click below
click below
Normal Size Small Size show me how
IINS 640-554 Part 5
Cisco IINS 640-554 Part 5
Question | Answer |
---|---|
Integrity Compromising strategies for Salami Attacks: | A collection of small attacks that result in a larger attack when combined. Example: Multiple $2 withdrawls on loets of credit cards. |
Integrity Compromising strategies for Data Diddling: | Diddling is changing data before it is stored in a computing system. Malicious code in an input application or virus could perform data diddling. A virus, Trojan horse, or worm could be written to intercept keyboard input. |
Integrity Compromising strategies for Trust relationship exploitation: | Certain host might be trusted to communicate through a firewall using specific ports. If an attacker could compromise the trusted host, the attacker uses compromised host to pass normally denied data through firewall. |
Integrity Compromising strategies for Password Attacks: | Attempts to determine a user's password. As soon as username and password are gained the attacker can log in maliciously. |
Integrity Compromising strategies for Password Trojan horse: | Program that appears to be a useful application captures the user's password and then makes it available to the attacker. |
Integrity Compromising strategies for Password Packet capture: | Packet-capture utility can capture packets seen on a PCs NIC. If PC can see a copy of a plain-text password being sent over a link, the packet-capture utility can be used to glean the password. |
Integrity Compromising strategies for Password Keylogger: | Program that runs in the background of a computer, logging the user's keystrokes. Keystroke file then sent to attacker. |
Integrity Compromising strategies for Password Brute Force: | Tries all possible password combinations until a match is made. |
Integrity Compromising strategies for Dictionary Attack: | similar to a brute-force attack, in that multiple password guesses are attempted; based on a dictionary of commonly used words, rather than brute-force (eg - God, password, etc) |
Integrity Compromising strategies for Botnets: | Software/Network process hijacking is thought of as an application on a machine that can be controlled remotely. |
Integrity Compromising strategies for Session Hijacking: | If an attacker successfully hijacked a session of an authorized device, he might be able to maliciously manipulate data on the protected server. |
Availability Compromising strategies for Denial of Service (DoS): | Attacker can launch a DoS attack on a system by sending the target system a flood of data or requests that consume the target system's resources. |
Availability Compromising strategies for Distributed denial of server (DDoS): | Can increase the amount of traffic flooded to a target system. Specifically, the attacker compromises multiple systems. |
Availability Compromising strategies for TCP SYN flood: | One variant of DoS attacks is for an attacker to initiate multiple TCP sessions by sending SYN segments but never completing the three-way handshake. |
Availability Compromising strategies for ICMP Attacks: | Many networks permit ICMP traffic because pings can be useful in network troubleshooting. Attackers can use ICMP for DoS attacks.. |
Availability Compromising strategies for ICMP Attacks - Ping of Death: | ICMP DoS attack uses ICMP packets that are too big. |
Availability Compromising strategies for ICMP Attacks - Smurf Attack: | Can use ICMP traffic directed to a subnet to flood a target system with ping replies |
Availability Compromising strategies for electrical disturbances: | At physical level - attacker could launch an attack by interrupting or interfering with the electrical service available to a system. |
Availability Compromising strategies for Power spike / surge: | Excess power for a brief period of time. |
Availability Compromising strategies for Power fault: | A brief electrical outage: |
Availability Compromising strategies for Blackout: | An extended electrical outage. |
Availability Compromising strategies for Power sag: | A brief reduction in power. |
Availability Compromising strategies for Brownout. | An extended reduction in power. |
Where is firewall wizard in CCP? | Configure > Security > Firewall > Firewall |
Define Initiation Step: Security categorization: | Security categorization - categorizes severity of a security breach on a particular network component. |
Define Initiation Step: Preliminary Risk Assesment: | Preliminary risk assessment - offers a high-level overview of a system's security requirements. |
Acquisition and Development brief list: | Req's Security Assurance Cost Considerations & Reporting Security Planning Security test and evaluation |
Acquisition and Development: Risk Assessment | Specifies protection requirements that initiation risk assessment didn't cover. |
Acquisition and Development: Security functional requirement analysis. | What's required to properly secure a system so that it can function in its intended capacity. |
Acquisition and Development: Security Assurance requirements analysis. | Based on legal and functional security reqs, analysis provides evidence that the network resource in question will be protected at the desired level. |
Acquisition and Development: Cost Consideration and reporting. | Costs of securing a system - including hardware, applications, personnel and training. |
Acquisition and Development: Security Planning. | A report that details what security controls are to be used. |
