Network Hardening

Question 1

securp snmp

Answer 1

simple network management protocol
monitors and controls servers switches routers firewalls and other devices

Question 2

which snmp versions have encrypted network traffic

Answer 2

snmpV3

Question 3

• Hardening technique focusing on router advertisements sent with IPv6

Answer 3

Router Advertisement (RA) guard

Question 4

• Prevent unauthorized users from connecting to a switch interface
• Will alert or disable the port

Answer 4

Port security

Question 5

Port security operation

Answer 5

Configure the max number of source MAC addresses on an interface

• Can also configure specific MAC addresses
• The switch monitors the number of unique MAC address and maintains a list of every source MAC address
• Once you exceed the maximum, port security activates and will disable the port or send an alert to the administrator

Question 6

A security feature on a switch that monitors ARP messages in order to detect faked ARP messages

Answer 6

Dynamic ARP Inspection (DAI)

Question 7

How does DAI work?

Answer 7

DAI tracks trusted IP to MAC bindings (using DHCP Snooping database).

• DAI has “Trusted” and “Untrusted” ports.
• Trusted ports aren’t checked, Untrusted ports are verified that they have an approved MAC.

Question 8

Control Plane Policing (CoPP)

Answer 8

A policy applied to the control plane of a router to protect the CPU from high rates of traffic that could impact router stability.

• Protects against denial of service or reconnaissance
• Can also block any non-management traffic

Question 9

What is the management (control) plane?

Answer 9

Used for access and management of network devices

Question 10

What is the data plane?

Answer 10

A conceptual component of a network device that performs the actual operation over data flows. Eg. Packet forwarding

Question 11

restrict access between interfaces
even on the same Vlan

Answer 11

port isolation

Question 12

A security technique to turn off ports on a network device that are not required or currently in use

Answer 12

Disabling unused interfaces

Question 13

A form of network access control that makes someone authenticate regardless of connection type to a when connecting to a network

Answer 13

802.1X Network Access Control

Question 14

• Every port is a possible entry port
• Close everything except required ports
• Can be controlled with a firewall - NGFW would be ideal
• Disable or filter any unused services from any network communication
• Use Nmap or similar port scanner to verify which ports are being used by your applications

Answer 14

Disable unnecessary ports and services

Question 15

• Most devices have default usernames and passwords
• Make sure to change them!
• The right credentials provide full control - Admin access

Answer 15

Changing default credentials

Question 16

• Don’t want users on the same VLAN that’s used by management traffic
• Have separate VLAN just for that traffic

Answer 16

Change default VLAN

Question 17

• A security feature on switches whereby DHCP messages on the network are checked and filtered
• The switch inspects DHCP traffic to ensure the host is not trying to spoof its MAC address
• Can be used to prevent rogue DHCP servers from operating on the network

Answer 17

DHCP snooping

Question 18

The process of regularly applying patches and updates to software

Answer 18

Patch management

Question 19

• Access is based on the role a person plays in an organization
• Allows unrestricted access and if the credentials for this account are shared, risk of compromise is greatly magnified

Answer 19

Role-based access

Question 20

• List of permissions associated with a system resource
• Specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects
• Each entry in specifies a subject and an operation

Answer 20

Access Control List (ACL

Question 21

• A set of individual instructions to control the actions of a firewall
• Most include implicit deny - If there’s no explicit rule in the rule list, the traffic is blocked

Answer 21

Firewall rules

Question 22

• Limit access through the physical hardware address
• Additional administration required for configuring which MAC addresses are allowed
• Will have to add new allowed addresses for visitors and new people on the network
• Security through obsurity

Answer 22

MAC filtering

Question 23

Authentication framework frequently used in wireless networks which supports multiple authentication methods w/o having to pre-negotiate a particular one

Answer 23

EAP (Extensible Authentication Protocol)

Question 24

• The use of GPS or RFID technology to create a virtual geographic boundary, enabling software to trigger a response when a mobile device enters or leaves a particular area, such as deny or allow
• Example - Disabling the camera on a mobile device when it enters a building where you don’t want someone taking pictures

Answer 24

Geofencing

Question 25

• Web page accessed with a browser that is displayed to newly connected users of a Wi-Fi or wired network before they are granted broader access to network resources
• Only allows HTTP traffic and redirects the HTTP traffic to a remediation server

Answer 25

Captive portal