Module 3 Flashcards
1
Q
are responsible for maintaining data assurance for an organization and ensuring the integrity and confidentiality of information.
A
Network security professionals
2
Q
Security specialist job roles within an enterprise include
A
Chief Information Officer (CIO),
Chief Information Security Officer (CISO),
Security Operations (SecOps) Manager,
Chief Security Officer (CSO),
Security Manager, and
Network Security Engineer.
3
Q
Regardless of job titles, network security
professionals must always stay one step ahead of the hackers:
A
- They must constantly upgrade their skill set to keep abreast of the latest threats.
- They must attend training and workshops.
- They must subscribe to real-time feeds regarding threats.
- They must peruse security websites daily.
- They must maintain familiarity with network security organizations. These organizations often have
the latest information on threats and vulnerabilities.
4
Q
Network Intelligence Communities
A
SANS
Mitre
FIRST Forum of Incident Response and Security Teams
SecurityNewsWire
(ISC)2 International Information Systems Security Certification Consortium
CIS Center for Internet Security
5
Q
Institute resources are largely free upon request and include:
The Internet Storm Center - the popular internet early warning system
NewsBites, the weekly digest of news articles about computer security.
@RISK, the weekly digest of newly discovered attack vectors, vulnerabilities with active exploits, and explanations of how recent attacks worked
Flash security alerts
Reading Room - more than 1,200 award-winning, original research papers.
SANS also develops security courses.
A
SANS
SysAdmin, Audit, Network, Security (SANS)
6
Q
maintains a list of common vulnerabilities and exposures (CVE) used by prominent security organizations making it easier for them to share data. The CVE serves as a dictionary of common names (i.e., CVE Identifiers) for known cybersecurity vulnerabilities.
A
The Mitre Corporation
7
Q
is a security organization that brings together a variety of computer security incident response teams from government, commercial, and educational organizations to foster cooperation and coordination in information sharing, incident prevention and rapid reaction.
A
Forum of Incident Response and Security Teams (FIRST)
8
Q
A security news portal that aggregates the latest breaking news pertaining to alerts, exploits, and vulnerabilities.
A
SecurityNewsWire
9
Q
provides vendor neutral education products and career services to more than 75,000+ industry professionals in more than 135 countries.
A
International Information Systems Security Certification Consortium (ISC2)
10
Q
is a focal point for cyber threat prevention, protection, response, and recovery for state, local, tribal, and territorial (SLTT) governments through the Multi-State Information Sharing and Analysis Center (MS-ISAC). The MS-ISAC offers 24x7 cyber threat warnings and advisories, vulnerability identification, and mitigation and incident response.
A
Center for Internet Security (CIS)
11
Q
To remain effective, a network security professional must:
A
Keep abreast of the latest threats -
This includes subscribing to real-time feeds regarding threats, routinely perusing security-related websites, following security blogs and podcasts, and more.
Continue to upgrade skills -
This includes attending security-related training, workshops, and conferences.
12
Q
Information security deals with protecting information
and information systems from unauthorized access,
use, disclosure, disruption, modification, or
destruction. The ___ serves as a conceptual
foundation for the field.
A
CIA Triad
13
Q
Only authorized individuals, entities, or processes can access sensitive information.
A
Confidentiality
14
Q
This refers to the protection of data from unauthorized alteration.
A
Integrity
15
Q
Authorized users must have uninterrupted access to the network resources and data that they require.
A
Availability
16
Q
There are 14 network security domains specified by the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC).
Described by ISO/IEC 27001, these 14 domains serve to organize, at a high level, the vast realm of information and activities under the umbrella of network security.
These domains have some significant parallels with domains defined by the Certified Information Systems Security Professional (CISSP) certification.
A
CONT
The 14 domains are intended to serve as a common basis for developing organizational security standards and effective security management practices.
They also help to facilitate communication between organizations.
These 14 domains provide a convenient separation of the elements of network security. While it is not important to memorize these 14 domains, it is important to be aware of their existence and formal declaration by the ISO. In the ISO 27001 standard these are known as the 14 control sets of Annex A. They will serve as a useful reference in your work as a network security professional.
17
Q
14 Network Security Domain
A
Information Security Policies
Organization of Information Security
Human Resources Security
Asset Management
Access Control
Cryptography
Physical and Environmental Security
Operations Security
Communications Security
System Acquisition, Development, and Maintenance
Supplier Relationships
Information Security Incident Management
Business Continuity Management
Compliance
18
Q
This annex is designed to ensure that security policies are created, reviewed, and maintained.
