CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources] - نسخه متنی

Tebyan

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید





  • Foundation Summary


    The "Foundation Summary" section of each chapter lists the most important facts from the chapter. Although this section does not list every fact from the chapter that will be on your CSI exam, a well-prepared CSI candidate should at a minimum know all the details in each "Foundation Summary" section before taking the exam.

    Table 10-3 shows a summary of the common network management protocols used, their function, and communication ports used in network management.

    Table 10-3. Network Protocol Summary

    Protocol

    Security Features

    Function

    Ports

    Secure Socket (SSH)

    SSH encrypted payload, password authentication

    Remote access

    TCP port 22

    Secure Sockets Layer (SSL)

    SSL encrypted payload, password authentication

    Remote access

    TCP port 443

    Telnet

    Telnet clear text, password authentication

    Remote access

    TCP port 23

    System Log (syslog)

    Clear text, no authentication

    Reporting and logging

    UDP port 514

    Simple Network Management Protocol (SNMP)

    Community string protected (password), clear text until version 3.0.

    Network monitoring and control

    UDP port 161

    UDP port 162

    Trivial File Transfer Protocol (TFTP)

    No password protection, clear text

    File management

    UDP port 69

    Network Time Protocol (NTP)

    Cryptographic authentication from version 3 and later

    Time synchronization

    UDP 123

    Good design follows these guidelines:

    • You should always use out-of-band management in preference to in-band management because it provides the highest level of security. However, for a cost-effective security deployment, you might have to use in-band management.

    • Where management traffic flows in-band, you need to place more emphasis on securing the transport of the management protocols. Consequently, you need to make this transport as secure as possible by using a secure tunneling protocol, such as IPSec, when using insecure management protocols such as Telnet and TFTP.

    • Encrypt TFTP traffic within an IPSec tunnel wherever possible to reduce the chance of it being intercepted.

    • Unless you are using SNMPv3, it is recommended that you use SNMP read-only community strings. Also, restrict device access to only the management consoles by use of SNMP access control.

    • To mitigate against NTP attacks, it is recommended that you use version 3 cryptographic authentication and implement ACL restrictions to NTP synchronization peers.

    • If a device that requires management resides outside the network, you should use an IPSec tunnel to manage that device. This tunnel should originate from the management network and terminate directly on the device.

    • You should use ACLs at all times to restrict access to management information. Any attempt from a nonmanagement address should be denied and logged.

    • Enable RFC 2827 filtering, where appropriate, to prevent an attacker from spoofing management addresses.

    • Where you cannot secure management data due to device limitations, always be aware of the potential for data interception and falsification.



  • / 290