How To Secure Routers And Switches Information Technology Essay

How To Secure Routers And Switches Information Technology Essay You have been approached by your manager give a talk on the Network security standard ISO 17799. Write a short precise detailing the purpose of this document and the main components within parts 1 and 2 of the document. (http://www.17799central.com/iso17799.htm) Write a brief analysis detailing the possible threats and consequences for a company that does not have an adequate Security Policy. Write a summary of how an Edge router can be configured into a firewall; include detail of how it can be used to filter traffic. Describe the operation of CBAC Detail the encryption techniques that are used in VPN systems and explain how/when they are used. Describe how you can secure/harden routers and switches Router hardening, password requirements, ssh, parser views, etc Port security, vlan hopping, anti-snooping, private vlans Multi-choice Review Questions 1. In which type of attack does the potential intruder attempt to discover and map out systems, services, and vulnerabilities? stake out reconnaissance tapping sniffing 2. Which type of attack prevents a user from accessing the targeted file server? Reconnaissance attack Denial of service attack Prevention of entry attack Disruption of structure attack 3. Which type of action does the ping sweep pose to an organization? eavesdropping reconnaissance denial of service unauthorized access 4. An employee of ABC Company receives an e-mail from a co-worker with an attachment. The employee opens the attachment and receives a call from the network administrator a few minutes later, stating that the employees machine has been attacked and is sending SMTP messages. Which category of attack is this? B) denial of service trojan horse port scanning password attack social engineering 5. What is a major characteristic of a Worm? D) malicious software that copies itself into other executable programs tricks users into running the infected software a set of computer instructions that lies dormant until triggered by a specific event exploits vulnerabilities with the intent of propagating itself across a network 6. A large investment firm has been attacked by a worm. In which order should the network support team perform the steps to mitigate the attack? A) A. inoculation B. treatment C. containment D. quarantine C,A,D,B A,B,C,D A,C,B,D D,A,C,B C,B,A,D 7. At XYZ Company, the policy for network use requires that employees log in to a Windows domain controller when they power on their work computers. Although XYZ does not implement all possible security measures, outgoing traffic is filtered using a firewall. Which security model is the company using? D) open access closed access hybrid access Restrictive access 8. Which three of these are common causes of persistent vulnerabilities in networks? (Choose three.) new exploits in existing software misconfigured hardware or software poor network design changes in the TCP/IP protocol changes in the core routers on the Internet end-user carelessness 9. A new network administrator is assigned the task of conducting a risk assessment of the companys network. The administrator immediately conducts a vulnerability assessment. Which important task should the administrator have completed first? threat identification security level application patch and update deployment asset identification perimeter security upgrade 10. A company deployed a web server on the company DMZ to provide external web services. While reviewing firewall log files, the administrator discovered that a connection was made to the internal e-mail server from the web server in DMZ. After reviewing the e-mail server logs, the administrator discovered that an unauthorized account was created. What type of attack was successfully carried out? phishing port redirection trust exploitation man-in-the-middle 11. Users are unable to access a company server. The system logs show that the server is operating slowly because it is receiving a high level of fake requests for service. Which type of attack is occurring? reconnaissance access DoS worms, viruses, and Trojan horses 12. Which two are examples of Distributed Denial of Service attacks? (Choose two.) B) D) SYN Flood Stacheldraht Ping of Death Smurf WinNuke Targa.c 13. Which two of these are examples of DDoS network attacks? (Choose two.) A) B) smurf attack Tribal Flood Network (TFN) teardrop.c man-in-the-middle attack port redirection social engineering 14. Which two are technological weaknesses that can lead to a breach in an organizations security? (Choose two.) C) D) software compatibility weakness DHCP security weakness TCP/IP protocol weakness operating system weakness LDAP weakness 15. What is the effect of applying this command to a Cisco router? E) router(config)# no service finger UNIX commands are disabled on the router. All TCP/IP services are disabled. PING usage is disabled. Users logged into the router remotely will not be able to see if other users are logged into the router 16. A partial router configuration is shown in the graphic. The network administrator adds the following command at the router prompt. router(config)# security passwords min-length 10 Which of the following is correct? A) The current password will continue to be used as a valid password until changed. No password is required. The current password is invalid and will not allow a login. A password that is at least ten characters long must immediately be implemented for a successful login. 