How To Secure Routers And Switches Information Technology Essay

You have been approached by your manager give a talk on the Network security standard ISO 17799. Write a short precise detailing the purpose of this document and the main components within parts 1 and 2 of the document. (http://www.17799central.com/iso17799.htm)

Write a brief analysis detailing the possible threats and consequences for a company that does not have an adequate Security Policy.

Write a summary of how an Edge router can be configured into a firewall; include detail of how it can be used to filter traffic. Describe the operation of CBAC

Detail the encryption techniques that are used in VPN systems and explain how/when they are used.

Describe how you can secure/harden routers and switches

Router hardening, password requirements, ssh, parser views, etc

Port security, vlan hopping, anti-snooping, private vlans

Multi-choice Review Questions

1.

In which type of attack does the potential intruder attempt to discover and map out systems, services, and vulnerabilities?

stake out

reconnaissance

tapping

sniffing

2.

Which type of attack prevents a user from accessing the targeted file server?

Reconnaissance attack

Denial of service attack

Prevention of entry attack

Disruption of structure attack

3.

Which type of action does the “ping sweep” pose to an organization?

eavesdropping

reconnaissance

denial of service

unauthorized access

4.

An employee of ABC Company receives an e-mail from a co-worker with an attachment. The employee opens the attachment and receives a call from the network administrator a few minutes later, stating that the employee’s machine has been attacked and is sending SMTP messages. Which category of attack is this? B)

denial of service

trojan horse

port scanning

password attack

social engineering

5.

What is a major characteristic of a Worm? D)

malicious software that copies itself into other executable programs

tricks users into running the infected software

a set of computer instructions that lies dormant until triggered by a specific event

exploits vulnerabilities with the intent of propagating itself across a network

6.

A large investment firm has been attacked by a worm. In which order should the network support team perform the steps to mitigate the attack? A)

A. inoculation

B. treatment

C. containment

D. quarantine

C,A,D,B

A,B,C,D

A,C,B,D

D,A,C,B

C,B,A,D

7.

At XYZ Company, the policy for network use requires that employees log in to a Windows domain controller when they power on their work computers. Although XYZ does not implement all possible security measures, outgoing traffic is filtered using a firewall. Which security model is the company using? D)

open access

closed access

hybrid access

Restrictive access

8.

Which three of these are common causes of persistent vulnerabilities in networks? (Choose three.)

new exploits in existing software

misconfigured hardware or software

poor network design

changes in the TCP/IP protocol

changes in the core routers on the Internet

end-user carelessness

9.

A new network administrator is assigned the task of conducting a risk assessment of the company’s network. The administrator immediately conducts a vulnerability assessment. Which important task should the administrator have completed first?

threat identification

security level application

patch and update deployment

asset identification

perimeter security upgrade

10.

A company deployed a web server on the company DMZ to provide external web services. While reviewing firewall log files, the administrator discovered that a connection was made to the internal e-mail server from the web server in DMZ. After reviewing the e-mail server logs, the administrator discovered that an unauthorized account was created. What type of attack was successfully carried out?

phishing

port redirection

trust exploitation

man-in-the-middle

11.

Users are unable to access a company server. The system logs show that the server is operating slowly because it is receiving a high level of fake requests for service. Which type of attack is occurring?

reconnaissance

access

DoS

worms, viruses, and Trojan horses

12.

Which two are examples of Distributed Denial of Service attacks? (Choose two.) B) & D)

SYN Flood

Stacheldraht

Ping of Death

Smurf

WinNuke

Targa.c

13.

Which two of these are examples of DDoS network attacks? (Choose two.) A) & B)

smurf attack

Tribal Flood Network (TFN)

teardrop.c

man-in-the-middle attack

port redirection

social engineering

14.

Which two are technological weaknesses that can lead to a breach in an organization’s security? (Choose two.) C) & D)

software compatibility weakness

DHCP security weakness

TCP/IP protocol weakness

operating system weakness

LDAP weakness

15.