A
Information Security Policies
19
Q
This is the governance model set out by an organization for information security. It assigns responsibilities for information security tasks within an organization.
A
Organization of Information Security
20
Q
This addresses security responsibilities relating to employees joining, moving within, and leaving an organization.
A
Human Resources Security
21
Q
This concerns the way that organizations create an inventory of and classification scheme for information assets.
A
Asset Management
22
Q
This describes the restriction of access rights to networks, systems, applications, functions, and data.
A
Access Control
23
Q
This concerns data encryption and the management of sensitive information to protect confidentiality, integrity, and availability of data.
A
Cryptography
24
Q
This describes the protection of the physical computer facilities and equipment within an organization.
A
Physical and Environmental Security
25
This describes the management of technical security controls in systems and networks including malware defenses, data backup, logging and monitoring, vulnerability management, and audit considerations. This domain is also concerned with the integrity of software that is used in business operations.
Operations Security
26
This concerns the security of data as it is communicated on networks, both within an organization or between and organization and third parties such as customers or suppliers.
Communications Security
27
This ensures that information security remains a central concern in an organization’s processes across the entire lifecycle, in both private and public networks.
System Acquisition, Development, and Maintenance
28
This concerns the specification of contractual agreements that protect an organization’s information and technology assets that are accessible by third parties that provide supplies and services to the organization.
Supplier Relationships
29
This describes how to anticipate and respond to information security breaches.
Information Security Incident Management
30
This describes the protection, maintenance, and recovery of business-critical processes and systems.
Business Continuity Management
31
This describes the process of ensuring conformance with information security policies, standards, and regulations.
Compliance
32
are the guidelines that are developed by an organization to govern its actions. The policies define standards of correct behavior for the business and its employees. In networking, policies define the activities that are allowed on the network. This sets a baseline of acceptable use. If behavior that violates business policy is detected on the network, it is possible that a security breach has occurred.
Business policies
33
These policies establish the rules of conduct and the responsibilities of both employees and employers.
Policies protect the rights of workers as well as the business interests of employers.
Depending on the needs of the organization, various policies and procedures establish rules regarding employee conduct, attendance, dress code, privacy and other areas related to the terms and conditions of employment.
Company policies
34
These policies are created and maintained by human resources staff to identify employee salary, pay schedule, employee benefits, work schedule, vacations, and more.
They are often provided to new employees to review and sign.
Employee policies
35
These policies identify a set of security objectives for a company, define the rules of behavior for users and administrators, and specify system requirements.
These objectives, rules, and requirements collectively ensure the security of a network and the computer systems in an organization.
Much like a continuity plan, a security policy is a constantly evolving document based on changes in the threat landscape, vulnerabilities, and business and employee requirements.
Security policies
36
are used to inform users, staff, and managers of an organization’s requirements for protecting technology and information assets. A______also specifies the mechanisms that are needed to meet security requirements and provides a baseline from which to acquire, configure, and audit computer systems and networks for compliance.
Security policies
37
A comprehensive security policy has a number of benefits, including the following:
Demonstrates an organization’s commitment to security
Sets the rules for expected behavior
Ensures consistency in system operations, software and hardware acquisition and use, and maintenance
Defines the legal consequences of violations
Gives security staff the backing of management
38
Specifies authorized persons that can have access to network resources and identity verification procedures.
Identification and authentication policy
39
Ensures passwords meet minimum requirements and are changed regularly.
Password policies
40
Identifies network applications and uses that are acceptable to the organization. It may also identify ramifications if this policy is violated.
Acceptable Use Policy (AUP)
41
Identifies how remote users can access a network and what is accessible via remote connectivity.
Remote access policy
42
Specifies network device operating systems and end user application update procedures.
Network maintenance policy
43
Describes how security incidents are handled.
Incident handling procedures
44
One of the most common security policy components is an ____. This can also be referred to as an _____ This component defines what users are allowed and not allowed to do on the various system components. This includes the type of traffic that is allowed on the network. The ___ should be as explicit as possible to avoid misunderstanding.
