SEC-150 Chapter 1
What is an Intrusion Protection System?
A Cisco IPS device continously monitors incoming and outgoing network traffic for malicious activity. It logs information about the activity, and attempts to block and report it.
What is an IP address spoofing attack?
A hacker constructs an IP packet that appears to originate from a valid address inside the corporate intranet.
What is a sniffer attack?
A sniffer is an application or device that can read, monitor, and capture network data exchanges and read network packets. If the packets are not encrypted, the sniffer provides a full view of the data inside the packet. Even encapsulated -tunneled- packets can be broken open and readx unless they are encrypted and the attacker does not have access to the key.
What is secure segmentation?
ASA devices and a Virtual Security Gateway integrated into the Cisco Nexus Series switches are deployed in a data center network to provide secure segmentation. This provides granular inter-virtual-machine security.
What does ASA provide?
ASA provides stateful firewall features and establishes secure VPN tunnels to various destinations.
What does ASA stand for?
Adaptive Security Appliance
What does ASA Firewall stand for?
Adaptive Security Appliance Firewall
What is threat defense?
Adaptive Security Appliances and Intrusion PRotection system devices in data center networks use threat intelligence, passive OS fingerprinting, and reputation and contextual analysis to provide threat defense.
What are examples of wireless hacking tools?
Aircrack-ng, Kismet, InSSIDer, KisMAC, Firesheep, and NetStumbler.
What is an AAA server?
An authentication, authorization, and accounting server authenticates users, authorizes what they are allowed to do, and tracks what they are doing.
What does CAN stand for?
Campus Area Network
What is the network type for this method of protection: Connnections to untrusted networks must be checked in-depth by multiple layers of defense before reaching enterprise resources.
Campus Area Network
What is the network type for this method of protection: Core components, such as Secure Segmentation, Threat Defense, and Visibility, are used as part of an easy to implement yet comprehensive strategy.
Cloud
Virtualization is the foundation of
Cloud computing. Without it, Cloud computing, as it is most-widely implemented, would not be possible.
What is the network type for this method of protection: VPN technologies implemented on ASA devices and high-speed Nexus switches are used to connect the off-site facility to corporate sites.
Data Center
What are the five critical MDM functions for a BYOD Network?
Data encryption, PIN enforcement, data wipe, data loss prevention -DLP-, jailbreak/root detection.
What does ESA and WSA stand for?
Email Security Appliance and Web Security Appliance
How are hosts secured?
End points are secured using various features including antivirus and antimalware software, Host Intrusion Protection System features, and 802.1X authentication features.
What are Fuzzers to Search Vulnerabilities?
Fuzzers are tools used by hackers when attempting to discvoer a computer system's security vulnerabilities. Examples are Skipfish, Wapiti, and W3af.
What is a password-based attack?
If hackers discover a valid user account, the attackers have the same rights as the real user. Hackers could use that valid account to obtain lists of other users and network information. They could also change server and network configurations, modify, reroute, or delete data.
What is a data modification attack?
If hackers have captured enterprise traffic, they can alter the data in the packet without the knowledge fo the sender or receiver.
To support the blurred network edge that comes with the Borderless Network, Cisco devices support
Mobile Device Management -MDM- features.
What are network scanning and hacking tools?
Network scanning tools are used to probe network devices, servers, and hosts for open TCP or UDP ports. Examples of scanning tools include Nmap, SuperScan, Angry IP Scanner, and NetScanTools.
Virtualization separates the
OS from the hardware.
What are the three components of a secure data center solution?
Secure segmentation, threat defense, and visibility.
What is the network type for this method of protection: A consumer-grade router with basic security features is used to protect inside assets from the outside attackers.
Small Office Home Office
An example of a state-sponsored attack involves the
Stuxnet malware that was created to damage Iran's nuclear enrichment capabilities.
How does a VPN protect you?
The Cisco Integrated Service Router is secured. It protects data in motion that is flowing from the CAN to the outside world by establishing Virtual Private Networks (VPNs). VPNs ensure data confidentiality and integrity from authenticated sources.
What are packet sniffers?
These tools are used to capture and analyze packets within traditional Ethernet LANs or WLANs. Examples are Wireshark, Fiddler, and Dsniff.
What are packet crafting tools?
These tools are used to probe and test a firewall's robustness using specially crafted forged packets. Examples of such tools include Hping, Scapy, Socat, Yersinia, Netcat, Nping, and Nemesis.
What are vulnerability scanners?