17. The Security Wheel promotes a continuous process to retest and reapply updated security measures. What is the core or à ¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€¦Ã¢â‚¬Å"hubà ¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ã‚  component of the Security Wheel? D) testing policy monitor improve security policy 18. After providing for all operational requirements of the network, the network support team has determined that the servers should be hardened against security threats so that the network can operate at full potential. At which stage of the network life cycle does server hardening occur? E) planning design implementation operation optimization 19. A network administrator installs a new stateful firewall. Which type of security solution is this? secure connectivity threat defense policy enforcement trust and identity authentication 20. XYZ Company recently adopted software for installation on critical servers that will detect malicious attacks as they occur. In addition, the software will stop the execution of the attacks and send an alarm to the network administrator. Which technology does this software utilize? host-based intrusion detection host-based intrusion protection host-based intrusion prevention host-based intrusion notification 21. A security team is charged with hardening network devices. What must be accomplished first before deciding how to configure security on any device? Audit all relevant network devices. Document all router configurations. Create or update security policies. Complete a vulnerability assessment. 22. Which two objectives must a security policy accomplish? (Choose two.) provide a checklist for the installation of secure servers describe how the firewall must be configured document the resources to be protected identify the security objectives of the organization identify the specific tasks involved in hardening a router 23. Which router command will result in the router only accepting passwords of 16 characters or more? service password-encryption enable secret min-length 16 security passwords min-length 16 security passwords max-length 16 24. Which command will encrypt all passwords in the router configuration file? D) enable secret password encrypt all enable password-encryption service password-encryption no clear-text password 25. MD5 can be used for authenticating routing protocol updates for which three protocols? (Choose three.) B), D) E) RIPv1 RIPv2 IGRP EIGRP BGP 26. Which configuration will allow an administrator to access the console port using a password of password? B) router(config)# line aux 0 router(config-line)# login router(config-line)# password password router(config)# line console 0 router(config-line)# login router(config-line)# password password router(config)# line console 0 router(config-line)# password password router(config)# line console 0 router(config-line)# access router(config-line)# password password router(config)# line vty 0 router(config-line)# password password router(config)# line vty 0 router(config-line)# access router(config-line)# password password 27. Which command sets the inactivity timer, for a particular line or group of lines, to four minutes and fifteen seconds? E router(config)# line-timeout 4 15 router(config-line)# line-timeout 4 15 router(config-line)# exec-timeout 255 router(config-line)# timeout 255 router(config-line)# exec-timeout 4 15 router(config-line)# line-timeout 255 28. Which encryption type uses the MD5 hash algorithm? Type 0 Type 1 Type 5 Type 7 29. Which privilege level has the most access to the Cisco IOS? level 0 level 1 level 7 level 15 level 16 level 20 30. Which algorithm implements stateful connection control through the PIX Security Appliance? Network Address Translation Algorithm Access Control Security Algorithm Adaptive Security Algorithm Spanning Tree Protocol Algorithm 31. The Cisco Security Device Manager (SDM) allows administrators to securely configure supported routers by using which security protocol in Microsoft Internet Explorer? B) IPSec SSL SSH L2TP PPTP 32. A network administrator has received a Cisco PIX Security Appliance from another division within the company. The existing configuration has IP addresses that will cause problems on the network. What command sequence will successfully clear all the existing IP addresses and configure a new IP address on ethernet0? B) pix1(config)# clear ip all pix1(config)# interface ethernet0 pix1(config-if)# ip address 192.168.1.2 pix1(config)# clear ip pix1(config)# interface ethernet0 pix1(config-if)# ip address 192.168.1.2 255.255.255.0 pix1(config)# no ip address pix1(config)# interface ethernet0 pix1(config-if)# ip address 192.168.1.2 255.255.255.0 pix1(config)# clear ip pix1(config)# interface ethernet0 pix1(config-if)# ip address 192.168.1.2 0.0.0.255 33. A network team is configuring a Cisco PIX Security Appliance for NAT so that local addresses are translated. The team is creating a global address pool using a subnet of network 192.168.5.0 with a 27-bit mask. What is the proper syntax to set up this global