tcp/syn attack – use acl to allow traffic from tcp connections that were established from the...
TRANSCRIPT
• TCP/SYN Attack – use ACL to allow traffic from TCP connections that were established from the internal network and block packets from an external network that have only the SYN flag set. (DoS)
• Verify that the security policy specifies how ACLs will be implementation to support the secure processing environment.
• Consult the reference material for more thorough narrative for ACL best practices.
• Routing protocols – gathers information about available networks.
• OSPF, BGP, RIP are IETF standards• IS-IS is ISO standard• EIGRP is Cisco Proprietary
• Authenticated router updates ensure that the update messages came from legitimate sources, bogus messages are automatically discarded.
• Configure passive-interfaces to prevent update distribution.
• Review configuration to verify implementation.
• Cisco Discovery Protocol (CDP) – Cisco proprietary protocol, provides the capability for sharing system information between Cisco products
• If this information is not required for operational needs, then it should be disabled.
• Review config to verify that CDP is disabled.
• Port Security – no security by default.
• All switch ports or interfaces should be secured before the switch is deployed.
• If port not being used, configure shutdown.
• MAC addresses are learned dynamically by default and not saved in config file.
• Static entries are manually entered for each port and saved in the running configuration.
• Sticky entries are similar to static entries except they are dynamically learned and are saved in the config.
• Each active port can be restricted by a maximum MAC address count with an action selected for any violations.
• Verify that policy establishes minimum security requirements for port security.
• Verify that unused ports are disabled.
• Verify that active ports are restricted by a maximum MAC address count.
• Verify that the action selected for any violations is based on established policy requirements.
• A Virtual Local Area Network (VLAN) is a broadcast domain configured in the switch.
• All members of a VLAN are grouped logically into the same broadcast domain independent of their physical location.
• Routing is required for communication among members of different VLANs.
• Cisco switches use VLAN 1 as the default VLAN to assign to their ports, including the management ports.
• Protocols such as CDP and VTP, need to be sent on a specific VLAN, VLAN 1.
• VLAN 1 may span the entire network
• Provides attackers easier access and extended reach for their attacks.