2204 D.bookmark

APPENDIX D
Memory Tables
Chapter 1
Table 1-2 Government and Military Data Classification Example
Data Category Description
Unclassified
Sensitive but
unclassified (SBU)
Confidential
Secret
Top-secret
Table 1-4 Data Classification Characteristics

Characteristic Description
Value
Age
Useful life
Personal association
3 Appendix D: Memory Tables
Table 1-5 Types of Hackers

Type of “Hacker” Description
White hat hacker
Black hat hacker
Gray hat hacker
Phreaker
Script kiddy
Hacktivist
Computer security
hacker
Academic hacker
Hobby hacker
Chapter 1 4
Table 1-6 Defending Against Different Classes of Attacks

Attack Class Primary Layer of Defense Secondary Layer of Defense
Encryption Applications with integrated security
Firewall at the network edge HIPS
Protecting against Authentication
unauthorized physical
access
Protecting against Video monitoring systems
unauthorized physical
access
Secured software Real-time software integrity
distribution system checking
Table 1-7 Types of IP Spoofing Attacks

Type of Attack Description
Nonblind spoofing
Blind spoofing
Table 1-8 Confidentiality Attack Strategies

Tactic Description
Packet capture
Ping sweep and

port scan
Dumpster diving
Electromagnetic
interference
(EMI)
interception
Wiretapping
Social
engineering
Sending
information over
overt channels
Sending
information over
covert channels
Chapter 2 6
Chapter 2
Table 2-2 Operations Security Recommendations
Recommendation Description
Separation of duties
Rotation of duties
Trusted recovery
Configuration and
change control
Table 2-3 Disruption Categories

Disruption Description
Nondisaster
Disaster
Catastrophe
Table 2-4 Backup Sites

Site Description
Hot site
Warm site
Cold site
Table 2-5 Annualized Loss Expectancy Factors

Factor Description
Asset value (AV)
Exposure factor (EF)
Annualized rate of
occurrence (ARO)
Chapter 2 8
Table 2-6 Components of a Security Awareness Program

Component Description
Awareness
Training
Education
Table 2-7 Cisco Self-Defending Network Core Characteristics

Characteristic Description
Integrated
Collaborative
Adaptive
Table 2-8 Examples of Cisco Security Products

Product Description
Cisco IOS router
Cisco ASA 5500

series security
appliance
Cisco PIX 500

series security
appliance
continues
Table 2-8 Examples of Cisco Security Products (Continued)
Cisco 4200 series

IPS appliances
Cisco Security
Agent (CSA)
Cisco Secure
Access Control
Server
Cisco Catalyst
6500 series switch
and Cisco 7600
series router
modules
Cisco Router and
Security Device
Manager (SDM)
Chapter 3
Table 3-2 IOS Security Features
Feature Description
Stateful firewall
Intrusion
Prevention System
VPN Routing and

Forwarding-aware
(VRF-aware)
firewall
Chapter 3 10
Table 3-2 IOS Security Features (Continued)

Feature Description
Virtual private
networks
Table 3-7 Passwords Configured During the SETUP Script

Password Type Description
Enable secret
password
Enable password
vty password
Table 3-8 Cisco IOS Resilient Configuration Steps

Step Description
Step 1: Enable image
resilience
Step 2: Secure the

boot configuration
Step 3: Verify the

security of the
bootset
Table 3-11 Cisco SDM Wizards

Cisco SDM Wizard Description
Interfaces and Connections
Firewall and ACL
continues
Table 3-11 Cisco SDM Wizards (Continued)
VPN
Security Audit
Routing
NAT
Intrusion Prevention
Quality of Service
NAC
Chapter 4
Table 4-2 AAA Commands to Secure Administrative and Remote LAN Access
Network Access AAA Command
Access Type Mode Mode Server Ports Element
Remote
administrative
access
Remote network
access
Chapter 4 12
Table 4-3 AAA Authentication Commands