AUP / Appropriate use policy
45
Many organizations must now also support _____. This enables employees to use
their own mobile devices to access company systems, software, networks, or information. This can bring an
increased information security risk because ____ can lead to data breaches and greater liability for the
organization.
Bring Your Own Device (BYOD)
46
BYOD security best practices to help mitigate BYOD vulnerabilities are:
Password protected access
Manually control wireless connectivity
Keep updated
Back up data
Enable "Find my Device"
Provide antivirus software
Use Mobile Device Management (MDM)
47
BYOD provides several key benefits to enterprises, including
increased productivity,
reduced IT and operating costs,
better mobility for employees, and
greater appeal when it comes to hiring and retaining employees.
48
Use unique passwords for each device and account.
Password protected access
49
Turn off Wi-Fi and Bluetooth connectivity when not in use. Connect only to trusted networks.
Manually control wireless connectivity
50
Always keep the device OS and other software updated. Updated software often contains security patches to mitigate against the latest threats or exploits.
Keep updated
51
Enable backup of the device in case it is lost or stolen.
Back up data
52
Subscribe to a device locator service with remote wipe feature.
Enable “Find my Device”
53
Provide antivirus software for approved BYOD devices.
Provide antivirus software
54
MDM software enables IT teams to implement security settings and software configurations on all devices that connect to company networks.
Use Mobile Device Management (MDM) software
55
Network security professionals must be familiar with the laws and codes of ethics that are binding on ___ professionals.
Information Systems Security (INFOSEC)
56
A common analogy used to describe a defense-in-depth approach is called
“the security onion.”
57
Security Onion
Hardened devices
Authentication, Authorization, and Accounting (AAA)
Content filtering
Intrusion Prevention Systems (IPS)
Firewall
58
The changing landscape of networking, such as the evolution of borderless networks, has changed this analogy to the ____ which benefits the threat actor.
threat actors no longer have to peel away each layer. They only need to remove certain _____ The bonus is that each “leaf” of the network may reveal sensitive data that is not well secured.
“security artichoke”
“artichoke leaves.”
59
Security Artichoke
Passwords
Client-side Attacks
Databases
Web Applications
Buffer Overflows
60
involves using different types of tools to test the network and end devices to validate the
security of the network.
Ethical hacking
61
uses hacker techniques and tools to evaluate the strength of network security measures. Cybersecurity personnel must also know how to use these tools when performing
network ____
Penetration testing
62
are an integrated security solution that combines traditionally independent tools into a suite of tools that are made to work together
Data Security Platforms (DSP)
63
One such DSP _____ is a cloud-based security operations
platform that enables organizations to integrate many
security functionalities into a single platform. ____
provides event management, network behavior
analytics, advanced threat detection, and incident
security orchestration, automation, and response
(SOAR) for response to threats as they are detected.
FireEye Helix
64
platform works with
diverse products that combine to safeguard your
network, users and endpoints, cloud edge, and
applications. SecureX functionality is built in to a
large and diverse portfolio of Cisco security
products including next-generation firewalls, VPN,
network analytics, identity service engine,
advanced malware protection (AMP), and many
other systems that work to secure all aspects of a
network. SecureX also integrates a range of thirdparty security tools.
Cisco SecureX
65
___ is one of the largest commercial threat
intelligence teams in the world. The goal of ___ is to help
protect enterprise users, data, and infrastructure from
active adversaries. The ____ team collects information
about active, existing, and emerging threats.____ then
provides comprehensive protection against these attacks
and malware to its subscribers.
Cisco Talos Threat Intelligence Group
66
Defending / Securing the Network
Develop a written security policy for the company.
Educate employees about the risks of social engineering, and develop strategies to validate identities over the phone, via email, or in person.
Control physical access to systems.
Use strong passwords and change them often.
Encrypt and password-protect sensitive data.
Implement security hardware and software such as firewalls, IPSs, virtual private network (VPN) devices, antivirus software, and content filtering.
Perform backups and test the backed-up files on a regular basis.
Shut down unnecessary services and ports.
Keep patches up-to-date by installing them weekly or daily, if possible, to prevent buffer overflow and privilege escalation attacks.
Perform security audits to test the network.
67
Mitigating Malware
Antivirus software (virus and trojan) helps prevent hosts from getting infected and spreading malicious code. It requires much more time to clean up infected computers than it does to maintain up-to-date antivirus software and antivirus definitions on the same machines.