What is the effect of applying this command to a Cisco router? E)

router(config)# no service finger

UNIX commands are disabled on the router.

All TCP/IP services are disabled.

PING usage is disabled.

Users logged into the router remotely will not be able to see if other users are logged into the router

16.

A partial router configuration is shown in the graphic. The network administrator adds the following command at the router prompt.

router(config)# security passwords min-length 10

Which of the following is correct? A)

The current password will continue to be used as a valid password until changed.

No password is required.

The current password is invalid and will not allow a login.

A password that is at least ten characters long must immediately be implemented for a successful login.

17.

The Security Wheel promotes a continuous process to retest and reapply updated security measures. What is the core or “hub” component of the Security Wheel? D)

testing policy

monitor

improve

security policy

18.

After providing for all operational requirements of the network, the network support team has determined that the servers should be hardened against security threats so that the network can operate at full potential. At which stage of the network life cycle does server hardening occur? E)

planning

design

implementation

operation

optimization

19.

A network administrator installs a new stateful firewall. Which type of security solution is this?

secure connectivity

threat defense

policy enforcement

trust and identity

authentication

20.

XYZ Company recently adopted software for installation on critical servers that will detect malicious attacks as they occur. In addition, the software will stop the execution of the attacks and send an alarm to the network administrator. Which technology does this software utilize?

host-based intrusion detection

host-based intrusion protection

host-based intrusion prevention

host-based intrusion notification

21.

A security team is charged with hardening network devices. What must be accomplished first before deciding how to configure security on any device?

Audit all relevant network devices.

Document all router configurations.

Create or update security policies.

Complete a vulnerability assessment.

22.

Which two objectives must a security policy accomplish? (Choose two.)

provide a checklist for the installation of secure servers

describe how the firewall must be configured

document the resources to be protected

identify the security objectives of the organization

identify the specific tasks involved in hardening a router

23.

Which router command will result in the router only accepting passwords of 16 characters or more?

service password-encryption

enable secret min-length 16

security passwords min-length 16

security passwords max-length 16

24.

Which command will encrypt all passwords in the router configuration file? D)

enable secret

password encrypt all

enable password-encryption

service password-encryption

no clear-text password

25.

MD5 can be used for authenticating routing protocol updates for which three protocols? (Choose three.) B), D) & E)

RIPv1

RIPv2

IGRP

EIGRP

BGP

26.

Which configuration will allow an administrator to access the console port using a password of password? B)

router(config)# line aux 0

router(config-line)# login

router(config-line)# password password

router(config)# line console 0

router(config-line)# login

router(config-line)# password password

router(config)# line console 0

router(config-line)# password password

router(config)# line console 0

router(config-line)# access

router(config-line)# password password

router(config)# line vty 0

router(config-line)# password password

router(config)# line vty 0

router(config-line)# access

router(config-line)# password password

27.

Which command sets the inactivity timer, for a particular line or group of lines, to four minutes and fifteen seconds? E

router(config)# line-timeout 4 15

router(config-line)# line-timeout 4 15

router(config-line)# exec-timeout 255

router(config-line)# timeout 255

router(config-line)# exec-timeout 4 15

router(config-line)# line-timeout 255

28.

Which encryption type uses the MD5 hash algorithm?

Type 0

Type 1

Type 5

Type 7

29.

Which privilege level has the most access to the Cisco IOS?

level 0

level 1

level 7

level 15

level 16

level 20

30.

Which algorithm implements stateful connection control through the PIX Security Appliance?

Network Address Translation Algorithm

Access Control Security Algorithm

Adaptive Security Algorithm

Spanning Tree Protocol Algorithm

31.

The Cisco Security Device Manager (SDM) allows administrators to securely configure supported routers by using which security protocol in Microsoft Internet Explorer? B)

IPSec

SSL

SSH

L2TP

PPTP

32.

