AP Networking Unit 3

What does the CIA triad stand for?

Confidentiality (protection of private information), Integrity (authenticity of data), Availability (reliable accessibility of data and services)

What is MAC spoofing?

When a device uses software to mask its original MAC address to impersonate another device on the network, potentially bypassing access controls or intercepting traffic

What is MAC flooding?

Sending many frames with different source MAC addresses to overflow the switch's CAM table, causing it to enter fail-open state and broadcast all traffic to all ports

What are four signs of MAC spoofing or MAC flooding?

1) Duplicate IP addresses, 2) Unknown MAC addresses, 3) Multiple MAC addresses on a single port, 4) Frequent MAC address changes on a port

How does port security prevent MAC flooding?

Limits the number of MAC addresses allowed on a physical port or specifies exactly which MAC addresses are permitted; traffic from unauthorized addresses is dropped

What happens when you set an unused switch port to "down"?

All traffic from that port is dropped, preventing unauthorized devices from physically connecting to the network through unused ports

What is a VLAN?

Virtual Local Area Network - segments devices connected to a switch into separate logical LANs for improved security and performance

What are three benefits of VLANs?

1) Increased security by isolating sensitive data, 2) Increased performance by reducing broadcast traffic, 3) Simplified network management and troubleshooting

How do VLANs improve network performance?

Broadcast messages are limited to specific VLANs rather than the entire network, reducing broadcast traffic and network congestion

What are the three steps to create and configure VLANs?

1) Determine segmentation plan (which devices belong together), 2) Create VLANs on the switch, 3) Assign devices to designated switch ports

What is the principle of least privilege?

A security principle that restricts user access to only the minimum levels necessary for their job function

What are the three categories of security controls?

Physical controls (locks, cameras, fencing), Managerial controls (policies, procedures, training), Technical controls (firewalls, encryption, network segmentation)

What is the difference between preventative, detective, and corrective controls?

Preventative stops attacks before they happen (firewalls), Detective identifies when attacks occur (IDS/IPS), Corrective addresses impacts after incidents (backups, patches)

Give three examples of preventative controls

1) Firewalls, 2) Card readers, 3) Password requirements, 4) Locks

Give three examples of detective controls

1) Intrusion Detection Systems (IDS), 2) Intrusion Prevention Systems (IPS), 3) Security Information and Event Management (SIEM), 4) Security cameras

Give two examples of corrective controls

1) Backups, 2) Software patches

What is a firewall?

A barrier between devices and networks that monitors and controls network traffic, admitting or denying traffic entry into a network or host

What is the difference between host-based and network-based firewalls?

Host-based protects a single device, Network-based protects an entire network

What is the difference between stateless and stateful firewalls?

Stateless filters based on packet headers (IP, ports, protocols), Stateful tracks connection states and makes decisions based on session context

What additional features does a Next-Generation Firewall (NGFW) provide?

Intrusion prevention, deep packet inspection, and traffic filtering by application type (in addition to stateless/stateful capabilities)

What is network segmentation?

Dividing a network into smaller segments/subnets to isolate devices and data, limit traffic, and create different security zones

What environmental threats should network security address?

Loss of power, extreme temperatures, humidity, fire, earthquakes, floods, natural disasters

What controls mitigate power loss threats?

UPS (Uninterruptible Power Supply) and backup generators

What controls mitigate fire threats?

Fire suppression systems

What controls mitigate temperature and humidity threats?

Ventilation, climate control, and humidity control systems

Name three external physical security controls

1) Fencing, 2) Security cameras, 3) Security guards

Name three internal physical security controls

1) Locks on doors, 2) Server cabinet locks, 3) Card readers, 4) Access control vestibules

What is a rogue DHCP server attack?

An unauthorized DHCP server on the network that assigns malicious IP configurations to clients, potentially redirecting traffic or causing DoS

What information can an attacker control with a rogue DHCP server?

Default gateway (MitM), DNS servers (traffic redirection), IP addresses (DoS), subnet masks

What is ARP spoofing?

Sending fraudulent ARP messages to associate the attacker's MAC address with another device's IP address (like the gateway) to intercept traffic

What is ARP poisoning?

Corrupting the ARP cache with false MAC-to-IP mappings, redirecting traffic to the attacker

What is the difference between spoofing and poisoning?

Spoofing is impersonation (pretending to be someone else), Poisoning is corrupting cached/stored data with false information

What is DNS poisoning?

Corrupting a DNS cache with false domain-to-IP mappings, redirecting users to malicious sites

What is OSPF?

Open Shortest Path First - a link-state routing protocol that uses cost metric based on bandwidth and supports hierarchical design with areas

What is EIGRP?

Enhanced Interior Gateway Routing Protocol - an advanced distance-vector protocol that uses composite metrics (bandwidth, delay, reliability, load)

What type of routing protocol is OSPF?

Link-state protocol

What type of routing protocol is EIGRP?

Advanced distance-vector protocol

Is EIGRP proprietary?

Originally Cisco proprietary, but became an open standard in 2013

What metric does OSPF use?

Cost metric based on bandwidth

What metrics does EIGRP use?

Composite metric using bandwidth, delay, reliability, and load (configurable weights)

What is RBAC?

Role-Based Access Control - assigns permissions to roles rather than individuals; users inherit permissions from their assigned role

Why should default credentials be changed on network devices?

Default credentials are often publicly known or standardized, making devices vulnerable to unauthorized access

Why is keeping firmware and software updated important?

Updates often include performance fixes and patches for known vulnerabilities

What is a virtual machine sandbox?

An isolated environment used to safely test new software or open suspicious files without risking the physical device or other virtual instances

What does setting a switch port to "up" vs "down" mean?

Up = device can pass network traffic through that port, Down = all traffic from that port is dropped

What is port security on a switch?

Feature that limits the number of MAC addresses on a port or specifies which specific MAC addresses are allowed

What is the CAM table on a switch?

Content Addressable Memory table that stores MAC address to port mappings for forwarding decisions

What happens when a switch's CAM table is full (fail-open state)?

The switch broadcasts all traffic to all ports like a hub, allowing potential traffic interception

What is an access control vestibule?

A security feature with two sets of doors where the first must close before the second opens, ensuring only authorized personnel enter sensitive areas

What are strong password requirements an example of?

Managerial control (also preventative control)