address pool? B) pix1(config)# global (inside) 1 192.168.5.33-192.168.5.62 pix1(config)# global (outside) 1 192.168.5.33-192.168.5.62 pix1(config)# global (inside) 1 192.168.5.65-192.168.5.95 pix1(config)# global (outside) 1 192.168.5.65-192.168.5.95 pix1(config)# global (inside) 1 192.168.5.64-192.168.5.127 pix1(config)# global (outside) 1 192.168.5.65-192.168.5.127 34. A network administrator has configured an access control list on the Cisco PIX Security Appliance that allows inside hosts to ping outside hosts for troubleshooting. Which debug command can be used to troubleshoot if pings between hosts are not successful? debug icmp inside outside debug ping debug icmp trace debug trace icmp 35. Which protocol provides time synchronization? STP TSP NTP SMTP L2TP 36. Which command would configure a PIX Security Appliance to send syslog messages from its inside interface to a syslog server with the IP address of 10.0.0.3? D pixfirewall(config)# syslog inside 10.0.0.3 pixfirewall(config)# logging inside 10.0.0.3 pixfirewall(config)# syslog host inside 10.0.0.3 pixfirewall(config)# logging host inside 10.0.0.3 37. The configuration in the graphic has been entered into a PIX Security Appliance with three interfaces. The interfaces are inside, outside, and DMZ. What source address range will the traffic from inside devices use when they access devices in the DMZ? 10.0.0.1 to 10.0.0.254 172.16.0.20 to 172.16.0.254 172.16.0.1 to 172.16.0.254 192.168.0.20 to 192.168.0.254 10.0.0.1 to 10.255.255.254 38. What source IP address will the traffic from devices in the 10.0.2.0 network have when they leave the trusted network? C) 192.168.0.8 always 192.168.0.9 always 192.168.0.8 if ports are available, or 192.168.0.9 if 192.168.0.8s ports are exhausted 192.168.0.9 if ports are available, or 192.168.0.8 if 192.168.0.9s ports are exhausted 39. The commands in the graphic have been entered into a PIX Security Appliance. Which two statements are accurate descriptions of what will happen to outgoing traffic when it leaves the trusted network? (Choose two.) B) C) The source IP address will be from a pool of addresses in the 192.168.0.3 to 192.168.0.254 range. The source port will be a random port above port 1023. The source IP address will be 192.168.0.2 for all outgoing traffic. The source port will be port 1024. The source IP address will be in the range 10.0.0.1 to 10.0.255.254. 40. Interface Ethernet3 on a PIX Security Appliance has been configured with three subinterfaces to pass tagged traffic from three different VLANs. What protocol will be used to tag the VLAN traffic? ISL 802.1x VTP 802.1q 41. Which two commands will configure a static default route on the PIX Security Appliance in the network shown in the graphic? (Choose two.) route inside outside 0.0.0.0 0.0.0.0 172.16.0.2 1 route outside 0.0.0.0 0.0.0.0 172.16.0.2 1 ip route inside outside 0 0 192.168.0.2 1 route outside 0 0 172.16.0.2 1 ip route inside outside 0 0 172.16.0.2 1 route outside 0 0 192.168.0.2 1 42. How are transactions between a RADIUS client and a RADIUS server authenticated? by using a shared secret which is never sent over the network by hashing the secret using MD5 and then sending it over the network by hashing the secret using MD4 and then sending it over the network by using a clear-text password and then sending it over the network 43. RADIUS uses which transport layer protocol? C) IP TCP UDP ICMP DLC 44. Which authentication method is susceptible to playback attacks? C) passwords using S/KEY passwords using token card passwords requiring periodic change passwords using one-time password technology 45. Which authentication method sends passwords over the network in clear text yet protects against eavesdropping and password cracking attacks? C) authentication with FTP authentication with Telnet authentication with S/KEY authentication in POP3 e-mail 46. After a security audit, network managers realized that the authentication method used by their telecommuting employees needed to be improved. They set up a server and installed client software on the employee laptops of their remote users. They also provided a device for each remote user that generated a password every time they needed to make a remote network connection. Which authentication technology does this process describe? B) authentication with S/KEY authentication with token card authentication with encrypted password authentication with compressed password 47. What function does a digital certificate offer to information security? C) authorization accounting nonrepudiation intrusion prevention 48. Bookline Inc., an online bookstore, recently installed a web server running Microsoft Windows 2003 Server. Where should the company obtain a digital signature for the web server in order to assure customers that they are connecting to Booklines server and not an impersonating web server? a digital signature generated by the CA in Microsofts corporate headquarters a digital signature generated by the CA from a trusted third party a digital signature generated by the CA from a government agency a digital signature generated by any CA that establishes a secure connection 49. A large law firm wishes to secure dialup access to its corporate network for employees working at home. Since much of the data to be transmitted is highly