A network administrator has received a Cisco PIX Security Appliance from another division within the company. The existing configuration has IP addresses that will cause problems on the network. What command sequence will successfully clear all the existing IP addresses and configure a new IP address on ethernet0? B)

pix1(config)# clear ip all

pix1(config)# interface ethernet0

pix1(config-if)# ip address 192.168.1.2

pix1(config)# clear ip

pix1(config)# interface ethernet0

pix1(config-if)# ip address 192.168.1.2 255.255.255.0

pix1(config)# no ip address

pix1(config)# interface ethernet0

pix1(config-if)# ip address 192.168.1.2 255.255.255.0

pix1(config)# clear ip

pix1(config)# interface ethernet0

pix1(config-if)# ip address 192.168.1.2 0.0.0.255

33.

A network team is configuring a Cisco PIX Security Appliance for NAT so that local addresses are translated. The team is creating a global address pool using a subnet of network 192.168.5.0 with a 27-bit mask. What is the proper syntax to set up this global address pool? B)

pix1(config)# global (inside) 1 192.168.5.33-192.168.5.62

pix1(config)# global (outside) 1 192.168.5.33-192.168.5.62

pix1(config)# global (inside) 1 192.168.5.65-192.168.5.95

pix1(config)# global (outside) 1 192.168.5.65-192.168.5.95

pix1(config)# global (inside) 1 192.168.5.64-192.168.5.127

pix1(config)# global (outside) 1 192.168.5.65-192.168.5.127

34.

A network administrator has configured an access control list on the Cisco PIX Security Appliance that allows inside hosts to ping outside hosts for troubleshooting. Which debug command can be used to troubleshoot if pings between hosts are not successful?

debug icmp inside outside

debug ping

debug icmp trace

debug trace icmp

35.

Which protocol provides time synchronization?

STP

TSP

NTP

SMTP

L2TP

36.

Which command would configure a PIX Security Appliance to send syslog messages from its inside interface to a syslog server with the IP address of 10.0.0.3? D

pixfirewall(config)# syslog inside 10.0.0.3

pixfirewall(config)# logging inside 10.0.0.3

pixfirewall(config)# syslog host inside 10.0.0.3

pixfirewall(config)# logging host inside 10.0.0.3

37.

The configuration in the graphic has been entered into a PIX Security Appliance with three interfaces. The interfaces are inside, outside, and DMZ. What source address range will the traffic from inside devices use when they access devices in the DMZ?

10.0.0.1 to 10.0.0.254

172.16.0.20 to 172.16.0.254

172.16.0.1 to 172.16.0.254

192.168.0.20 to 192.168.0.254

10.0.0.1 to 10.255.255.254

38.

What source IP address will the traffic from devices in the 10.0.2.0 network have when they leave the trusted network? C)

192.168.0.8 always

192.168.0.9 always

192.168.0.8 if ports are available, or 192.168.0.9 if 192.168.0.8’s ports are exhausted

192.168.0.9 if ports are available, or 192.168.0.8 if 192.168.0.9’s ports are exhausted

39.

The commands in the graphic have been entered into a PIX Security Appliance. Which two statements are accurate descriptions of what will happen to outgoing traffic when it leaves the trusted network? (Choose two.) B) & C)

The source IP address will be from a pool of addresses in the 192.168.0.3 to 192.168.0.254 range.

The source port will be a random port above port 1023.

The source IP address will be 192.168.0.2 for all outgoing traffic.

The source port will be port 1024.

The source IP address will be in the range 10.0.0.1 to 10.0.255.254.

40.

Interface Ethernet3 on a PIX Security Appliance has been configured with three subinterfaces to pass tagged traffic from three different VLANs. What protocol will be used to tag the VLAN traffic?

ISL

802.1x

VTP

802.1q

41.

Which two commands will configure a static default route on the PIX Security Appliance in the network shown in the graphic? (Choose two.)

route inside outside 0.0.0.0 0.0.0.0 172.16.0.2 1

route outside 0.0.0.0 0.0.0.0 172.16.0.2 1

ip route inside outside 0 0 192.168.0.2 1

route outside 0 0 172.16.0.2 1

ip route inside outside 0 0 172.16.0.2 1

route outside 0 0 192.168.0.2 1

42.