Command Description
aaa authentication
arap
aaa authentication
banner
aaa authentication
enable default
aaa authentication
fail-message
aaa authentication
local-override
aaa authentication
login
aaa authentication
nasi
aaa authentication
password-prompt
aaa authentication
ppp
aaa authentication
username-prompt
Table 4-4 aaa authentication login Command Elements

Command Element Description
default
list-name
method
Table 4-5 aaa authorization Command Elements

Command
Element Description
network
exec
commands
Chapter 4 14
Table 4-5 aaa authorization Command Elements (Continued)

Command
Element Description
level
reverse-access
configuration
default
list-name
method
Table 4-6 aaa accounting Command Elements

auth-proxy
system
network
exec
connection
continues
Table 4-6 aaa accounting Command Elements (Continued)

commands level
default
list-name
vrf vrf-name
start-stop
stop-only
none
broadcast
group group-name
Table 4-7 Ports Used by Cisco Secure ACS for Client Communication
Feature Protocol Port(s)
RADIUS authentication authorization
RADIUS accounting
TACACS+
Cisco Secure ACS database replication
RDBMS synchronization
User-changeable password web application
Logging
Chapter 4 16
Table 4-7 Ports Used by Cisco Secure ACS for Client Communication (Continued)
Feature Protocol Port(s)
Administrative HTTP port for new sessions
Administrative HTTP port range
Table 4-8 Comparison of RADIUS and TACACS+

Topic TACACS+ RADIUS
Packet delivery
Packet
encryption
AAA support
Multiprotocol
support
Router
management
Responses
Table 4-9 Commonly Used AAA Configuration Commands

Command Description
aaa new-model
tacacs-server host
ip-address single-
connection
tacacs-server key
key
Table 4-10 aaa authentication login Parameters

Parameter Description
default
list-name
group group-name
group radius
group tacacs+
method2
method3
method4
Chapter 5 18
Chapter 5
Table 5-2 Cisco IOS Features
IOS Feature Description
Bootstrap protocol
(BOOTP) server
Cisco Discovery
Protocol (CDP)
Configuration
autoloading
FTP server
TFTP server
Network Time Protocol

(NTP)
Packet Assembler/
Disassembler (PAD)
TCP/UDP minor
services
Maintenance Operation
Protocol (MOP)
Simple Network
Management Protocol
(SNMP)
HTTP/HTTPS
configuration and
monitoring
Domain Name Service
(DNS)
Internet Control
Message Protocol
(ICMP) redirects
IP source routing
Finger service
ICMP unreachable
notifications
continues
Table 5-2 Cisco IOS Features (Continued)

IOS Feature Description
ICMP mask
IP identification service
TCP keepalives
Gratuitous ARP
Proxy ARP
IP-directed broadcast
Table 5-3 Methods for Locking Down a Cisco Router

Method Configuration
AutoSecure
Cisco SDM One-

Step Lockdown
Table 5-4 Syslog Severity Levels

Level Name Description
0 The most severe error conditions, which render the system
unusable
1 Conditions requiring immediate attention
2 A less severe condition as compared to alerts, which should
be addressed to prevent an interruption of service
3 Notifications about error conditions within the system that
do not render the system unusable
Chapter 5 20
Table 5-4 Syslog Severity Levels (Continued)

Level Name Description
4 Notifications that specific operations failed to complete
successfully
5 Nonerror notifications that alert an administrator about state
changes within a system
6 Detailed information about the normal operation of the
system
7 Highly detailed information (for example, information about
individual packets) that is typically used for troubleshooting
purposes
Table 5-5 Components of an SNMPv1 and SNMPv2c Network Management Solution

SNMP manager
SNMP agent
Management
Information Base
(MIB)
Table 5-6 Security Models and Security Levels Supported by Cisco IOS
Security Authentication
Model Security Level Strategy Encryption Type
SNMPv1
SNMPv2c
SNMPv3
Chapter 6
Table 6-2 Root Guard Versus BPDU Guard
STP Attack
Mitigation Method Description
Root Guard
BPDU Guard
Table 6-3 PVLAN Ports