Antivirus are host-based. antivirus software helps prevent hosts from getting infected and spreading malicious code.
These products are installed on computers and servers to detect and eliminate viruses.
However, they do not prevent viruses from entering the network.
Another way to mitigate
malware threats is to prevent malware files from entering the network at all. Security devices at
the network perimeter can identify known malware files based on their indictors of compromise.
The files can be removed from the incoming data stream before they can cause an incident.
68
Mitigating Worms (4 phase)
1. Containment
2. Inoculation
3. Quarantine
4. Treatment
69
involves limiting the spread of a worm infection to areas of the network that are already affected. This requires compartmentalization and segmentation of the network to slow down or stop the worm and to prevent currently infected hosts from targeting and infecting other systems. ______ requires using both outgoing and incoming ACLs on routers and firewalls at control points within the network.
The containment phase
70
runs parallel to or subsequent to the containment phase. During the inoculation phase, all uninfected systems are patched with the appropriate vendor patch. The ____ process further deprives the worm of any available targets.
The inoculation phase
71
involves tracking down and identifying infected machines within the contained areas and disconnecting, blocking, or removing them. This isolates these systems appropriately for the treatment phase.
The quarantine phase
72
involves actively disinfecting infected systems. This can involve terminating the worm process, removing modified files or system settings that the worm introduced, and patching the vulnerability the worm used to exploit the system. Alternatively, in more severe cases, the system may need to be reinstalled to ensure that the worm and its by-products are removed.
The treatment phase
73
Mitigating Reconnaissance Attacks
Implementing authentication to ensure proper access.
Using encryption to render packet sniffer attacks useless.
Using anti-sniffer tools to detect packet sniffer attacks.
Implementing a switched infrastructure.
Using a firewall and IPS.
74
are typically the precursor to other attacks that have the intent of gaining unauthorized access to a network or disrupting network functionality.
Reconnaissance attacks
75
provides intrusion prevention in a standalone device. Additionally, the Cisco Integrated Service Router supports network-based intrusion prevention through the Cisco IOS security image.
Cisco’s Adaptive Security Appliance (ASA)
76
is also effective for mitigating packet sniffer attacks. If traffic is _____, using a packet sniffer is of little use because captured data is not readable.
Encryption
76
____ detect changes in the response time of hosts to determine whether the hosts are processing more traffic than their own traffic loads would indicate. While this does not completely eliminate the threat, as part of an overall mitigation system, it can reduce the number of instances of threat.
Anti-sniffer software and hardware tools
77
It is impossible to mitigate port scanning, but using an _____ can limit the information that can be discovered with a port scanner.
intrusion prevention system (IPS) and firewall
78
Mitigating Access Attacks
Use strong passwords -
Strong passwords are at least eight characters and contain uppercase letters, lowercase letters, numbers, and special characters.
Disable accounts after a specified number of unsuccessful logins has occurred -
This practice helps to prevent continuous password attempts.
78
The network should also be designed using the principle of minimum trust.
True
79
is a critical component of any modern secure network.
Cryptography
80
Educate employees about the risks of social
engineering, and develop strategies to validate identities over the phone, via email, or in
person. _____ has become increasingly common.
Multifactor authentication (MFA)
81
Using ___ for remote access to a network is recommended. Routing protocol traffic should also be ____
encryption
82
One of the first signs of a DoS attack is a large number of user complaints about
unavailable resources or unusually slow network performance. A network utilization graph
showing unusual activity could indicate a DoS attack. To minimize the number of attacks,
a ___ should be running at all times.
network utilization software package
83
Historically, many DoS attacks were sourced from spoofed addresses. Cisco routers and
switches support many antispoofing technologies, such as
port security,
Dynamic Host Configuration Protocol (DHCP) snooping,
IP Source Guard,
Dynamic Address Resolution Protocol (ARP) Inspection, and
access control lists (ACLs).
84
____ provides comprehensive guidelines for protecting the network infrastructure. These guidelines form the foundation for continuous delivery of service.
The Cisco Network Foundation Protection (NFP) framework
85
NFP logically divides routers and switches into three functional areas,
Control Plane
Management Plane
Data Plane (Forwarding Plane)
86
Responsible for routing data correctly. Control plane traffic consists of device-generated packets required for the operation of the network itself, such as ARP message exchanges, or OSPF routing advertisements.
