Secure Device Access

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/34

flashcard set

Earn XP

Description and Tags

Flashcards on securing device access, covering topics like edge router security, password configuration, enhanced login security, and SSH configuration.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

35 Terms

1
New cards

Edge Router

The last router between the internal network and an untrusted network, such as the internet.

2
New cards

Single Router

Connects the protected network to the internet, with all security policies configured on this device.

3
New cards

Defense-in-Depth

Employs multiple layers of security before traffic enters the protected LAN, typically including an edge router, firewall, and internal router.

4
New cards

DMZ

Area set up between two routers for servers that must be accessible from the internet.

5
New cards

Physical Router Security

Placing the router in a secure, locked room accessible only to authorized personnel, with UPS or diesel backup power.

6
New cards

Operating System Security

Upgrading the router to the maximum memory possible, using the latest stable OS version, and keeping secure backups of OS images and configuration files.

7
New cards

Router Hardening

Controlling access levels, disabling unused ports and interfaces, and disabling unnecessary services.

8
New cards

Local Access

The administrator must have physical access to the router and use a console cable to connect to the console port; typically used for initial configuration.

9
New cards

Remote Access

Involves allowing Telnet, SSH, HTTP, HTTPS, or SNMP connections to the router from a computer on the local or a remote network.

10
New cards

line console 0

Command used to enter line console configuration mode for securing user EXEC mode access.

11
New cards

password password

Command used to specify the user EXEC mode password.

12
New cards

login

Command used to enable user EXEC access.

13
New cards

enable secret password

Command used to secure privileged EXEC access.

14
New cards

line vty 0 15

Command used to enter line vty mode for securing vty lines.

15
New cards

service password-encryption

Command used to encrypt all plaintext passwords.

16
New cards

security passwords min-length length

Command used to ensure that all configured passwords are a minimum length.

17
New cards

login block-for seconds attempts number within seconds

Command used to deter brute-force password guessing attacks by blocking login attempts.

18
New cards

md5

Type 5, selects the message digest algorithm 5 (MD5) as the hashing algorithm.

19
New cards

scrypt

Type 9, selects scrypt as the hashing algorithm.

20
New cards

sha256

Type 8, selects Password-Based Key Derivation Function 2 (PBKDF2) with Secure Hash Algorithm, 256-bits (SHA-256) as the hashing algorithm.

21
New cards

Login Blocking

Detection profile that configures a network device to react to repeated failed login attempts by refusing further connection requests.

22
New cards

banner

Command used to specify appropriate messages; protects the organization from a legal perspective.

23
New cards

login block-for

Command that can defend against DoS attacks by disabling logins after a specified number of failed login attempts.

24
New cards

login quiet-mode

Command that maps to an ACL that identifies the permitted hosts.

25
New cards

login delay

Command that specifies the number of seconds the user must wait between unsuccessful login attempts.

26
New cards

login on-success and login on-failure

Commands that log successful and unsuccessful login attempts, respectively.

27
New cards

login on-success log and login on-failure log

Commands that generate syslog messages for successful and unsuccessful login attempts.

28
New cards

security authentication failure rate

Command that can be configured to generate a log message when the login failure rate is exceeded.

29
New cards

show login

Command used to verify the login block-for command settings and current mode.

30
New cards

show login failures

Command displays additional information regarding the failed attempts, such as the IP address from which the failed login attempts originated.

31
New cards

Enable SSH

Involves six steps: configure a unique device hostname, configure the IP domain name, generate a key to encrypt SSH traffic, verify or create a local database entry, authenticate against the local database, and enable vty inbound SSH sessions.

32
New cards

show ip ssh

Command used to verify the optional SSH command settings.

33
New cards

ip ssh time-out seconds

Command used to modify the default 120-second timeout interval for SSH authentication.

34
New cards

ip ssh authentication-retries integer

Command used to configure a different number of consecutive SSH retries before disconnection.

35
New cards

show ssh

Command used to verify the status of the client connections.