Networking Security Configuration: Best Practices and Command Examples, Exams of Computer Science

A comprehensive overview of essential networking security configurations, including best practices and command examples for cisco devices. It covers topics such as disabling unnecessary services, securing dhcp and arp protocols, and implementing access control measures. Valuable for students and professionals seeking to enhance network security and mitigate potential vulnerabilities.

Typology: Exams

2023/2024

Available from 11/11/2024

BESTOFLUCK
BESTOFLUCK 🇺🇸

3.9

(10)

4.5K documents

1 / 4

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Networking-Annex D Lesson 2 Notes | Actual Questions and Answers Latest
Updated 2024/2025 (Graded A+)
Do Not Allow Negotiations Commands - ✔✔SW3(config)# int g 1/0/1
SW3(config-if)# sw mode access
SW3(config-if)# sw access vlan 10
SW3(config-if)# sw nonegotiate
SW3(config-if)# no shut
SW3(config)#int g 0/2
SW3(config-if)# sw mode trunk
SW3(config-if)# sw trunk native vlan 50
SW3(config-if)# sw nonegotiate
SW3(config-if)# no shut
Cisco Discovery Protocol (CDP) - ✔✔Provides a mechanism for the management system to automatically
learn about devices connected to the network. Network devices periodically advertise their own
information to a multicast address on the network
Link Layer Discovery Protocol (LLDP) - ✔✔-Allows interworking between vendor equipment
-Single, standardized discovery protocol
Disable CDP & LLDP Commands - ✔✔SW3(config)# int g 1/0/24
SW3(config-if)# no cdp enable
SW3(config-if)# no lldp enable
DHCP Snooping - ✔✔Security feature that acts like a firewall between untrusted hosts and trusted DHCP
servers.
. Validates DHCP messages received from untrusted sources and filters out invalid messages.
pf3
pf4

Partial preview of the text

Download Networking Security Configuration: Best Practices and Command Examples and more Exams Computer Science in PDF only on Docsity!

Networking-Annex D Lesson 2 Notes | Actual Questions and Answers Latest

Updated 2024/2025 (Graded A+)

Do Not Allow Negotiations Commands - ✔✔SW3(config)# int g 1/0/ SW3(config-if)# sw mode access SW3(config-if)# sw access vlan 10 SW3(config-if)# sw nonegotiate SW3(config-if)# no shut SW3(config)#int g 0/ SW3(config-if)# sw mode trunk SW3(config-if)# sw trunk native vlan 50 SW3(config-if)# sw nonegotiate SW3(config-if)# no shut Cisco Discovery Protocol (CDP) - ✔✔Provides a mechanism for the management system to automatically learn about devices connected to the network. Network devices periodically advertise their own information to a multicast address on the network Link Layer Discovery Protocol (LLDP) - ✔✔-Allows interworking between vendor equipment

  • Single, standardized discovery protocol Disable CDP & LLDP Commands - ✔✔SW3(config)# int g 1/0/ SW3(config-if)# no cdp enable SW3(config-if)# no lldp enable DHCP Snooping - ✔✔Security feature that acts like a firewall between untrusted hosts and trusted DHCP servers. . Validates DHCP messages received from untrusted sources and filters out invalid messages.

· Rate-limits DHCP traffic from trusted and untrusted sources. · Builds and maintains a binding database, which contains information about untrusted hosts with leased IP addresses. · Utilizes a binding database to validate subsequent requests from untrusted hosts. Dynamic ARP Inspection (DAI) - ✔✔-Validates ARP packets in a network

  • Intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings
  • This capability protects the network from some man-in-the-middle attacks
  • Determines the validity of an ARP packet based on valid IP-to-MAC address bindings stored in a trusted database, the DHCP snooping binding database DHCP Snooping Commands - ✔✔SW3(config)# ip dhcp snooping SW3(config)# ip dhcp snooping vlan 10,20, SW3(config)# Exit SW3(config)# interface fastethernet (Port Number) SW3(config)# ip dhcp snooping trust Commands that disable HTTP & HTTPS - ✔✔R1(config)# no ip http server R1(config)# no ip http secure-server Disable Domain Name Service (DNS) Command - ✔✔R1(config)# no ip domain-lookup Disable Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) Commands - ✔✔R1(config)# no service tcp-small-servers R1(config)# no service udp-small-servers Disable Finger service command - ✔✔R1(config)# no ip finger UNIX Finger Protocol - ✔✔Allows a user to view other active users.

R1(config-if)# no ip mask-reply Limit Connection Time Command - ✔✔R1(config)# exec-timeout minutes seconds Retry Count Command - ✔✔R1(config)# ip ssh authentication-retries 3 Timer for Authentication Inactivity Command - ✔✔R1(config)# ip ssh time-out 60