Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
70 Cards in this Set
- Front
- Back
Endpoints |
Hosts commonly consist of laptops, desktops, servers, and IP phones which are susceptible to malware-related attacks. |
|
Network infrastructure |
LAN infrastructure devices interconnect endpoints and typically include switches, wireless devices, and IP telephony devices. |
|
AMP |
Advanced Malware Protection provides endpoint protection from viruses and malware. |
|
ESA |
Email Security Appliances (ESA) provide filtering of SPAM emails before they reach the endpoint. |
|
WSA |
Web Security Appliances provide filtering of websites and blacklisting before they reach the endpoint. |
|
NAC |
Network Admission Control only permits authorized and compliant systems to connect to the network. |
|
URL filtering |
Provide filtering of websites before they reach the endpoint. |
|
Blacklisting |
Identify websites with bad reputations. Blacklisting immediately blocks connections based on the latest reputation intelligence, removing the need for a more resource-intensive, in-depth analysis. |
|
Data loss prevention (DLP) |
Prevent sensitive information from being lost or stolen. |
|
Antivirus / Antimalware |
Protect endpoints from viruses and malware. |
|
SPAM filtering |
Provide filtering of SPAM emails before they reach the endpoint. |
|
AMP solution: File Reputation |
Analyze files inline and block or apply policies |
|
AMP solution: File Sandboxing |
Analyze unknown files to understand true file behavior |
|
AMP solution: File retrospection |
Continue to analyze files for changing threat levels |
|
AMP |
BEFORE AMP helps to prevent known malware, policy-violating file types, and policy-violating communications from entering an extended network. DURING AMP continuously analyzes files and network traffic for threats that evade the first lines of defense.AMP continuously analyzes files and network traffic for threats that evade the first lines of defense. AFTER AMP can quickly and efficiently understand, scope, contain, and remediate an active attack. |
|
Cisco Email Security solutions: Global threat intelligence |
Cisco Talos provides a 24-hour view into global traffic activity. It analyzes anomalies, uncovers new threats, and monitors traffic trends. |
|
Cisco Email Security solutions: Spam blocking |
A multilayered defense combines an outer layer of filtering based on the reputation of the sender and an inner layer of filtering that performs a deep analysis of the message. |
|
Cisco Email Security solutions: Advanced malware protection |
It delivers protection across the attack continuum: before, during, and after an attack. |
|
Cisco Email Security solutions: Outbound message control |
Controls outbound messages through DLP and email encryption to help ensure that important messages comply with industry standards and are protected in transit. |
|
Cisco Web Security Appliance solutions: Talos Security Intelligence |
Fast and comprehensive web protection backed by a large threat detection network. |
|
Cisco Web Security Appliance solutions: Cisco Web Usage Controls |
Combines traditional URL filtering with dynamic content analysis to mitigate compliance, liability, and productivity risks. |
|
Cisco Web Security Appliance solutions: Advanced Malware Protection (AMP) |
AMP is an additionally licensed feature available to all Cisco WSA customers. |
|
Cisco Web Security Appliance solutions: Data Loss Prevention (DLP) |
Prevent confidential data from leaving the network by creating context-based rules for basic DLP. |
|
Cisco Cloud Web Security (CWS) |
a cloud-based security service that uses web proxies in Cisco’s cloud environment to scan traffic for malware and policy enforcement. |
|
Cisco customers can connect to the Cisco CWS service directly by using a |
proxy autoconfiguration (PAC) file in the user’s end device or through connectors integrated into four Cisco products: Cisco ISR G2 routers Cisco ASA Cisco WSA Cisco AnyConnect Secure Mobility Client |
|
Cisco Network Admission Control (NAC) is |
to allow only authorized and compliant systems, whether managed or unmanaged, to access the network |
|
NAC framework |
The NAC framework uses the existing Cisco network infrastructure and third-party software to enforce security policy compliance on all endpoints |
|
Cisco NAC appliance |
incorporates NAC functions into an appliance and provides a solution to control network access. |
|
Cisco NAC Manager (NAM) |
The policy and management center for an appliance-based NAC deployment environment, Cisco NAC Manager defines role-based user access and endpoint security policies. |
|
Cisco NAC Server (NAS) |
Assesses and enforces security policy compliance in an appliance-based NAC deployment environment. |
|
Cisco NAC Agent (NAA) |
performs deep inspection of the device's security profile by analyzing registry settings, services, and files. |
|
Cisco NAC guest server |
Manages guest network access, including provisioning, notification, management, and reporting of all guest user accounts and network activities |
|
Cisco NAC profiler |
Helps to deploy policy-based access control by providing discovery, profiling, policy-based placement, and post-connection monitoring of all endpoint devices. |
|
CAM table attacks |
