-
Intrusion Detection System (IDS)
Provides real-time detection of certain types of attacks while they are in progress
-
Intrusion Prevention System (IPS)
Devices enable the detection of malicious activity and have the ability to automatically block the attack in real-time
-
-
3 Components of Information Security
- Confidentiality
- Integrity
- Availability
-
Wardriving
Users gain unauthorized access to networks via wireless access points
-
10 best practices to mitigate attacks
- Keep patches up-to-date
- shut down unnecessary ports and services
- use strong passwords and change them often
- control physical access to systems
- avoid unnecessary web page inputs
- perform backups and test the backups
- educate employees about the risks of social engineering
- encrypt and password protect sensitive data
- implement security hardware and software
- develop a written security policy
-
3 NFP Functional Areas
- Control Plane
- Management Plane
- Data Plane
-
Data Plane Definition and Protocols
Responsible for forwarding data
-
Control Plane Definition and Protocols
- Responsible for routing data correctly
- ARP, OSPF
-
Management Plane Definition and Protocols
- Responsible for managing network elements
- Telnet, SSH, TFTP, FTP, NTP, AAA, SNMP
-
Control Plane Security
- Cisco AutoSecure
- Routing Protocol Authentication
- Control Plane Policing (CoPP)
-
Management Plane Security
- Login and password policy
- present legal notification
- ensure the confidentiality of data
- role-based access control (RBAC)
- Authorize actions
- Enable management access reporting
-
Data Plane Security
- ACLs
- Antispoofing
- Layer 2 security features
|
|