How are transactions between a RADIUS client and a RADIUS server authenticated?

by using a shared secret which is never sent over the network

by hashing the secret using MD5 and then sending it over the network

by hashing the secret using MD4 and then sending it over the network

by using a clear-text password and then sending it over the network

43.

RADIUS uses which transport layer protocol? C)

IP

TCP

UDP

ICMP

DLC

44.

Which authentication method is susceptible to playback attacks? C)

passwords using S/KEY

passwords using token card

passwords requiring periodic change

passwords using one-time password technology

45.

Which authentication method sends passwords over the network in clear text yet protects against eavesdropping and password cracking attacks? C)

authentication with FTP

authentication with Telnet

authentication with S/KEY

authentication in POP3 e-mail

46.

After a security audit, network managers realized that the authentication method used by their telecommuting employees needed to be improved. They set up a server and installed client software on the employee laptops of their remote users. They also provided a device for each remote user that generated a password every time they needed to make a remote network connection. Which authentication technology does this process describe? B)

authentication with S/KEY

authentication with token card

authentication with encrypted password

authentication with compressed password

47.

What function does a digital certificate offer to information security? C)

authorization

accounting

nonrepudiation

intrusion prevention

48.

Bookline Inc., an online bookstore, recently installed a web server running Microsoft Windows 2003 Server. Where should the company obtain a digital signature for the web server in order to assure customers that they are connecting to Bookline’s server and not an impersonating web server?

a digital signature generated by the CA in Microsoft’s corporate headquarters

a digital signature generated by the CA from a trusted third party

a digital signature generated by the CA from a government agency

a digital signature generated by any CA that establishes a secure connection

49.

A large law firm wishes to secure dialup access to its corporate network for employees working at home. Since much of the data to be transmitted is highly confidential, the firm requires a high level of encryption and also prefers that each component of AAA be provided separately. Which security protocol best meets these requirements?

TACACS

XTACACS

TACACS+

RADIUS

50.

What are three reasons TACACS+ is preferred over RADIUS for authentication services? (Choose three.)

RADIUS has limited name space for attributes.

RADIUS is not an industry supported standard.

TACACS+ encrypts the entire TACACS+ packet.

TACACS+ authentication is included with more recent Windows Server versions.

TACACS+ separates authentication and authorization.

RADIUS uses TCP as a transport protocol creating additional overhead

51.

A static username/password authentication method is susceptible to which three types of attacks? (Choose three.)

playback

theft

teardrop

syn flood

eavesdropping

52.

Company security policy requires the use of a centralized AAA server for network access authentication. Which two protocols are supported by the AAA server? (Choose two.) C) & D)

IPSec

SSL

RADIUS

TACACS+

SSH

53.

Which three are functions of AAA? (Choose three.) A), C) & E)

accounting

availability

authentication

architecture

authorization

accessibility

54.

A network administrator wishes to use port-level authentication technology to determine network access and assign IP addresses from different DHCP pools to authenticated and unauthenticated users. What standardized framework supports this objective? A)

IEEE 802.1x

IEEE 802.11af

IEEE 802.1q

IEEE 802.1p

55.

What will be the result of executing the command in the graphic? C)

The default login method will use TACACS+ only.

TACACS+ accounting will be enabled at login.

The enable password will be used if a TACACS+ server is not available.

The default TACACS+ user shell will be enabled.

56.

Which AAA service reduces IT operating costs by providing detailed reporting and monitoring of network user behavior, and also by keeping a record of every access connection and device configuration change across the network?

authentication

accreditation

accounting

authorization

57.

What tool should you use to add a single user account to the Cisco Secure ACS for Windows user database?

database replication

Unknown User Policy

RDBMS Synchronization

Cisco Secure ACS HTML interface

58.

