NSVT TEST 2

IEEE 802.1X
Click the card to flip 👆
1 / 69
Terms in this set (69)
IEEE 802.1X
Authentication framework originally designed for wired networks to provides port based network access
SSID
Associated with AP wireless devices
Split DNS
Standard design architecture; only trusted system can resolve all internal system names at the site
Log Retention System (LRS)
Currently hosted on a separated physical Dell server, running Red Hat Enterprise Linux (RHEL) 6
IPSec Protocol
VPN protocol that allows for both authentication and encryption of IP packets
IPSec Operation
"Interesting traffic" initiated the tunnel building based on policy that defines sources and destination packets
Quality of Service
VPNs cannot provides QoS for video and voice communications, or multi-gig speeds due to processing requirements
3 services types
Proxies, packet filters, and servers
Firewall Enterprise and FECC
Both firewall Enterprise and FECC systems are configured to allow remote management from authentication SOC workstations on the management network
Intrusion Prevention System (IPS)
Provides near real time strategy monitoring of live traffic flows
Inline Content Scanning (ICS)Provides inline malware protection to the network infrastructure by inspecting email, HTTP, and FTP traffic for malware and spamWhere is the router startup config storedNVRAMWhat does NCDOC do?NCDOC released IP block lists and DNS black hole list quarterlyJuniper Configuration modeAllows administrators to view and edit configuration changes without changing actual operating configurationCategory Severity CodesCAT 1: vulnerability; immediate access CAT 2: high potential of allowing access to intruders CAT 3: vulnerability provides information that could potentially lead to compromiseWhat is the VMKernel?VMKernel is the core vSphere operating system and fully dedicated to running virtual machinesFLTNOC capabilitiesEmail, Defense Information System Network (DISN), web caching, Domain Naming Service (DNS), FTP, backup and restoral, and NOC2NOC (N2N) failoverHow many LNSCs and regionals11 LNSCs and 3 regionalsINFOCON 5Normal readinessINFOCON 4Increased military vigilance; 90 days/ 60 days offlineINFOCON 3Enhanced readiness; 60 days/ 30 days offlineINFOCON 2Greater readiness; 30 days/ 15 days offlineINFOCON 1Maximum readiness; 15 days/ 15 days offlineMandatory Access Control (MAC)Sensitivity of information contained in those objects, as stated by label (hard-coded) Formal authorization of subject to access information of such sensitivityDiscretionary Access Control (DAC)Permissions placed on that object by that object owner/ controller (NOT hard-coded) Permissions based on subject and/or group identity, usually controlled by DAC lists (DACLs)Role-Based Access Control (RBAC)Restrict access based on subjects role and permissions given to that roleAuthenticationEnsure user is who they say they areCredentialEvidence given by a user attempting to verify an identificationSupplicantEntity/ user requesting identification and authentication (ie, client)AuthenticatorServer/ resource providedSecurity authoritySecurity databaseCertificateElectronic document bound with a public key with identificationMicrosoft Internet Authentication Service (IAS) ServerLeverages COMPOSE Active Directory's database for user validationWSA_RWS_QUOTAConnection refused because quota exceededFirewall logContains information about traffic handled by firewall servicenetstat -aTCP utility used to display network port connection statusScript KiddiesPeople who use tools from internetTrueFAMs generates by NCDOCTransportFirewalls at the network access layerApplication layer gatewayFilter information based on network, transportation, and application layersCircuit-levelFirewall operates at the session layer (OSI) [TVP/IP: application] Traffic flows from internal host to circuit level firewall before it's permitted or deniedInter-zoneTraffic that transverse the same zoneStateful packet filteringKeeps track of individual connections by maintaining a state table for each connection1st layer of defense for the routerPhysical2nd layer of defense for the routerStatic configuration3rd layer of defense for the routerDynamic configuration security4th layer of defense for the routerNetwork service5th layer of defense for the routerCompromise responseCisco router IOS severity level 0EMERGENCIES - router becomes unusableCisco router IOS severity level 1ALERTS - immediate action neededCisco router IOS severity level 2CRITICAL - critical conditionCisco router IOS severity level 3ERRORS - error conditionCisco router IOS severity level 4WARNINGS - warning conditionCisco router IOS severity level 5NOTIFICATIONS - normal but important eventsCisco router IOS severity level 6INFORMATIONAL - information messageCisco router IOS severity level 7DEBUGGING - debugging messageWhat does a deny on top for ACLs do?Blocks everything beneath it; badWhat do standard ACLs use?Source additionExternal gatewayWAN to WANInternal gatewayExchange routing information from LAN to LANOpen Shortest Path First (OSPF)Utilizes the shortest path and is cost effectiveCisco Discovery Protocol (CDP)Proprietary protocol that can be used only with other Cisco switches and routersTrueRouter is the first line of defenseshow sessionsShow sessionsBGP (Border Gateway Protocol)Provides inter-domain routing between autonomous systemsICMP (Internet Control Message Protocol)Ping and traceroute commandsPort SecurityProtect, restrict, and shutdownWhere should you place the extended ACL?Place the extended ACL as close as possible to the source of the traffic you want to denyFalseEmpty ACL assigned to ports will be ignored by the operating system