Acquisition and Development: Security Control Development. | A report created detailing how the previously determined security controls are to be designed, developed and implemented. |
Acquisition and Development: Developmental Security test and evaluation. | Testing is performed to validate the operation of the implemented security controls. |
Implementation: Inspection and Acceptance: | Installation of a system and its functional requirements are verified. |
Implementation: System integration. | System integrated with all required components at its operational site, and its operation is verified. |
List two things that are considered best practices to defeat hackers: | Restrict physical access to gear. Use encryption on all sensitive data. |
List the four facts of a ping sweep: | Identifies alive IP addresses. Locates Running Hosts. Uses ICMP. Horizontal scan (ip address to ip address). |
List four facts about a port scan: | Identifies listening services. Identifies vulnerabilities. Uses TCP and UDP. Veritcally scanned. |
Three elements of SDN (Self Defending Network) | Integrated. Collaborative. Adaptive. |
List the four major Voice / IPT attacks: | SPIT (Spam o IPT) Vishing (AKA social engineering). Toll Fraud. SIP attacks (usually for DOS attacks). |
List the four major VoIP protocols in Cisco Networks: | H.323 SIP Skinny (SCCP) RTP (Realtime Transfer Protocol) |
List three major elements of worm attacks | 1: Enable Vulnerability. 2: Payload (infection). 3: Propagation mechanism to spread. |
What are the four interceptors the CSA (Cisco Security Agent) HIPS agent? | File System Interceptor (read/write to hdd). Network Interceptor (NDIS control / access control) Configuration Interceptor: Intercepts registry and unix rc file requests. Execution Space Interceptor: Memory requests. |
What are the three SAN technologies? | FCIP Fiber Channel iSCSI |
List the three off-site DR types: | Cold site - minimal power and equipment, but inexpensive. Warm Site: redundant hardware without realtime copies of data. Middle of road. Most common in mid size companies. Hot Site: Redundant site with real-time copies of production data. Config'd. |
List the three US security classification models for govt and military: | Top Secret (TS) Confidential Unclassified |
List the 4 parts of a secure reporting solution: | Use NTP Select appropriate syslog. Use change management. Use secure logging transmission |
What are the 3 differences between One-Step lockdown and Cisco AutoSecure | One-Step doesn't disable NTP Onestep also doesn't support AAA One-Step also doesn't support enabling TCP intercepts. |
What is the syntax for login block-for: | login block-for attempts within |
What is the three elements of a Cisco password recommendation: | 10 characters. Leading zeros ignored. Passwords case sensitive. |
What two elements must be presented and are required to complete Security Audit Wizard? | 1: The inside and outside interfaces 2: The vulnerable services/protcols that need fixing (click the "fix it" box) |
What is the syntax for IOS session inactivity timeout | exec-timeout [minutes] (seconds). Seconds must always be 0 or something. |
What is the syntax for assigning ping a privilige of 4 | privilege exec level (number) |
What is the synatax for cli creation of a secret user with hash | username name secret 5 |
Where does one configure NTP in CCP/SDM? | Configure > Additional Tasks > Router Properties > NTP/SNTP |
What two commands does one need to creating views on the CLI? | aaa new-model enable view |
How does one disable rommon | no service password-security |
How to set the length of the password in CLI? | security passwords min-length 8 |
What is the command to show IOS resilience settings? | show secure bootset |
What is a feature of ScanSafe technology | Consistent Cloud Based Policy |
What are the two protocols used to pull IPS alerts from a Cisco router. | Syslog SDEE |
What are the three modes that SSL VPN's can connect? | Full tunnel client thin client clientless mode (https) |
What happens with image resilience enabled? | The IOS image file is not visible in the output from the show flash command. |
Where are interfaces configured in CCP? | Configure>Interface Management > Interface and connections (Edit Interface) |
Where is NTP configured in CCP? | Configure> Router> Time> NTP and SNTP |
Where are ACL's configured in CCP | Configure> Router> ACL> ACL Editor (add... button) |
List IKE phase 1 steps | Perform the DH exchange Negotiate IKE policy sets and authenticate the peers |
List IKE phase 2 steps | Establish IPS SA's Negotiate IPsec security policies Perform an optional DH exchange |
List the major three symmetric encryption types: | 3DES AES IDEA |
List the major three asymmetric encryption types: | RSA Diffie-Hellman Elliptical Curve |
Name three facts about the ASA line of equipment: | The DMZ interfaces use a security level between 1 and 99 (0 is outside and 100 is typically inside) ASA supports HA in act/act or act/stby Uses contexts to partition in virtual fw's |
What type of nat do you need for an external host to reach internal ip? | static nat |
Where do you put STP guardroot? | On a switchport that goes to a switch that should never be root. |
What are two advantages of ALG/Application Layer Firewalls? | They make DDOS harder to acheive They provide authentication for individual users |
List the 4 unicast types of IPv6 | Global 6to4 link-local site-local |