لطفا منتظر باشید ...
Foundation Summary
The "Foundation Summary" section of each chapter lists the most important facts from the chapter. Although this section does not list every fact from the chapter that will be on your CCSP exam, a well-prepared CCSP candidate should at a minimum know all the details in each "Foundation Summary" section before taking the exam.The five primary axioms of SAFE are listed next along with recommendations for how to mitigate some of the attacks against them:
- Routers are targets.
- - Lock down Telnet access to routers.
- - Lock down SNMP access to routers.
- - Control access to routers through the use of TACACS+.
- - Turn off unneeded services.
- - For routing protocols, consider using an authentication method to ensure that the routing updates are valid.
- Switches are targets.
- - Always use a dedicated VLAN ID for all trunk ports.
- - Avoid using VLAN 1 for management.
- - Set all user ports to nontrunking mode.
- - Deploy port security where possible for user ports.
- - Devise a plan for the ARP security issues in your network. Enable Spanning Tree Protocol attack mitigation.
- - Use private VLANs where appropriate.
- - Use CDP only where appropriate.
- - Disable all unused ports and put them in an unused VLAN.
- - Use VTP.
- - Use Layer 2 port authentication such as 802.1x.
- Networks are targets.
- - Employ RFC 1918 and RFC 2827 filtering to reduce the impact of DDoS attacks that employ IP address spoofing.
- - Communicate with the ISP to ensure that it applies traffic rate limits and QoS features on the outbound link of its router.
- Hosts are targets.
- - Keep systems up to date with patches and updates.
- - Turn off unnecessary services.
- - Ensure users use passwords that can't be guessed, by periodically testing them.
- - Minimize access to the system by limiting user accounts to only those who need to access a given system.
- - Install host-based intrusion prevention software.
- Applications are targets.
- - Analyze the calls that an application makes to other applications and to the operating system itself.
- - Analyze the application privilege level.
- - Identify the level of trust the application has for the surrounding systems.
- - Analyze the method of transport the application uses to transmit data across the network.
- - Install host-based intrusion prevention software.
