Term
| What are application layer attacks? |
|
Definition
| FTP, HTTP. Look for holes within software. |
|
|
Term
|
Definition
| Running scans on a computer that can give vital information regarding the network |
|
|
Term
|
Definition
| Denial of Service/Distributed Denail of Service:Flooding the networks resources...making it unaviable |
|
|
Term
|
Definition
| PC Sends of a SYN Connection and gets a ACK response back. Victim Machine is then flooded with SYN ACK Packets and goes down. |
|
|
Term
|
Definition
| Send repetitive max size of pings to a machine. Max ping size is 65,536. |
|
|
Term
|
Definition
| Attacker uses an Address within network scope or a trusted outside address to penitrate the system |
|
|
Term
| What are Man In the Middle Attacks? |
|
Definition
| Steals data intented for a trusted endpoint |
|
|
Term
| What is Network Reconnaissance? |
|
Definition
| Gather information about the network through port scans, dns queries and ping sweeps. |
|
|
Term
| What are the features of a CISCO Firewall? |
|
Definition
Firewall inspection engine
Intrusion Detection
Firewall voice traversal
ICMP Inspection
Authentication Proxy
Destination URL management
Per User Firewalls
Dynamic Port Mapping |
|
|
Term
| How many Access Lists can be applied on one interface? |
|
Definition
| One Access list per interface per protocol per direction. Max of two. One for outbound one for inbound. |
|
|
Term
| Where should more specific lists be located? |
|
Definition
| Top of the access list chain |
|
|
Term
| Where are new access lists placed when they are added? |
|
Definition
| At the bottom of the Access list chain. |
|
|
Term
| What is required at the end of a list to prevent all traffic from being dropped? |
|
Definition
|
|
Term
| What traffic can an access list not filter in regards to a router? |
|
Definition
| Information originated from the router |
|
|
Term
| Where should standard access lists be placed? |
|
Definition
| Close to the destination. |
|
|
Term
| Where should extended access lists be placed? |
|
Definition
|
|
Term
| What are the 4 rules to use when configuring ACL's for the internet |
|
Definition
Deny address from internal network
Deny local host address (127.0.0.0/8)
Deny reserved private addresses
Deny any IP Address int he IP Multicast range(224.0.0.0/4) |
|
|
Term
| Do Standard ACL's filter by destination or source |
|
Definition
|
|
Term
| What is the command to deny a host access to telnet access to a router |
|
Definition
router(config)#access-list 50 permit 172.16.10.3
router(config)#line vty 0 4
router(config-line)#access-class 50 in |
|
|
Term
| What does the eq stand for when configuring an extended access list |
|
Definition
|
|
Term
| What is the command to create a named ACL? |
|
Definition
| ip access-list standard ThisThat |
|
|
Term
| What is a switch port ACL? |
|
Definition
| An ACL that can be applied to layer two switches. They use Source and Destination MAC Addresses to filter packets |
|
|
Term
| What is the command to create a named layer two ALC and deny any host to a MAC Address. |
|
Definition
switch(config)#mac access-list extended thisthat
switch(config-ext-macl)#deny any host xxxx.xxxx.xxxx
switch(config-ext-macl)#permit any any
switch(config)#int fa0/6
switch(config-if)#mac address-group thisthat |
|
|
Term
| What is a time based ACL? |
|
Definition
| An ACL that is configured to used during a certain time period. |
|
|
Term
| What is a remark as in conjunction with ACL's |
|
Definition
| They can be used to describe the ACL. |
|
|
Term
| What is an example of a configured acl with a remark |
|
Definition
| router(config)#remark Deny all of Sales from Telnetting |
|
|
Term
|
Definition
| Control Based Access Control:It inspects all traffic entering through a firewall. |
|
|
Term
| What are IP Inspect lists? |
|
Definition
| Works in conjuntion with CBAC and allows return traffic to enter through the firewall. |
|
|
Term
| What does the show access-list command show? |
|
Definition
| It shows all access lists configured on the router. |
|
|
Term
| What does the command show access-list 110 command show? |
|
Definition
| Shows only the paramters of ACL 110. It does not show the interface it is attached to. |
|
|
Term
| What does the show ip access-list show? |
|
Definition
| Shows all the IP Access-lists configured on the router |
|
|
Term
| Which command will show which interfaces ACL's are configured on |
|
Definition
|
|
Term
| What is the command to create an access list that will allow only HTTP traffic into network 196.15.7.0? |
|
Definition
| access-list 100 permit tcp any 196.15.7.0 0.0.0.255 eq www |
|
|
Term
| What is the command to create an ACL that will deny all telnet connections yo only network 192.168.10.0 |
|
Definition
| access-list 100 deny tcp any 192.168.10.0 0.0.0.255 eq 23 |
|
|
Term
| What is the command to deny FTP traffic from 200.200.10.0 to 200.199.11.0 but allow everything else. |
|
Definition
| access-list 100 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp |
|
|