PVLAN Ports Category Description
Promiscuous
Isolated
Community
Table 6-4 IEEE 802.1x Hardware Components

Supplicant
Authenticator
Authentication
server
Chapter 7 22
Table 6-5 IEEE 802.1x Port Authorization Options

This option, which is the default setting, causes the port to
immediately go into the authorized state, without
participating in 802.1x.
This option causes a switch port to remain in the unauthorized
state, regardless of a supplicant’s attempts to authenticate.
This option causes a switch port to be in the unauthorized
state by default. In this unauthorized state, the switch port
does not pass user data. However, in this mode, as soon as a
switch port’s link state transitions to up, the port sends an
EAP message to the attached device, requesting the identity of
the device. The switch uniquely identifies this attached device
by the device’s MAC address and forwards authentication
messages sent from the attached device to the RADIUS
server. As soon as the attached device logs off, the port returns
to the unauthorized state.
Chapter 7
Table 7-2 Cisco Security Elements
Cisco Security Element Description
Endpoint protection
Cisco Network Admission

Control (NAC)
Network infection
containment
Table 7-3 Basic Security Services Provided to Applications by Operating Systems

Basic Security
Service Description
Trusted code
Trusted path
Privileged context of
execution
Process memory
protection and
isolation
Access control to
resources
Table 7-4 Techniques for Protecting Endpoints from Operating System Vulnerabilities
Protection Technique Description
Least-privilege concept
Isolation between
processes
Chapter 7 24
Table 7-4 Techniques for Protecting Endpoints from Operating System Vulnerabilities (Continued)
Protection Technique Description
Reference monitor
Small, verifiable pieces

of code
Table 7-5 Anatomy of a Worm Attack

Facet of the Worm Attack Description
Enabling vulnerability
Propagation mechanism
Payload
continues
Table 7-5 Anatomy of a Worm Attack (Continued)

Facet of the Worm Attack Description
Probe phase
Penetration phase
Persist phase
Propagate phase
Paralyze phase
Chapter 7 26
Table 7-7 General Categories of the Cisco NAC Product

NAC Category Description
NAC framework
Cisco NAC
Appliance (Cisco
Clean Access)
Table 7-8 Architectural Components of the Cisco Security Agent

Management Center
for Cisco Security
Agents
Cisco Security
Agent
Table 7-9 Cisco Security Agent Interceptors

Interceptor Description
File System
Interceptor
Network
Interceptor
Configuration
Interceptor
Execution Space
Interceptor
Chapter 8
Table 8-2 SAN Transport Technologies
SAN Transport
Technology Description
Fibre Channel
iSCSI
FCIP
Chapter 9 28
Table 8-3 Classes of SAN Attacks

Class of SAN Attack Description
Snooping
Spoofing
Denial of service (DoS)
Chapter 9
Table 9-2 VoIP Components
IP phone
Call agent
Gateway
Gatekeeper
Multipoint
Control Unit
(MCU)
Application
server
Videoconference
station
Voice-enabled
switch
Table 9-3 VoIP Protocols

Protocol Description
H.323
MGCP
H.248
SIP
SCCP
RTP
RTCP
SRTP
Chapter 9 30
Table 9-4 Common VoIP Attack Targets

Attack Description
Accessing VoIP
resources without
appropriate
credentials
Gleaning information
from unsecured VoIP
network resources
Launching a denial-
of-service (DoS)
attack
Capturing telephone
conversations
Table 9-5 Examples of Attacks Targeting Voice Networks

Attack Description
SPIT
Vishing
Toll fraud
SIP attacks
Table 9-6 Methods of Mitigating Attacks Targeting Voice Networks