Includes CAM table overflow (also called MAC address flooding) attacks. a result, the attacker can capture all of the frames sent from one host to another. to stop implement port security |
|
VLAN attacks |
Includes VLAN hopping and VLAN double-tagging attacks. It also includes attacks between devices on a common VLAN. |
|
DHCP attacks |
Includes DHCP starvation and DHCP spoofing attacks. |
|
ARP attacks |
Includes ARP spoofing and ARP poisoning attacks. |
|
Address spoofing attacks |
Includes MAC address and IP address spoofing attacks. |
|
STP attacks |
Includes Spanning Tree Protocol manipulation attacks. |
|
VLAN Hopping attacks |
enables traffic from one VLAN to be seen by another VLAN without the aid of a router. |
|
VLAN hopping attack can be launched in one of two ways: |
Spoofing DTP messages from the attacking host to cause the switch to enter trunking mode Introducing a rogue switch and enabling trunking. |
|
VLAN Double-tagging attack |
This can allow an attacker in specific situations to embed a hidden 802.1Q tag inside the frame. An important characteristic of the double-encapsulated VLAN hopping attack is that it works even if trunk ports are disabled, |
|
VLAN Double-tagging attack |
this type of attack is unidirectional and works only when the attacker is connected to a port residing in the same VLAN as the native VLAN of the trunk port. |
|
Mitigating VLAN Hopping Attacks |
Disable DTP Manually enable trunking Set the native vlan to something other than 1 Disable unused ports and put them in an unused vlan. |
|
PVLAN (Private VLAN) Edge feature |
ensures that there is no exchange of unicast, broadcast, or multicast traffic between PVLAN edge ports on the switch |
|
PVLAN Edge feature has the following characteristics: |
only control traffic is forwarded Forwarding behavior between a protected port and a non-protected port proceeds as usual. The default is to have no protected ports defined. |
|
There are three types of PVLAN ports: |
Promiscuous Isolated Community |
|
Promiscuous |
A promiscuous port can talk to everyone. |
|
Isolated |
An isolated port can only talk to promiscuous ports. |
|
Community |
Community ports can talk to other community and promiscuous ports. |
|
DHCP Spoofing attacks |
occurs when a rogue DHCP server is connected to the network and provides false IP configuration parameters to legitimate clients mitigated using DHCP snooping on trusted ports. |
|
DHCP Starvation attack |
DoS for connecting clients DHCP requests ip address for the whole available range. DHCP offers for all requests depleting the pool. mitigate by port security |
|
ARP Poisoning Attack |
an attacker uses ARP spoofing to redirect traffic. ARP poisoning leads to various man-in-the-middle attacks, posing a serious security threat to the network. mitigated by dynamic arp inspection |
|
ARP Spoofing attack |
a malicious user can send unsolicited ARP Replies to other hosts on the subnet with the MAC Address of the attacker and the IP address of the default gateway. mitigated by dynamic arp inspection |
|
Address Spoofing Attacks |
Spoofing attacks occur when one host poses as another to receive otherwise inaccessible data, or to circumvent security configurations. |
|
MAC address spoofing attacks |
occur when attackers alter the MAC address of their host to match another known MAC address of a target host Mitigated by configuring IP Source Guard (IPSG) |
|
IP address spoofing |
when a rogue PC hijacks a valid IP address of a neighbor, or a uses a random IP address. Mitigated by configuring IP Source Guard (IPSG) |
|
possible levels of IP traffic security filtering: Source IP address filter |
IP traffic is filtered based on its source IP address and only IP traffic with a source IP address that matches the IP source binding entry is permitted |
|
possible levels of IP traffic security filtering: Source IP and MAC address filter |
IP traffic is filtered based on its source IP address in addition to its MAC address |
|
STP port types |
Root port Designated port Alternate port |
|
Root port |
Root ports are switch ports closest to the root bridge. |
|
Designated port |
Designated ports are all non-root ports that are still permitted to forward traffic on the network. Selected on per-trunk basis all ports on root bridge are designated ports |
|
Alternate ports |
Alternate or backup ports are configured to be in a blocking state to prevent loops. selected when neither end is a root port |
|
Bridge ID made up of: |
Bridge Priority Extended System ID Mac Address |
|
STP Manipulation Attacks |
the attacking host broadcasts STP configuration and topology change BPDUs to force spanning-tree recalculations. This causes there host to become the root bridge gaining permission to traffic they would usually not see. |
|
Mitigating STP Manipulation Attacks |
PortFast BPDU Guard Root Guard Loop Guard |
|
PortFast |
PortFast immediately brings an interface configured as an access or trunk port to the forwarding state from a blocking state, bypassing the listening and learning states. |
|
BPDU Guard |
BPDU guard immediately error disables a port that receives a BPDU. |
|
Root Guard |
Root guard prevents an inappropriate switch from becoming the root bridge. |
|
Loop Guard |
Loop guard prevents alternate or root ports from becoming designated ports because of a failure that leads to a unidirectional link. |