Chapter 8: WAN Security

Question 1

List Common L2 LAN attacks

Answer 1

• CDP Reconnaissance Attack (L2 link discovery protocol, enabled by default, disable)
• Telnet Attacck (Brute Force/Telnet DoS, use SSH, strong passwords, limit accecss vty lines, use AAA with TACACS+ or RADIUS)
• MAC Address table Flooding Attack (sends fake MAC addresses until table is full, configure port security)
• VLAN Attacks (spoofing a Swicth connection and use trunk or try access common default VLANs, mitigated by configuring access links, disable auto trunk only manual, disable unused ports make them access black hole, change default vlan, enable port security)
• DHCP Attacks (fake DHCP server, DHCP starvation by flooding DHCP requests, mitigated by DHCP snooping and port security)

Question 2

List SNMP devices.

Answer 2

• SNMP manager (collects information about managed device using get action)
• SNMP agents (device that is managed, has management node that sends information towards SNMP manager)
• Management Information Base (stores data and operational statistics about managed deevice)

Question 3

What is an SNMP Agent Trap?

Answer 3

• SNMP agent sends traps to inform the Network Management System (NMS) immediately of specific events
• Traps are unsolicited messages alerting the SNMP manager of improper user authentication or link status

Question 4

What is the difference between SNMPv2 and v3?

Answer 4

• SNMPv3 authenticates and encrypts packets over network
• Message integrity and auth between manager and agent
• Access control restricts SNMP manager to certain action on portions of data

Question 5

What are Cisco Switch Port Analyzer tools?

Answer 5

Network analyzer protocol, uses data mirroring to monitor traffic, uses SPAN or remote SPAN