Attack Description
Using auxiliary
VLANs
Using firewalls
Using IPsec-
protected VPNs
Disabling web
access
Disabling gratuitous
ARP
Disabling unneeded
services
Chapter 10 32
Chapter 10
Table 10-2 Initial Firewall Technologies
Firewall Technology Description
Static packet-filtering
firewall
Circuit-level firewall
Application layer
firewall
Dynamic packet-
filtering firewall
Table 10-3 Advantages of Application Layer Firewalls

Advantage Description
Authenticate
individuals, not
devices
It’s more difficult to

spoof and implement
DoS attacks
Can monitor and

filter application data
continues
Table 10-3 Advantages of Application Layer Firewalls (Continued)

Advantage Description
Can provide detailed
logging
Table 10-4 Uses of Stateful Packet-Filtering Firewalls

Use of Firewall Description
A primary
means of
defense
An intelligent
first line of
defense
To strengthen
packet filtering
Improve routing
performance
Defend against
spoofing and
DoS attacks
Chapter 10 34
Table 10-5 Limitations of Stateful Packet-Filtering Firewalls

Stateful Firewall
Limitation Description
No prevention of
application layer
attacks
Not all protocols

are stateful
Applications that
open multiple
connections
User
authentication is
not supported
Table 10-6 Inspection Firewall Behavior

OSI Layer Behavior
Transport layer
Session layer
Application
layer
Table 10-7 Uses of an Application Inspection Firewall

Use of Firewall Description
Secondary means of
defense
To provide more
stringent controls over
security than stateful
filtering provides
Table 10-8 Best Practices When Developing a Firewall Policy

Best Practice Description
Trust no one
Deny physical
access to firewall
devices
Allow only
necessary
protocols
Use logs and alerts
Segment security
zones
Chapter 10 36
Table 10-8 Best Practices When Developing a Firewall Policy (Continued)

Best Practice Description
Do not use a
firewall as a server
Never use a
firewall as a
workstation for a
user
Set connection
limits
Restrict access to
firewalls
Combine firewall
technology
Use firewalls as
part of a
comprehensive
security solution
Maintain your
installation
Table 10-9 ACL Numbers and Types

ACL Number Range Description
1 to 99
100 to 199
200 to 299
300 to 399
400 to 499
500 to 599
600 to 699
700 to 799
800 to 899
900 to 999
1000 to 1099
1100 to 1199
1200 to 1299
1300 to 1999
2000 to 2699
Table 10-10 Guidelines for Developing ACLs

Guideline Description
Create ACLs
based on your
security policy
Write out your

ACLs
Chapter 10 38
Table 10-10 Guidelines for Developing ACLs (Continued)

Guideline Description
Set up a
development
system
Test your ACLs
Table 10-11 ip access-group Command Syntax

access-list-number
access-list-name
in
out
Table 10-12 Caveats to Consider When Creating ACLs

Consideration Description
Implicit deny all
Standard ACL limitation
continues
Table 10-12 Caveats to Consider When Creating ACLs (Continued)

Standard evaluation order
Order of specific
statements
Directional filtering
Modifying numbered
ACLs
Special packets
Extended ACL placement
Standard ACL placement

Chapter 11 40
Table 10-15 Types of Parameter Maps

Type of Parameter Map Description
Inspect parameter map
URL filter parameter map
Protocol-specific
parameter map
Table 10-16 Class Map Filters

Class Map Filter Description
match protocol-name
match access-group
{number | name}
match class-map-
name
Chapter 11
Table 11-2 IDS/IPS Detection Methods
Detection Method Description
Signature-based
detection
Policy-based
detection
continues
Table 11-2 IDS/IPS Detection Methods (Continued)

Detection Method Description
Anomaly-based
detection
Honey pot detection
Table 11-3 Sensor Operating Modes

Operating Mode Description
Promiscuous mode
Inline mode
Chapter 11 42
Table 11-4 Responses to a Signature Firing

Response Description
Create a log entry
Drop the offending

packet
Reset the TCP

connection
Block the attacker’s IP

address
Block traffic
associated with the
offending connection
Table 11-5 Tabs in the Edit Global Settings Window

