Chapter 6 - Securing the Mgmt Plane on a Cisco IOS Device Flashcards
What are 7 Management Plane Best Practices?
1) Strong Passwords
2) User authentication and AAA
3) Role-based access control (RBAC)
4) Encrypted management protocols
5) Logging
6) Network Time Protocol (NTP)
7) Secure system files
Describe AAA.
Authentication, authorization, and accounting - You can control which admins are allowed to connect to which devices and what they can do while they are there, and you can create an audit trail of what they did.
How can you control an adminitrator’s access to a device?
Through AAA and custom privilege levels/parser views. You could create a group that has limited permissions and then assign that administrator to that group. This is an example of using RBAC.
What does out-of-band management mean?
It implies that there is a completely separate network just for management protocols and a different network for end users and their traffic.
What are some examples of encrypted communication to use with management?
Secure Shell (SSH) or Hypertext Transfer Protocol Secure (HTTPS).
If a plaintext management protocol must be used, what can be used to encrypt the traffic?
VPN
What is the purpose of logging?
It’s a way to create an audit trail. It not only includes what admins have changed or done, but also system events that are generated by the router or switch because of some problem or some threshold that has been reached.
If SNMP is used for logging, what version should be used and why?
Version 3 should be used because of its authentication and encryption abilities.
What is an SNMP trap?
A message generated by the router or switch to alert the manager or management station of some event.
Why is it important to use NTP to synchronize clocks on network devices?
It’s important to correlate clocks among network devices in case there is ever a breach you need to reconstruct (or prove in a court of law) what occurred.
What are the 3 functional components of AAA?
1) Authentication
2) Authorization
3) Accounting and auditing
What is the function of authentication in AAA?
It’s the process by which individuals prove that they are who they claim to be.
What are 2 common methods or choices for authenticating a user?
1) Referring to the local running configuration
2) Going to an external server that holds the username and password
In AAA, what happens after the user has been authenticated?
The user or admin is then authorized.
What does authorization in AAA do?
It determines which resources the user or admin is allowed access, and which operations may be performed.
What is the role of accounting and auditing?
To record what the user or admin actually does with this access, what he accesses, and how long he accesses it.
Monitoring all the activity of a user or admin through accounting and auditing is also referred to what?
Creating an audit trail.
What are 4 AAA centralized server types?
1) Cisco Secure ACS Solution Engine
2) Cisco Secure ACS for Windows Server
3) Current flavors of ACS functionality
4) Self-contained AAA
What is the Cisco Secure ACS Solution Engine?
This is a dedicated server that contains the usernames, their passwords, and other information about what users are allowed to access and when.
What is the protocol used between the router and the ACS server if you are authenticating an admin who is seeking command-line access?
TACACS+
What is the protocol used between the router and ACS server if you are authenticating an end user for network access?
RADIUS
What is Cisco Secure ACS for Windows Server?
AAA services on a router or network access server contact an external Cisco Secure ACS (running on a Microsoft Windows system).
What are current flavors of ACS functionality?
The most common way that ACS services are implemented today is through a virtual machine running on some flavor of VMWare.
What is Cisco Identity Services Engine?
It’s another up-and-coming service to support similar services to ACS.
What is ACS?
Access Control Server
What is self-contained AAA?
AAA services are self-contained on the router itself.
What is self-contained AAA also known as?
Local authentication and authorization.
In self-contained AAA, what is the local database also referred to?
The running configuration of the router or IOS device.
Before we can authorize a user or admin, what must be done first?
We must choose authentication first. We cannot choose authorization for a user without knowing who that user is through authentication first.
For remote administrative access, what type of protocol would be used?
Usually TACACS+ between the router and the ACS.
For remote network access end users, what type of protocol would be used?
Usually RADIUS between the router and the ACS.
For remote admin access, what mode does this normally provide access to?
Character (line or EXEC mode).