confidential, the firm requires a high level of encryption and also prefers that each component of AAA be provided separately. Which security protocol best meets these requirements? TACACS XTACACS TACACS+ RADIUS 50. What are three reasons TACACS+ is preferred over RADIUS for authentication services? (Choose three.) RADIUS has limited name space for attributes. RADIUS is not an industry supported standard. TACACS+ encrypts the entire TACACS+ packet. TACACS+ authentication is included with more recent Windows Server versions. TACACS+ separates authentication and authorization. RADIUS uses TCP as a transport protocol creating additional overhead 51. A static username/password authentication method is susceptible to which three types of attacks? (Choose three.) playback theft teardrop syn flood eavesdropping 52. Company security policy requires the use of a centralized AAA server for network access authentication. Which two protocols are supported by the AAA server? (Choose two.) C) D) IPSec SSL RADIUS TACACS+ SSH 53. Which three are functions of AAA? (Choose three.) A), C) E) accounting availability authentication architecture authorization accessibility 54. A network administrator wishes to use port-level authentication technology to determine network access and assign IP addresses from different DHCP pools to authenticated and unauthenticated users. What standardized framework supports this objective? A) IEEE 802.1x IEEE 802.11af IEEE 802.1q IEEE 802.1p 55. What will be the result of executing the command in the graphic? C) The default login method will use TACACS+ only. TACACS+ accounting will be enabled at login. The enable password will be used if a TACACS+ server is not available. The default TACACS+ user shell will be enabled. 56. Which AAA service reduces IT operating costs by providing detailed reporting and monitoring of network user behavior, and also by keeping a record of every access connection and device configuration change across the network? authentication accreditation accounting authorization 57. What tool should you use to add a single user account to the Cisco Secure ACS for Windows user database? database replication Unknown User Policy RDBMS Synchronization Cisco Secure ACS HTML interface 58. Refer to the exhibit. Which two services can the network access server use to direct requests from the remote user to the Cisco Secure ACS authentication service? (Choose two.) CSAuth CSUtil RADIUS RDBMS TACACS+ 59. RTA(config)# tacacs-server key [emailprotected]? RTA(config)# tacacs-server host 10.1.2.4 RTA(config)# tacacs-server host 10.1.2.5 What will be the effect of these commands on router RTA? C) The TACACS+ server is now authenticating for the hosts 10.1.2.4 and 10.1.2.5. The TACACS+ server key has been exported to the hosts 10.1.2.4 and 10.1.2.5. The TACACS+ servers 10.1.2.4 and 10.1.2.5 and the router have been set to share the same authentication key. The TACACS+ servers are 10.1.2.4 and 10.1.2.5 and the configuration adds router RTA as a third TACACS+ server. 60. RTA(config)# aaa new-model RTA(config)# aaa authentication login default group tacacs+ enable After entering the configuration shown, the administrator loses the connection to the router before having the chance to create a new TACACS+ account. What is the easiest way for the administrator to regain administrative access to router RTA? C) Connect to the router, and use the default TACACS+ username and password. Erase NVRAM, and redo the configuration from scratch. Connect to the router, and supply the enable password. Perform a password recovery procedure on the router 61. Which command associates the group MYGROUP with the AAA server using the TACACS+ protocol? D) Pixfirewall(config)# aaa-server MYGROUP tacacs+ protocol Pixfirewall(config)# aaa-server protocol tacacs+ MYGROUP Pixfirewall(config)# aaa-server tacacs+ protocol MYGROUP Pixfirewall(config)# aaa-server MYGROUP protocol tacacs+ 62. Which configuration command defines the association of initiating HTTP protocol traffic with an authentication proxy name MYPROXY? C) Router(config)# ip auth-proxy MYPROXY http Router(config)# auth-proxy MYPROXY ip http Router(config)# ip auth-proxy name MYPROXY http Router(config)# auth-proxy name MYPROXY ip http 63. With the following configuration command, how long does the PIX Security Appliance try to access the AAA server 10.0.1.10 before choosing the next AAA server if there is no response from 10.0.1.10? aaa-server MYTACACS (inside) host 10.0.1.10 secretkey 12 seconds 15 seconds 20 seconds 30 seconds 64. Which command will enable AAA services on a router? B Router(config)# aaa enable Router(config)# aaa new-model Router(config)# aaa set enable Router(config)# aaa new-model enable 65. What is the default timeout in minutes for the inactivity-timer parameter of the ip auth-proxy command? 15 30 45 60 90 66. The network administrator configured the aaa authorization command below on the PIX Security Appliance. What is the effect of this command? pix(config)# aaa authorization include tcp/22 outside 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 auth1 FTP traffic from outside is subject to authorization by the AAA server. SSH traffic from outside is subject to authorization by the AAA server. HTTP traffic from outside is subject to authorization by the AAA server. SMTP traffic from outside is subject to authorization by the AAA server. 