Refer to the exhibit. Which two services can the network access server use to direct requests from the remote user to the Cisco Secure ACS authentication service? (Choose two.)

CSAuth

CSUtil

RADIUS

RDBMS

TACACS+

59.

RTA(config)# tacacs-server key 2bor!2b@?

RTA(config)# tacacs-server host 10.1.2.4

RTA(config)# tacacs-server host 10.1.2.5

What will be the effect of these commands on router RTA? C)

The TACACS+ server is now authenticating for the hosts 10.1.2.4 and 10.1.2.5.

The TACACS+ server key has been exported to the hosts 10.1.2.4 and 10.1.2.5.

The TACACS+ servers 10.1.2.4 and 10.1.2.5 and the router have been set to share the same authentication key.

The TACACS+ servers are 10.1.2.4 and 10.1.2.5 and the configuration adds router RTA as a third TACACS+ server.

60.

RTA(config)# aaa new-model

RTA(config)# aaa authentication login default group tacacs+ enable

After entering the configuration shown, the administrator loses the connection to the router before having the chance to create a new TACACS+ account. What is the easiest way for the administrator to regain administrative access to router RTA? C)

Connect to the router, and use the default TACACS+ username and password.

Erase NVRAM, and redo the configuration from scratch.

Connect to the router, and supply the enable password.

Perform a password recovery procedure on the router

61.

Which command associates the group MYGROUP with the AAA server using the TACACS+ protocol? D)

Pixfirewall(config)# aaa-server MYGROUP tacacs+ protocol

Pixfirewall(config)# aaa-server protocol tacacs+ MYGROUP

Pixfirewall(config)# aaa-server tacacs+ protocol MYGROUP

Pixfirewall(config)# aaa-server MYGROUP protocol tacacs+

62.

Which configuration command defines the association of initiating HTTP protocol traffic with an authentication proxy name MYPROXY? C)

Router(config)# ip auth-proxy MYPROXY http

Router(config)# auth-proxy MYPROXY ip http

Router(config)# ip auth-proxy name MYPROXY http

Router(config)# auth-proxy name MYPROXY ip http

63.

With the following configuration command, how long does the PIX Security Appliance try to access the AAA server 10.0.1.10 before choosing the next AAA server if there is no response from 10.0.1.10?

aaa-server MYTACACS (inside) host 10.0.1.10 secretkey

12 seconds

15 seconds

20 seconds

30 seconds

64.

Which command will enable AAA services on a router? B

Router(config)# aaa enable

Router(config)# aaa new-model

Router(config)# aaa set enable

Router(config)# aaa new-model enable

65.

What is the default timeout in minutes for the inactivity-timer parameter of the ip auth-proxy command?

15

30

45

60

90

66.

The network administrator configured the aaa authorization command below on the PIX Security Appliance. What is the effect of this command?

pix(config)# aaa authorization include tcp/22 outside 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 auth1

FTP traffic from outside is subject to authorization by the AAA server.

SSH traffic from outside is subject to authorization by the AAA server.

HTTP traffic from outside is subject to authorization by the AAA server.

SMTP traffic from outside is subject to authorization by the AAA server.

67.

Which type of authentication is being used when authentication is required via the PIX Security Appliance before direct traffic flow is allowed between users and the company web server? C)

access authentication

console access authentication

cut-through proxy authentication

tunnel access authentication

68.

What will be the effect in the router after these configuration commands are entered? B)

Router(config)# ip auth-proxy name aprule http

Router(config)# interface ethernet0

Router(config-if)# ip auth-proxy aprule

An authentication proxy rule called aprule is created making all authentication proxy services available only through the ethernet0 interface.

An authentication proxy rule called aprule has been created for the HTTP protocol and is associated with the ethernet0 interface.

An authentication proxy rule called aprule has been created for all protocols except the HTTP protocol and is associated with the ethernet0 interface.

An authentication proxy rule called aprule has been created for the HTTP server running internally to the router and is associated with anyone attempting to access the web server from the ethernet0 interface.