These tools can scan a netowrk or system to identify open porst. They can also be used to scan fo rknown vulnerabilities and scan VMs, BYOD devices, and clietn databases. Examples of tools include Nipper, Secunia PSI, Core Impact, Nessus v6, SAINT, and Open VAS.
What are debuggers?
Tools used by black hat hackers to reverse engineer binary files when writing exploits. They are also used by white hat hackers when analyzing malware. Debuggin gtools include GDB, WinDbg, IDA Pro, and Immunity Debugger.
Data Center Networks are interconnected to corporate sites using
VPN technology with ASA devices and integrated data center switches, such as a high-speed Nexus switches.
What is visibility?
Visbility solutions are provided using software such as the Cisco Security Manager which help simplify operations and compliance reporting.
Cloud computing separates the
application from the hardware.
In a Borderless Network, access to resources can
be initiated by users from many locations, on many types of endpoint devices, using various connectivity methods.
If a device is jailbroken or rooted, MDM features can detect such bypasses and
immediately restrict a device's access to the network or other corporate assets.
Data center networks are typically housed in an
off-site facility to store sensitive or proprietary data.
Most devices have built-in encryption capabilities, both at the device and file level. MDM features can ensure that
only devices that support data encryption and have it enabled can access the network and corporate content.
Mobile Device Management -MDM- features
secure, monitor, and manage mobile devices, including corporate-owned devices and employee-owned devices.
To accommodate the BYOD trend, Cisco developed
the Borderless Network.
Lost or stolen devices can be remotely wiped by the
user or by an administrator via the MDM.
How are Layer 2 Switches secured?
These access layer switches are secured and connect user-facing ports to the network. Several different security features can be implemented, such as port security, DHCP snooping, and 802.1X user authentication.
What is a State-Sponsored hacker?
These are either white hat or black hat hackers who steal government secrets, gather intelligence, and sabotage networks. Their targets are foreign governments, terrorist groups and corporations. Most countries in the world participate to some degree in state-sponsored hacking.
What are hacking operating systems?
These are specially designed operating systems preloaded with tools and technologies optimized for hacking. Examples of specially designed hacking operating systems include Kali Linux, SELinux, Knoppix, BackBox Linux.
What is a vulnerability broker?
These are usually grey hat hackers who attempt to discover exploits and report them to vendors, sometimes for prizes or rewards.
How are Layer 3 Switches secured?
These distribution layer switches are secured and provided secure redundant trunk connections to the Layer 2 switches. Several different security features can be implemented, such as ACLs, DHCP snooping, Dynamic ARP Inspection -DAI-, and IP source guard.
What are forensic tools?
These tools are used by white hat hackers to sniff out any trace of evidence existing in a particular computer system. Examples are Sleuth, Kit, Helix, Maltegio, and Encase.
What are vulnerability exploitation tools?
These tools identify whether a remote host is vulnerable to a security attack. Examples of vulnerability exploitation tools include Metasploit, Core Impact, Sqlmap, Social Engineer Toolkit, and Netsparker.
What are encryption tools?
These tools safeguard the contents of an organization's data at rest and data in motion. Encryption tools use algorithm schemes to encode the data to prevent unauthorized access to the encrypted data. Examples of these tools include VeraCrypt, CipherShed, OpenSSH, OpenSSL, Tor, OpenVPN, and Stunnel.
What are antivirus storms?
This happens when all VMs attempt to download antivirus data files at the same time.
What are rootkit detectors?
This is a directory and file integrity checker used by white hates to detect installed root kits. Examples are AIDE, Netfilter, and PF: OpenBSD Packet Filter.
What is an eavesdropping attack?
This is when a hacker captures and "listens" to network traffic. This attack is also referred to as sniffing or snooping.
What does ESA/WSA provide?
This provides advanced threat defense, application visibility and control, reporting, and secure mobility to secure and control email and web traffic.
What does an Adaptive Security Appliance do?
This type of firewall performs stateful packet filtering to filter return traffic from the outside network into the campus network.
What is Instant On Activation?
When a VM that has not been used for a period of time is brought online, it may have outdated security policies that deviate from the baseline security and can introduce security vulnerabilities.
What is hyperjacking?
When an attacker could hijack a VM hypervisor -VM controlling software- and then use it as a launch point to attack other devices on the data center network.
What is the network type for this method of protection: Secure devices, such as an ASA, are used on the edge of the networks to provide stateful firewall features and establish secure VPN tunnels to various destinations
Wide Area Network