67. Which type of authentication is being used when authentication is required via the PIX Security Appliance before direct traffic flow is allowed between users and the company web server? C) access authentication console access authentication cut-through proxy authentication tunnel access authentication 68. What will be the effect in the router after these configuration commands are entered? B) Router(config)# ip auth-proxy name aprule http Router(config)# interface ethernet0 Router(config-if)# ip auth-proxy aprule An authentication proxy rule called aprule is created making all authentication proxy services available only through the ethernet0 interface. An authentication proxy rule called aprule has been created for the HTTP protocol and is associated with the ethernet0 interface. An authentication proxy rule called aprule has been created for all protocols except the HTTP protocol and is associated with the ethernet0 interface. An authentication proxy rule called aprule has been created for the HTTP server running internally to the router and is associated with anyone attempting to access the web server from the ethernet0 interface. 69. When Cisco IOS Firewall authentication proxy is enabled, a user sends HTTP traffic which will trigger the authentication proxy. What is the first action taken by the proxy? C) The user will be asked to supply a valid username and password. The TACACS+ server will be contacted to see if the user is a valid user. The authentication proxy will check to see if the user has already been authenticated. If the authentication proxy has no user account for the user, it will check to see if a default guest user has been defined. 70. A TACACS+ server is configured to provide authentication, authorization, and accounting. The IP address of the server is 192.168.50.1, and the AAA authentication encryption key is S3crtK3y. Which command sequence will configure a Cisco router to communicate with the TACACS+ server? D) Router(config)# aaa new-model Router(config)# aaa authentication default group tacacs+ Router(config)# aaa authorization auth-proxy default group tacacs+ Router(config)# aaa tacacs-server host 192.168.50.1 Router(config)# aaa tacacs-server key S3crtK3y Router(config)# aaa enable Router(config)# aaa authentication default group tacacs+ Router(config)# aaa authorization auth-proxy default group tacacs+ Router(config)# tacacs-server host 192.168.50.1 Router(config)# tacacs-server key S3crtK3y Router(config)# aaa enable Router(config)# aaa authentication login default group tacacs+ Router(config)# aaa authorization auth-proxy default group tacacs+ Router(config)# aaa tacacs-server host 192.168.50.1 Router(config)# aaa tacacs-server key S3crtK3y Router(config)# aaa new-model Router(config)# aaa authentication login default group tacacs+ Router(config)# aaa authorization auth-proxy default group tacacs+ Router(config)# tacacs-server host 192.168.50.1 Router(config)# tacacs-server key S3crtK3y 71. The lead network administrator notices that unknown users have made router configuration changes. These changes are adversely affecting the network. Which command can be entered on the router to help identify future configuration changes and who made these changes? aaa accounting show uauth aaa accounting console aaa accounting match 72. Refer to the exhibit. Since ABC, Inc. is strengthening security, a PIX Security Appliance firewall must be configured with AAA services. Accounting should be provided for all FTP and HTTP traffic from any host to the WWW server at 192.168.2.10. Which command sequence would successfully process the desired traffic to the NY_ACS accounting server? A pixfirewall(config)# access-list 110 permit tcp any host 192.168.2.10 eq ftp pixfirewall(config)# access-list 110 permit tcp any host 192.168.2.10 eq http pixfirewall(config)# aaa accounting match 110 outside NY_ACS pixfirewall(config)# access-list 110 permit tcp any host 192.168.2.10 eq ftp pixfirewall(config)# access-list 110 permit tcp any host 192.168.2.10 eq http pixfirewall(config)# aaa accounting access-list 110 outside 10.0.0.2 pixfirewall(config)# access-list 110 permit tcp any host 10.0.0.2 eq ftp pixfirewall(config)# access-list 110 permit tcp any host 10.0.0.2 eq http pixfirewall(config)# aaa accounting match 110 outside NY_ACS pixfirewall(config)# access-list 110 permit tcp any host 192.168.2.10 eq ftp pixfirewall(config)# access-list 110 permit tcp any host 192.168.2.10 eq http pixfirewall(config)# aaa accounting match 110 outside 10.0.0.2 73. Which command displays the current authenticated users, the host IP to which they are bound, and any cached IP and port authorization information on a Cisco PIX Security Appliance configured for AAA? B) pixfirewall(config)# show aaa all pixfirewall(config)# show uauth pixfirewall(config)# show aaa statistics pixfirewall(config)# show aaa-server 74. A user has initiated an HTTP session through a firewall and has been authenticated by an authentication proxy. They have not generated any traffic in a while and the idle timer has expired for that user. What will the user have to do to allow them to go through the firewall again? D) The user can manually restart the idle timer. The user can simply TFTP their user profile to t