4.6 Flashcards
What is IPS signature management used for?
The intrusion prevention system(IPS) compares traffic against signatures of known threats and blocks traffic when a threat is detected and decided to block, allow or send an alert.
What is Device hardening used for?
No system is secure with the default configurations so we need some guidelines to keep everything safe but these guidelines are specific to software and platform.
Why changing native VLAN is important?
Native VLANs are when we are trunking multiple different switches together and it’s not the same as the default VLAN.
Whats a privileged account?
It’s an account with elevated access to one or more systems, but it needs to be highly secured(secured password and changing it often)
Whats FIM?
(File Integrity Monitoring) It’s monitoring important operating system and application files(these files should never change).
How do we restrict access via ACLs?
We use the device ACLs to limit access to important infrastructure devices. These are ACLs being setup on a router and they are different than the ACLs for application access.
What are honeypots?
These are used to attract the bad guys and trap them. Honeypots can be a single device or a network of honeypots.
Why do we do penetration testing?
We Pentest by simulating an attack to find the vulnerability. In some companies it’s often a compliance mandate to do a regular penetration testing by 3rd-party.
How do we create a loop in network?
By connecting two switches to each other.
How can we stop a loop?
By blocking the correct interface(physical port).
Whats BPDU guard?
(Bridge Protocol Data Unit)
One of the challenges with spanning tree is that it may take some time for this network convergence to occur. On some switches, you have the option to bypass that entire process. This is called BPDU guard.
Whats root guard?
It allows you to pick the root but spanning tree determines the root bridge and uses the lowest MAC address device first.
Whats flood guard?
It’s configuring the maximum number of source MAC addresses on an interface. The switch monitors the number of unique MAC addresses and once you exceed the maximum, port security activates.
Whats DHCP snooping?
It’s an IP tracking on a layer 2 device in a switch. Switch watches for DHCP conversations and adds a list of untrusted devices to a table and filters invalid IP and DHCP information.
Whats is network segmenting mean?
It’s segmentation in physical, logical or virtual which helps with performance and security or to take care of compliance issues.
