Telnet Attacks
common attacks against L2 infra that is focused on gaining administrative access
Network admins
have a wide variety of options for storing, interpreting, & displaying net act issues
Reconnaissance
is a type of network attack in which an intruder gathers information about the vulnerabilities of a device or system.
SNMP
is commonly used to collect device information
Cisco SPAN (Switch Port Analyzer)
must be implemented to enable port mirroring. This enables the switch to send duplicate traffic to port analyzers or IPS devices for monitoring of malicious, or questionable traffic.
