CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources] نسخه متنی

c

c

d

e

a,d

b,e

a,d

c

c

b,c

What are some of the benefits of using a dedicated appliance for security rather than the same integrated functionality in another device?

Some of the benefits of using a dedicated appliance for security are that appliances tend to provide greater depth of functionality as well as provide for a hardened system. Although the cost is greater, the flexibility achieved through dedicated appliances is also significantly greater.

What are the two significant advantages to SAFE's use of modules in the blueprint?

The SAFE design philosophy is achieved through the use of modules. This approach has two significant advantages:

• The security relationship between the modules can be addressed.

• Modularity permits the designers to phase in security on a per-module basis rather than attempt to implement security throughout the entire network architecture in a single phase.

What is the primary method that a DDoS attack uses to achieve its effects?

The goal of a DDoS attack is to shut down an entire network rather than one particular host, and the primary method that is used to achieve this is to consume all the bandwidth going to and from the network. One possible side effect of a DDoS attack is that a target system on the network crashes.

Why do hosts represent the greatest risk on a network?

Hosts represent the greatest risk on a network because of the large number of different hardware platforms, operating systems, and applicationseach with its own set of patches and updatesand their high visibility. Hosts represent the lowest-hanging fruit on a network and are the target of choice for an attacker.

Is it important to lock down Telnet, web, or SNMP access to devices, and if so, why?

It is important to lock down all access to devices. Attackers can use Telnet access to gain access to the CLI of devices and possibly to privileged EXEC mode. The username and password of a Telnet session is passed in the clear on a network, exposing it to anyone who may be sniffing the network. If an attacker gains access to the privileged EXEC mode on devices, they can make configuration changes. Web and SNMP access should also be locked down for the same reason.

What is the role of VTP in a network? What could an attacker do with VTP? How can attacks using VTP be made less likely to succeed?

VTP is used to communicate VLAN information from a VTP server to clients. The information transmitted relates to the configured VLANs on the network. If attackers can spoof or forge VTP advertisements, they may be able to do a variety of things, such as delete VLAN information or even create new VLANs. To make such an attack less likely to succeed, the administrator needs to use VTP password authentication to authenticate VTP advertisements.

What is 802.1x? How can it be used to improve the security of a network?

The IEEE standard 802.1x was developed originally for switches on wired networks but has been more widely deployed in conjunction with wireless networks. In brief, 802.1x requires authentication of a client to a network. If the authentication succeeds, the access point or switch then allows traffic to pass through. Otherwise, the user cannot connect to network resources, such as DHCP and DNS, or any other services.

What are the four factors a software audit should consider when determining the security of an application?

Software audits should analyze several areas when determining the security of an application:

• The calls the application makes to other applications and to the operating system itself

• The application privilege level

• The application level of trust for the surrounding systems

• The method of transport the application uses to transmit data across the network