69.

When Cisco IOS Firewall authentication proxy is enabled, a user sends HTTP traffic which will trigger the authentication proxy. What is the first action taken by the proxy? C)

The user will be asked to supply a valid username and password.

The TACACS+ server will be contacted to see if the user is a valid user.

The authentication proxy will check to see if the user has already been authenticated.

If the authentication proxy has no user account for the user, it will check to see if a default guest user has been defined.

70.

A TACACS+ server is configured to provide authentication, authorization, and accounting. The IP address of the server is 192.168.50.1, and the AAA authentication encryption key is S3crtK3y. Which command sequence will configure a Cisco router to communicate with the TACACS+ server? D)

Router(config)# aaa new-model

Router(config)# aaa authentication default group tacacs+

Router(config)# aaa authorization auth-proxy default group tacacs+

Router(config)# aaa tacacs-server host 192.168.50.1

Router(config)# aaa tacacs-server key S3crtK3y

Router(config)# aaa enable

Router(config)# aaa authentication default group tacacs+

Router(config)# aaa authorization auth-proxy default group tacacs+

Router(config)# tacacs-server host 192.168.50.1

Router(config)# tacacs-server key S3crtK3y

Router(config)# aaa enable

Router(config)# aaa authentication login default group tacacs+

Router(config)# aaa authorization auth-proxy default group tacacs+

Router(config)# aaa tacacs-server host 192.168.50.1

Router(config)# aaa tacacs-server key S3crtK3y

Router(config)# aaa new-model

Router(config)# aaa authentication login default group tacacs+

Router(config)# aaa authorization auth-proxy default group tacacs+

Router(config)# tacacs-server host 192.168.50.1

Router(config)# tacacs-server key S3crtK3y

71.

The lead network administrator notices that unknown users have made router configuration changes. These changes are adversely affecting the network. Which command can be entered on the router to help identify future configuration changes and who made these changes?

aaa accounting

show uauth

aaa accounting console

aaa accounting match

72.

Refer to the exhibit. Since ABC, Inc. is strengthening security, a PIX Security Appliance firewall must be configured with AAA services. Accounting should be provided for all FTP and HTTP traffic from any host to the WWW server at 192.168.2.10.

Which command sequence would successfully process the desired traffic to the NY_ACS accounting server? A

pixfirewall(config)# access-list 110 permit tcp any host 192.168.2.10 eq ftp

pixfirewall(config)# access-list 110 permit tcp any host 192.168.2.10 eq http

pixfirewall(config)# aaa accounting match 110 outside NY_ACS

pixfirewall(config)# access-list 110 permit tcp any host 192.168.2.10 eq ftp

pixfirewall(config)# access-list 110 permit tcp any host 192.168.2.10 eq http

pixfirewall(config)# aaa accounting access-list 110 outside 10.0.0.2

pixfirewall(config)# access-list 110 permit tcp any host 10.0.0.2 eq ftp

pixfirewall(config)# access-list 110 permit tcp any host 10.0.0.2 eq http

pixfirewall(config)# aaa accounting match 110 outside NY_ACS

pixfirewall(config)# access-list 110 permit tcp any host 192.168.2.10 eq ftp

pixfirewall(config)# access-list 110 permit tcp any host 192.168.2.10 eq http

pixfirewall(config)# aaa accounting match 110 outside 10.0.0.2

73.

Which command displays the current authenticated users, the host IP to which they are bound, and any cached IP and port authorization information on a Cisco PIX Security Appliance configured for AAA? B)

pixfirewall(config)# show aaa all

pixfirewall(config)# show uauth

pixfirewall(config)# show aaa statistics

pixfirewall(config)# show aaa-server

74.

A user has initiated an HTTP session through a firewall and has been authenticated by an authentication proxy. They have not generated any traffic in a while and the idle timer has expired for that user. What will the user have to do to allow them to go through the firewall again? D)

The user can manually restart the idle timer.

The user can simply TFTP their user profile to t