NS2 -Chapter 1

Ace your homework & exams now with Quizwiz!

Secure the Data Plane using

- ACLs - Antispoofing - Layer 2 security including port security, DHCP snooping, dynamic ARP inspection (DAI)

Secure the Control Plane using :

- AutoSecure - Routing protocol authentication - Control plane policing (CoPP)

Cisco Network Foundation Protection (NFP) divides routers and switches into three functional areas :

- Control plane - Management plane - Data plane (Forwarding plane)

Network hacking attacks

- Eavesdropping Attack/sniffing / snooping - Data Modification attack - IP address Spoofing attack - Password-based attacks - DOS attack - Man-in-the-Middle attack - Sniffer Attack

Secure the Managment Plane by :

- Enabling login and password policy - Presenting legal notification - Ensuring the confidentiality of data using SSH and HTTPS - Enabling role-based access control - Authorizing actions - Enabling management access reporting

DoS attack mitigation techniques :

- IPS and firewalls (Cisco ASAs and ISRs) - Antispoofing techniologies - Quality of service-traffic policing

Reconnaissance attack mitigation techniques include :

- Implement authentication to ensure proper access. - Use encrypton to render packet sniffer attacks useless - Use anti-sniffer tools to detect packet sniffer attacks - Implement a switched infrastructure - Use a firewall and IPS

There are two major sources of DoS attacks:

- Maliciously Formatted Packets - Overwhelming Quantity of Traffic

Data center physical security can be divided into two areas:

- Outside perimeter security - Inside perimeter security

Five comman types of access attacks

- Password attack - Trust exploitation - Port redirection - Man-in-the-middle attack - Buffer overflow - Ip, MAC, DHCP Spoofing

Some of the techniques used by malicious hackers conducting reconnaissance attacks:

- Perform an information query of a target - Initiate a ping sweep of the target network - Initiate a port scan of active IP addresses - Run Vulnerability Scanners - Run exploitation tools

Three early DoS attacks include

- Ping of death - Smurf attack - TCP SYN Flood Attack

Specific types of social engineering attacks include:

- Pretexting - Phishing - Spear phishing - Spam - Tailgating - Something for Something (Quid pro quo) - Baiting

Variety of modern malware

- Ransomware - Spyware - Adware - Shockware - Phishing - Rootkits

Three major categories of Network attacks :

- Reconnaissance Attacks - Access attacks - DoS Attacks

Trojan horse qualification

- Remote-access trojan horse - Data-sending trojan horse - Destructive trojan horse - Proxy trojan horse - FTP Trojan horse - Security softweare disabler trojan horse -DoS Trojan horse

Some modern Hacking Titles

- Script kiddies - State-sponsored - Vulnerability brokers - Hacktivists - Cyber criminals

Access attack mitigation techniques :

- Strong password security - Principle of minimum trust - Cryptography - Applying operating system and application patches

Common type of malware

- Virus (requires host program to run) - Worms (replicate themselves) - Trojans (Looks legit)

Best practices for securing a network :

- Written security policy - Educate employees on social engineering - Physical access control - Strong password - Encrypt and password-protect sensitive data - Implement security hardware (firewall, IPS, VPN) - Perform backup and test the backed up file regularly - Shutdown unnecessary services and ports - Keep patches up-to-date - Perform security audits to test the network

SecureX Product families

- secure edge and branch - secure email and web - secure mobility - secure access - secure data center and virtualization

What are the three core components of the Cisco Secure Data Center solution?

- secure segmentation - visibility - threat defense

The core components of the cisco secure data center solution provide

- secure segmentation' - Threat defense - Visibility

What are two purposes of launching a reconnaissance attack on a network? (Choose two.)

- to scan for accessibility - to gather information about the network and devices

Penetration testing tools

-Password crackers (Medusa) -wireless hacking tools (NetStumbler) -Network scanning and hacking tools (Angry Ip scanner) -Packet crafting tools (Scrapy) -Packet sniffers (Ratproxy) -Rootkit Detectors (Netfilter) -Fuzzers to search vulnerabilities (Skipfish) -Forensic Tools (Helix) -Debuggers (WinDbg) - Hacking operating system (Kali Linux) - Encryption tools ( Veracrypt) - Vulnerability exploitation tools (Metasploit) - Vulnerability scanners (Netsparker)

The Cisco SecureX architecture includes the following five major components:

-Scanning Engines -Delivery Mechanisms -Security Intelligence Operations (SIO) -Policy Management Consoles -Next-Generation Endpoints

Which statement describes phone freaking?

