Network Hardening

studied byStudied by 0 people
0.0(0)
Get a hint
Hint

Network hardening

1 / 56

flashcard set

Earn XP

Description and Tags

CompTIA+ Network Learning

57 Terms

1

Network hardening

The process of securing a system by reducing its attack surface or vulnerabilities.

New cards
2

Patch management

The planning, testing, implementing, and auditing of software patches to fix bugs and improve security in network devices, servers, and clients.

New cards
3

Attack surface

The areas or points in a network that can be exploited by attackers to gain unauthorized access or cause harm.

New cards
4

Vulnerabilities

Weaknesses or flaws in a system that can be exploited by attackers to compromise its security.

New cards
5

Port security

A network hardening technique that involves blocking traffic on specific ports to prevent unauthorized access or data breaches.

New cards
6

VLANs

Virtual Local Area Networks that separate and isolate network traffic to enhance security and network performance.

New cards
7

Access control lists (ACLs)

Rules or filters that determine what network traffic is allowed or denied based on specific criteria, such as source IP address or port number.

New cards
8

SNMP

Simple Network Management Protocol, a protocol used to manage and monitor network devices.

New cards
9

Internet of Things (IoT)

A network of interconnected devices that can communicate and exchange data with each other.

New cards
10

Compliance

The adherence to rules, regulations, and standards set by regulatory bodies or industry best practices to ensure the security and privacy of data.

New cards
11

Firmware Management

The process of centralizing the management of resources and devices, as well as conducting firmware updates for server network interfaces and server devices.

New cards
12

Password Policy

A policy document that promotes strong passwords by specifying a minimum password length, requiring complex passwords, requiring periodic password changes, and placing limits on password reuse.

New cards
13

Two-Factor Authentication

A security measure that requires users to provide two forms of identification, typically a password and a second factor such as a fingerprint or a code from a mobile device, to gain access to a system.

New cards
14

Brute Force Attack

An attack method where an attacker tries all possible combinations of characters to guess a password, making it difficult to crack if the password is long and complex.

New cards
15

Default Password

The initial username and password set by the manufacturer for a device or system, which should be changed to enhance security.

New cards
16

Least Functionality

The process of configuring a device, server, or workstation to only provide essential services required by the user, reducing the attack surface and potential vulnerabilities.

New cards
17

Auto Secure

A command line interface command provided by Cisco Network Devices that disables unnecessary services while enabling necessary security services on network devices.

New cards
18

Switch Port

A physical interface on a switch or router that connects networking devices, which should be disabled if nothing is connected to it to enhance security.

New cards
19

Port Security

A feature that restricts access to a switchport by limiting the MAC addresses of authorized hosts that can connect to it.

New cards
20

Dynamic Learning

A method of creating a list of authorized MAC addresses on a switchport by allowing the switch to learn and add MAC addresses dynamically.

New cards
21

Private VLANs

A technique that divides a primary VLAN into secondary VLANs, restricting communication between hosts in different secondary VLANs.

New cards
22

Promiscuous Ports (P-Ports)

Switchports that connect to routers, firewalls, or gateway devices and can communicate with any port in the VLAN.

New cards
23

Isolated Ports (I-Ports)

Switchports used to connect regular hosts in an isolated VLAN, which can only communicate with Promiscuous Ports.

New cards
24

Community Ports (C-Ports)

Switchports used to connect regular hosts in a community VLAN, which can communicate with other Community Ports and Promiscuous Ports.

New cards
25

Default VLAN

The VLAN to which unassigned switchports are assigned by default, often VLAN 1.

New cards
26

Native VLAN

The VLAN to which untagged traffic is sent on a trunk port, typically the same as the default VLAN.

New cards
27

Dynamic ARP Inspection (DAI)

A security feature that validates ARP packets by checking MAC address to IP address bindings, dropping invalid packets.

New cards
28

DHCP Snooping

A DHCP security feature that inspects and filters DHCP traffic, maintaining a binding table of trusted interfaces and their corresponding MAC and IP addresses.

New cards
29

DHCP Snooping

A feature that allows differentiation between untrusted and trusted interfaces connected to a device, such as a DHCP server or switch.

New cards
30

Router Advertisement Guard (RA-Guard)

A mechanism used to mitigate attack vectors based on forged ICMPv6 router advertisement messages in IPv6 networks.

New cards
31

Control Plane Policing (CPP)

A feature that allows users to configure a quality of service filter to manage the traffic flow of control plane packets in order to protect the control plane of Cisco iOS routers and switches against denial of service and reconnaissance attacks.