Control plane -
Control plane
87
Responsible for managing network elements. Management plane traffic is generated either by network devices or network management stations using processes and protocols such as Telnet, SSH, TFTP, FTP, NTP, AAA, SNMP, syslog, TACACS+, RADIUS, and NetFlow.
Management plane
88
Responsible for forwarding data. Data plane traffic normally consists of user-generated packets being forwarded between end devices. Most traffic travels through the router, or switch, via the data plane.
Data plane (Forwarding plane)
89
exchange of routing information <-----> routing protocol -----> ip routing protocol
Control plane
90
incoming IP packet ---> IP forwarding table ---> outgoing IP packet
ip routing table ----> ip forwarding table
Data plane
91
Management processes <---- Management Sessions
Management plane
92
______ consists of device-generated packets required for the operation of the network itself.
Control plane traffic
93
Securing the Control Plane
Routing protocol authentication
Control Plane Policing (CoPP)
AutoSecure
94
prevents a router from accepting fraudulent routing updates. Most routing protocols support neighbor authentication.
Routing protocol authentication or neighbor authentication
95
is a Cisco IOS feature designed to allow users to control the flow of traffic that is handled by the route processor of a network device.
Control Plane Policing (CoPP)
96
can lock down the management plane functions and the forwarding plane services and functions of a router.
AutoSecure
97
is designed to prevent unnecessary traffic from overwhelming the route processor. The ____ feature treats the control plane as a separate entity with its own ingress (input) and egress (output) ports. A set of rules can be established and associated with the ingress and egress ports of the control plane.
CoPP Control Plane Policing
98
Securing the Management Plane
Login and password policy
Present legal notification
Ensure the confidentiality of data
Role-based access control (RBAC)
Authorize actions
Enable management access reporting
99
Restricts device accessibility. Limits the accessible ports and restricts the “who” and “how” methods of access.
Login and password policy
100
Displays legal notices. These are often developed by legal counsel of a corporation.
Present legal notification
101
Protects locally stored sensitive data from being viewed or copied. Uses management protocols with strong authentication to mitigate confidentiality attacks aimed at exposing passwords and device configurations.
Ensure the confidentiality of data
102
Ensures access is only granted to authenticated users, groups, and services. RBAC and authentication, authorization, and accounting (AAA) services provide mechanisms to effectively manage access control.
Role-based access control (RBAC)
103
Restricts the actions and views that are permitted by any particular user, group, or service.
Authorize actions
104
Logs and accounts for all access. Records who accessed the device, what occurred, and when it occurred.
Enable management access reporting
105
is generated either by network devices or network
management stations using processes and protocols such as Telnet, SSH, and TFTP, etc. The _____ is a very attractive target to hackers.
Management plane traffic
106
____ restricts user access based on the role of the user. Roles are created according to job or task functions, and assigned access permissions to specific assets. Users are then assigned to roles, and are granted the permissions that are defined for that role.
RBAC Role based access control
107
In Cisco IOS, the role-based CLI access feature implements RBAC for ____ . The feature creates different “views” that define which commands are accepted and what configuration information is visible. For scalability, users, permissions, and roles are usually created and maintained in a central repository server. This makes the access control policy available to multiple devices. The central repository server can be a Cisco Identity Services Engine (ISE) which can provide authentication, authorization, and accounting (AAA) network services.
router management access
108
Securing the Data Plane
Blocking unwanted traffic or users
Reducing the chance of DoS attacks
Mitigating spoofing attacks
Providing bandwidth control
Classifying traffic to protect the Management and Control planes
109
consists mostly of user packets being forwarded through the router via the_____ .
Data plane traffic
110
Data plane security can be implemented using
ACLs,
antispoofing mechanisms, and
Layer 2 security features,
111
____ can also be used as an antispoofing mechanism by discarding traffic that has an invalid source address. This means that attacks must be initiated from valid, reachable IP addresses, which allows the packets to be traced to the originator of an attack.
ACLs
112
Features, such as___ can be used to complement the antispoofing strategy.
Unicast Reverse Path Forwarding (uRPF),
113
Layer 2 security tools are integrated into the Cisco Catalyst switches:
Port security
DHCP snooping
Dynamic ARP Inspection (DAI)
IP Source Guard (IPSG)
114
Prevents MAC address spoofing and MAC address flooding attacks.
Port security
115
Prevents client attacks on the DHCP server and switch.