A hacker mimics a tone using a whistle to make free long-distance calls on an analog telephone network.

Users report to the helpdesk that icons usually seen on the menu bar are randomly appearing on their computer screens. What could be a reason that computers are displaying these random graphics?

A virus has infected the computers

What is a significant characteristic of virus malware?

A virus is triggered by an event on the host system.

ASA

Adaptive Security Appliance

................................................................................. provides stateful firewall features and establishes secure Virtual Private Network (VPN) tunnels to various destinations.

Adaptive Security Appliance (ASA)

In order to mitigate Malware , we must use .............................................

Antivirus

This happens when all VMs attempt to download antivirus data files at the same time.

Antivirus storms

To accommodate the BYOD trend, Cisco developed the ..................................................... Network.

Borderless

cryptography ensures three components of information security:

Confidentiality Integrity Availability

The response to a worm attack can be broken down into four phases :

Containment Inoculation Quarantine Treatment

What is the meaning of the principle of minimum trust when used to design network security?

Devices in networks should not access and use one another unnecessarily and unconditionally.

ESA

Email security Appliance

An attack could hijack a VM hypervisor (VM controlling software) and then use it as a lauch point to attack other devices on the data center network.

Hypejacking

.......................................................... security can include continuous video surveillance, electronic motion detectors, security traps, and biometric access and exit sensors.

Inside perimeter

When a VM that has not been used for a period of time is brought online, it may have outdated security policies that deviate from the baseline security and can introduce security vulnerabilities .

Instant on Activation

To support BYOD, Cisco devices support .................................................................................... features. MDM features secure, monitor, and manage mobile devices, including corporate-owned devices and employee-owned devices.

Mobile Device Management (MDM)

................................................................. security can include on-premise security officers, fences, gates, continuous video surveillance, and security breach alarms.

Outside perimeter

A virus is triggered by an event on the host system.

Security Intelligence Operations

The ....................................................................... is a Cloud-based service that connects global threat information, reputation-based services, and sophisticated analysis, to Cisco network security devices.

Security Intelligence Operations (SIO)

A context-aware policy uses a simplified descriptive business language to define security policies based on five parameters:

The person's identity The application in use The type of device being used for access The location The time of access

There are at least three reasons that hackers would use access attacks on networks or systems:

To retrieve data To gain access To escalate access privileges

WSA

Web security Appliance

What causes a buffer overflow?

attempting to write more data to a memory location than that location can hold

What type of malware has the primary objective of spreading across the network?

Worm

What is a ping sweep?

a network scanning technique that indicates the live hosts in a range of IP addresses

What are the three major components of a worm attack?

an enabling vulnerability a payload a propagation mechanism

What is the primary means for mitigating virus and Trojan horse attacks?

antivirus software

What method can be used to mitigate ping sweeps?

blocking ICMP echo and echo-replies at the network edge

How does a DoS attack take advantage of the stateful condition of target systems?

by continuously sending packets of unexpected size or unexpected data

How is a smurf attack conducted?

by sending a large number of ICMP requests to directed broadcast addresses from a spoofed source address on the same network

Which security measure is typically found both inside and outside a data center facility?

continuous video surveillance

The Cisco Network Foundation Protection framework has three functional areas. The ............................................. plane of a router is responsible for routing packets correctly.

data

What role does the Security Intelligence Operations (SIO) play in the Cisco SecureX architecture?

identifying and stopping malicious traffic

What is the primary method for mitigating malware?

installing antivirus software on all hosts

Which two network security solutions can be used to mitigate DoS attacks?

intrusion protection systems antispoofing technologies

An attacker is using a laptop as a rogue access point to capture all network traffic from a targeted user. Which type of attack is this?

man in the middle

What functional area of the Cisco Network Foundation Protection framework uses protocols such as Telnet and SSH to manage network devices?

management plane

A disgruntled employee is using Wireshark to discover administrative Telnet usernames and passwords. What type of network attack does this describe?

reconnaissance

What is hyperjacking?

taking over a virtual machine hypervisor as part of a data center attack

What is a main purpose of launching an access attack on network systems?

to retrieve data


Related study sets

English Composition I - Quiz 7: Punctuation and Mechanics

View Set

NCLEX book CHAPTER 58- Renal and Urinary System

View Set

314 Exam #1: Principles in Community and Public Health Nursing Assessment

View Set

Medical Terminology, CH.3, Body Positions

View Set

Pre-Test: Standards 1.7, 1.8, 1.9

View Set

Nursing Care of the Child with a Cognitive or Mental Health Disorder

View Set