1.Name two protocols which encrypt data at the application and network layer with an explanation.
SSL protocol encrypts data at the application layer. It is used by application layer protocols like https, secure-ftp etc. IPSEC is a protocol which is used for encrypting data at the network layer. IPSEC is used by VPN’s for encrypting data over public networks like internet.
2.What technology can be used for protection against flooding attacks
IDS / IPS solutions can be used for providing protection against the same.
3.Do FTP servers send passwords or data in clear text
FTP is an insecure protocol. It does not provide encryption. It sends both passwords and data in clear text.
4.Name one protocol which can be used in lieu of telnet for secure remote access
SSH
5.What feature on a router can be used for blocking unauthorized websites
SSH
5.What feature on a router can be used for blocking unauthorized websites
URL filtering feature, available on routers can be used for the purpose.
6.How does a cam flood attack work
In a cam flood attack, the attacker sends numerous frames to a switch port with random mac-addresses. The goal of the attacker is to fill the cam table of the switch and make it overflow. When the cam table overflows, the switch would behave like a hub and start broadcasting frames to all ports on the switch.
7.At which layer of the OSI model, does the WEP protocol encrypt data
The WEP protocol is used for encrypting data in the frames. It works at Layer 2 of the OSI model.
8.What feature can be configured on a switch to prevent rogue DHCP server attacks?
DHCP Snooping is a feature which can be configured to prevent rogue DHCP server attacks.
DHCP Snooping is a feature which can be configured to prevent rogue DHCP server attacks.
9.Which feature on a firewall can be configured to defend against IP spoofing attacks.
Access control lists can be used as a defense against IP spoofing attacks.
10.Name two attacks which are targeted on FTP servers.
FTP protocol transmits data in clear text. This makes it possible to eavesdrop communication between a FTP client and a FTP server and retrieve confidential information like username and passwords. FTP servers use username and password combination for authentication. A weak password policy makes it vulnerable to brute force attacks.
11.Which security feature on a switch can be used as a defense for cam flooding attacks.
In a cam flooding attack, the goal of the attacker is to fill up the mac-address table of the switch by generating frames with different source mac-addresses. As a defense, port- security feature can be configured on a switch port, which can be used to limit the number of allowed mac-addresses on a switch port.
12.Name two tools which can be used to create custom packets.
Nmap and Scapy.
13.An organization uses a Cisco router for routing between its internal networks. What feature on the router can be used to block access specifically between two internal networks?
Extended access control lists can be configured for blocking access between internal networks. With an extended access control list, the source and destination IP network subnets can be specified.
14.Name one security limitation with Rip v1 and how it is improved with Rip v2.
Rip v1 does not use authentication. This makes it vulnerable to route poisoning attacks. An attacker can craft custom Rip v1 packets and corrupt the routing table. In Rip v2, authentication is provided by having MD5 based password authentication.
No comments:
Post a Comment