New cards
32

Simple Network Management Protocol (SNMP)

A protocol used for gathering information from network devices back to a centralized management server.

New cards
33

Access Control List (ACL)

A list of permissions associated with a system or network resource that can be applied to packet filtering devices, such as routers, switches, or firewalls.

New cards
34

Access Control List (ACL)

A list of rules that determines what network traffic is allowed or denied on a firewall or router.

New cards
35

Device Agnostic

Refers to the ability of a system or exam to work with different types of devices, regardless of the manufacturer or brand.

New cards
36

Permit Statement

A rule in an ACL that allows specific network traffic to pass through based on defined criteria.

New cards
37

Implicit Deny

A default rule in an ACL that denies any network traffic that is not explicitly permitted by previous rules.

New cards
38

Wildcard Mask

A subnet mask used in ACLs to define a range of IP addresses that will be matched.

New cards
39

Equal (eq)

An operator used in ACLs to specify a specific value or condition that must be met for the traffic to be allowed.

New cards
40

Reverse Wildcard Mask

A specific format used in Cisco ACLs where zeros (0) are treated as 255 and vice versa.

New cards
41

White List

A type of access control mechanism that only allows specific items or actions that are explicitly permitted.

New cards
42

Explicit Allow

A rule in an ACL that explicitly allows specific network traffic to pass through based on defined criteria.

New cards
43

Implicit Allow

A default rule in an ACL that allows any network traffic that is not explicitly denied by previous rules.

New cards
44

Role-Based Access

A method of granting permissions and privileges to users based on their roles or job functions.

New cards
45

MAC Filtering

A security feature that allows or blocks devices from connecting to a wireless network based on their MAC addresses.

New cards
46

Explicit Allow List

A list of MAC addresses that are allowed to connect to a wireless network.

New cards
47

Implicit Allow List

A list of MAC addresses that are not allowed to connect to a wireless network.

New cards
48

Antenna Placement

The strategic positioning of wireless access points to ensure optimal coverage and security within a given area.

New cards
49

Signal Strength

The strength of the wireless signal, indicated by colors such as green, yellow, and red.

New cards
50

Antenna Placement

The strategic positioning of antennas and wireless access points to ensure proper coverage and prevent unauthorized access.

New cards
51

Wireless Client Isolation

A security feature that prevents wireless clients from communicating with each other, ensuring network privacy and security.

New cards
52

Guest Network Isolation

A type of isolation that keeps guest devices separate from the internal network, protecting sensitive data.

New cards
53

Pre-Shared Keys (PSKs)

Shared secrets used to secure wireless networks, such as WEP, WPA, WPA2, and WPA3, that must be shared ahead of time for authentication.

New cards
54

Extensible Authentication Protocol (EAP)

A protocol that acts as a framework for other authentication protocols, providing higher levels of security than pre-shared keys.

New cards
55

Geofencing

Creating a virtual fence within a physical location to restrict wireless network access to specific geographic areas.

New cards
56

Captive Portals

Webpages displayed to newly-connected users of a wireless network before granting them broader access, often used for authentication or consent.

New cards
57

IoT Device Security

Measures to secure Internet of Things (IoT) devices, including understanding vulnerabilities, tracking and managing devices, patching vulnerabilities, conducting testing and evaluation, changing default credentials, using encryption protocols, and segmenting IoT devices.

New cards

Explore top notes

note Note
studied byStudied by 30 people
... ago
5.0(1)
note Note
studied byStudied by 23 people
... ago
5.0(1)
note Note
studied byStudied by 87 people
... ago
4.0(1)
note Note
studied byStudied by 13 people
... ago
5.0(1)
note Note
studied byStudied by 10 people
... ago
5.0(1)
note Note
studied byStudied by 28 people
... ago
5.0(1)
note Note
studied byStudied by 712 people
... ago
5.0(5)

Explore top flashcards

flashcards Flashcard (83)
studied byStudied by 14 people
... ago
5.0(1)
flashcards Flashcard (70)
studied byStudied by 3 people
... ago
5.0(1)
flashcards Flashcard (175)
studied byStudied by 1 person
... ago
5.0(1)
flashcards Flashcard (54)
studied byStudied by 5 people
... ago
5.0(1)
flashcards Flashcard (50)
studied byStudied by 97 people
... ago
5.0(3)
flashcards Flashcard (40)
studied byStudied by 19 people
... ago
5.0(1)
flashcards Flashcard (91)
studied byStudied by 458 people
... ago
5.0(4)
flashcards Flashcard (193)
studied byStudied by 78 people
... ago
5.0(5)
robot