Bookmark and Share

Front Back
Driving forces of network security
Malicious work of hackers, need to maintain business operations
Network security consists of various ____________ which allow professionals to specialize and provide structure to the world of network security.
Network security has evolved over 40 years from crude measures that were originally implemented on _____________.
________________ provide a forum for professionals to collaborate and improve their skills. 

Network security organizations 

Network security _____________ provide a practical framework with which to relate all network security actions within an organization.
A __________ is malicious software attached to another program to execute unwanted actions on an end system.
A ________ executes arbitrary code and installs copies of itself in the memory of an infected computer, which then infects other hosts.
A ______________ is an application that was written to look like something else. When it is downloaded and opened, it attacks the end-user computer from within.
Trojan Horse
Specific tools are available to ____________ the effects of viruses, worms, and Trojan Horses.
________________ attacks involve the unauthorized discovery and mapping of systems, services, and vulnerabilities.
___________ attacks exploit known vulnerabilities in authentication services, FTP services, and web services to gain entry to web accounts, confidential databases, and other sensitive information.
______________ attacks send extremely large numbers of requests over a network or the Internet. These excessive requests overload the target device causing performance to degrade.
Denial of Service, DoS
Reconnaissance, access, and DoS attacks are mitigated with specific __________________, ____________________, _____________________.
techniques, devices, and technologies.

1.___________ attacks can be implemented using brute-force attack methods, Trojan Horses, or packet sniffers.
2.___________ overflow attacks write data beyond the allocated buffer memory to overwrite valid data or exploit systems to execute malicious code.
These two fall in the category of 3.__________ attacks.
Password, Buffer Overflow, Access attacks

Characteristics of a 1.________.
Requires 2.__________ activation..
Can be 3.__________ and then activate at a 4.______________.
1.virus, 2.end-user, 3.dormant, 4.specific time and date
Can be carried in a virus or worm.
Characteristic of a Trojan Horse.
Components of a worm attack

Enabling vulnerability

Propagation mechanism 

5 Phases of a worm attack

Probe phase

Penetrate phase

Persist phase

Propagate phase

Paralyze phase
Types of Access Attacks

buffer overflow

port redirection

trust exploitation

Edge Router Implementations

Single Router Approach

Defense-in-Depth Approach

DMZ Approach
Three Areas of Router Security

Physical Security
Operating System Security
Router Hardening
6 tasks involved with securing administrative access
1. Restrict device accessibility
2. Log and account for all access
3. Authenticate access
4. Authorize actions
5. Present legal notification
6. Ensure the confidentiality of data 
3 Remote Access Precautions
-Encrypt all traffic between the administrator computer and the router
-Establish a dedicated management network.
-Configure a packet filter to allow only the identified administration hosts and preferred protocols to access the router.
Establishing Passwords. 4 areas
Enable Secret
Console Line
Virtual Terminal Lines
 Auxilliary Line
Configure the following to increase the security of passwords
Enforce minimum password lengths.
Disable unattended connections.
Encrypt all passwords in the configuration file.
Password parameters
0- Plaintext password
5- MD5 encrypted
7- Standard line7 (Service password-encryption) 
Cisco Virtual Login Security Enhancements
Delays between successive login attempts
Login shutdown if DoS attacks are suspected
Generation of system logging messages for login detection
Use ______________ to present legal notification to potential intruders to inform them that they are not welcome on a network.
banner mesages
Use the 1.____________ command to enable login enhancements. 
If not configured, all login requests will be denied during the Quiet-Mode. 2.______________ 
Delay time can be changed using the 3.________command. 4._____________ generates logs for failed login requests. 5._____________ generates logs for successful login requests.
1. login block-for (seconds) attempts (tries) within (seconds)
2. login quiet-mode access-class (ACL)
3. login delay (seconds)
4. login on-failure log [every login]
5. login on-success log [every login]
Steps to configure SSH on a router
1. ip domain-name (domain-name)
2. crypto key generate rsa general-keys modulus modulus-size
3. username (name) secret (password)
4. (On VTY lines) login local, transport input ssh.
Command to verify SSH
show crypto key mypubkey rsa
Command to change SSH version
Command to change time interval router waits for SSH client to respond
Command to configure a different number of consecutive SSH retries 
Command to verify optional SSH command settings
ip ssh version {1 | 2}
ip ssh time-out (seconds)
ip ssh authentication-retries (integer)
show ip ssh
Cisco SDM can be used to configure an SSH daemon on a router by following this path.
Conifgure vty ports on Cisco SDM by following this path.
Configure > Additional Tasks > Router Access > SSH
Configure > Additional Tasks > Router Access > VTY
Predefined for user-level access privileges.
Privilege level of User Exec mode- ___
Privilege level of Privilege Exec mode __ 
Assign a command to a specific privilege level
with the following syntax _______________________
Priv level 0
Priv level 1
Priv level 15 
privilege mode {level <level command> | reset} (command)
To the privilege level using the global configuration command 1._____________________
To a user that is granted a specific privilege level, using the global configuration command 2. ___________________
1.enable secret level (level) (password)
2. username (name) privilege (level) secret (password).
3 reasons to implement Role-Based CLI Access.
Role-Based CLI Access 3 types of views.
Enhanced security, availability, and operational efficiency 
Root view, CLI view, Superview
Commands to create a view:
Enable AAA
Enter root view
Create view
Assign secret password to view
Assign commands to selected view
aaa new-model
enable view
parser view (view-name)
enable secret (password)
commands (parser-mode) {include | include-exclusive | exclude} [all] [interface (interface-name) | command] 
Steps to configure a Superview are essentially the same as creating a CLI view except what?
Assigning an existing view using the view view-name command in view configuration mode instead of assigning commands.
Name the two global configurations commands that are available to configure the Cisco IOS resilient configuration features
secure boot-image
secure boot-config 
Command to verify the existence of the secure boot archive
show secure bootset
Password Recovery. Change the default configuration register values to this so in order to bypass the startup config
confreg 0x2142
To enable syslog loggin on your router using SDM, follow this path. _________________
Configure > Additional Tasks > Router Properties > Logging.
CISCO IOS commands to configure syslog logging.
logging host (hostname or ip address)
logging trap (level 0-7) Optional
logging source-interface (interface)
logging on
What are three additional security features that SMNP version 3 offers?
Message integrity
To configure SMNP v1 and v2 on a router using SDM, use the following path
Configure > Additional Tasks > Router Properties > SNMP
Network Timing Protocol
Command to designate a master clock keeper.
Command to contact master clock keeper to pull timing.
Command to receive NTP broadcast messages
ntp master (stratum=#of hops from authority)
ntp server (ntp-server-address)
ntp broadcast client
What 2 security mechanisms are available for NTP?

ACL-based restriction scheme
Encrypted authentication mechanism offered by NTP version 3 or later
Commands to secure NTP traffic to be used on both master and client (3 commands)
Command to verify server is authenticated source.
ntp authenticate
ntp authentication-key (key-number) md5 (key-value)
ntp trusted-key (key-number)
ntp associations detail 
3 Security Audit Tools available
Security Audit Wizard, Cisco AutoSecure, One-Step Lockdown
Command to enable AAA with default list and local login
aaa authentication login default local
x of y cards Next > >> >|