DHCP snooping
116
Adds security to ARP by using the DHCP snooping table to minimize the impact of ARP poisoning and spoofing attacks.
Dynamic ARP Inspection (DAI)
117
Prevents spoofing of IP addresses by using the DHCP snooping table.
IP Source Guard (IPSG)
118
The ____ uses Control Plane Policing (CoPP) to allow users to control the flow of traffic that is handled by the route processor of a network device.
control plane
118
The information flow between in the _____ can be out-of-band (OOB), where information flows within a network on which no production traffic resides. It can also be in-band, where information flows across the enterprise production network, the internet, or both.
management plane
119
The ___ is responsible for applying ACLs such as whether traffic from hosts, networks, or users, can access the network.
data plane
120
The control plane is responsible for
routing protocol authentication,
route processor traffic (CoPP), and
AutoSecure.
121
The management plane is responsible for the following features:
login and password policy;
present legal notification;
data confidentiality;
role-based access control (RBAC);
action authorization; and
management access reporting.
122
The data plane is responsible for
ACLs and
port security that block unwanted traffic
as well as mitigating spoof attacks.
123
is the primary means of mitigating both virus and Trojan horse attacks. By using up-to-date antivirus software, the spread of viruses and Trojan horse attacks can be reduced.
Antivirus software
124
The CIA triad contains three components: _____ . It is a guideline for information security for an organization.
confidentiality, integrity, and availability
125
Which section of a security policy is used to specify that only authorized individuals should have access to enterprise data?
The identification and authentication policy section of the security policy typically specifies authorized persons that can have access to network resources and identity verification procedures.
125
Which security implementation will provide control plane protection for a network device?
routing protocol authentication
Control plane traffic such as ARP messages or routing protocol advertisements are generated by a network device in order to support network operations. Routing protocol authentication provides an extra measure of security to authenticate the source of routing updates. Encrypting remote access connections, utilizing the NTP protocol, and using AAA, are all measures implemented to secure management plane traffic.
126
What threat intelligence group provides blogs and podcasts to help network security professionals remain effective and up-to-date?
The Cisco Talos Group provides blogs and podcasts on security-related topics from a number of industry experts. These blogs and podcasts provide advice, research, and recommended mitigation techniques.
127
What worm mitigation phase involves actively disinfecting infected systems?
The four phases of worm mitigation are:
Containment
Inoculation
Quarantine
Treatment
Disinfecting systems is accomplished in the treatment phase and involves terminating the worm process, removing infected files, and patching vulnerabilities exploited by the worm.
128
With the evolution of borderless networks, which vegetable is now used to describe a defense-in-depth approach?
The artichoke is now used to provide a visual analogy to describe a defense-in-depth security approach. The onion used to be descriptive because the attacker would "peel away" each layer of the network defense mechanisms. Now the artichoke is used because a single petal or leaf can be moved or removed to reveal sensitive information.
129
How does BYOD change the way in which businesses implement networks?
BYOD provides flexibility in where and how users can access network resources
A BYOD environment requires an organization to accommodate a variety of devices and access methods. Personal devices, which are not under company control, may be involved, so security is critical. Onsite hardware costs will be reduced, allowing a business to focus on delivering collaboration tools and other software to BYOD users.
130
What functional area of the Cisco Network Foundation Protection framework uses protocols such as Telnet and SSH to manage network devices?
Management plane
There are three functional areas of the Cisco Network Foundation Protection (NFP) framework:
Control plane: Responsible for routing functions. Consists of the traffic generated by network devices to operate the network
Management plane: Responsible for managing network devices
Data (Forwarding) plane: Responsible for forwarding user data
131
What security tool allows a threat actor to hack into a wireless network and detect security vulnerabilities?
Aircrack-ng, Kismet, InSSIDer, KisMAC, Firesheep, and NetStumbler are examples of tools used to hack into a wireless network.
132
What is the primary function of SANS?
One of the primary functions of the SysAdmin, Audit, Network, Security (SANS) Institute is the maintenance of the Internet Storm Center early warning system.
133
What method can be used to mitigate ping sweeps?
blocking ICMP echo and echo-replies at the network edge
To mitigate ping sweeps, ICMP echo and echo-reply messages can be blocked on network edge routers. This does come at a cost. Because ICMP is also used for network diagnostic data, this diagnostic data will be blocked as well.