Tab Description
Syslog and
SDEE
continues
Table 11-5 Tabs in the Edit Global Settings Window (Continued)

Tab Description
Global Engine
Chapter 12
Table 12-2 Defining Attack Types
Chosen plain-
text attack
Chosen
ciphertext attack
Chapter 12 44
Table 12-2 Defining Attack Types (Continued)

Birthday attack
Meet-in-the-
middle attack
Brute-force
attack
Ciphertext-only
attack
Known plain-
text attack
Table 12-3 Classes of Encryption Algorithms

Class of Algorithm Description
Symmetric encryption
algorithms
Asymmetric encryption
algorithms
Table 12-4 Popular Symmetric Algorithms

Symmetric Algorithm Key Size
DES
Triple Data Encryption Standard (3DES)
AES
International Data Encryption Algorithm
(IDEA)
RC2
RC4
RC5
RC6
Blowfish
Table 12-6 Considerations for Protecting the Security of DES-Encrypted Data

Change keys
Use a secure
channel
Use CBC
mode
Avoid weak
keys
Chapter 12 46
Table 12-7 Most Widely Used RC Algorithms

RC
Algorithm Description
RC2
RC4
RC5
RC6
Table 12-8 Criteria for Selecting an Encryption Algorithm

Selection Criteria Description
Trust in the
algorithm by the
cryptographic
community
Protection against
brute-force attacks
Chapter 13
Table 13-2 RSA Attack Vulnerabilities
Attack Description
Timing attack
Adaptive
chosen
ciphertext
attack
Branch
prediction
analysis
(BPA) attack
Chapter 14 48
Chapter 14
Table 14-2 Uses of X.509v3
Use of X.509v3 Description
Website authentication
To support S/MIME
In IPsec VPNs
To implement client
certificates
Table 14-3 PKCS Standards

Standard Number Description
PKCS #1
PKCS #3
PKCS #5
PKCS #6
PKCS #7
PKCS #8
PKCS #10
PKCS #12
PKCS #13
PKCS #15
Table 14-4 Caveats of Using a PKI

Caveat Description
A user certificate is
compromised (a
private key is stolen)
The CA’s certificate

is compromised (the
private key is stolen)
The CA
administrator’s
process
Chapter 15
Table 15-2 Site-to-Site VPN Elements
Element Description
Headend VPN device
VPN access device
Tunnel
Broadband service
Chapter 15 50
Table 15-3 IKE Modes

Mode Description
Main mode
Aggressive
mode
Quick mode
Table 15-5 Establishing, Maintaining, and Tearing Down an IPsec Site-to-Site VPN
Step Configuration
Step 1
Step 2
Step 3
Step 4
Step 5
Table 15-6 Steps of Configuring an IPsec Site-to-Site VPN

Step Configuration
Step 1
Step 2
Step 3
Step 4
Step 5
Chapter 15 52
Table 15-7 Step-by-Step Wizard Parameters

Parameter Description
Connection settings
IKE proposals
IPsec transform sets
Protected traffic
Table 15-8 Transform Set Parameters

Parameter Description Default Transform Set Value
Transform set name
Encapsulating Security Payload (ESP) or
Authentication Header (AH) protocol
Integrity algorithm (used to perform hashing)
Encryption algorithm (if ESP is used, as
opposed to AH)
Mode (tunnel or transport)
IP compression (COMP-LZS)
Table 15-9 IPsec VPN Monitoring Commands

Command Description
show crypto isakmp sa
show crypto ipsec sa
debug crypto isakmp

2204 D.bookmark

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

2204 D.bookmark

Uploaded by

Copyright:

Available Formats

APPENDIX D

Table 1-4 Data Classification Characteristics

Table 1-5 Types of Hackers

Black hat hacker

Gray hat hacker

Table 1-6 Defending Against Different Classes of Attacks

Table 1-7 Types of IP Spoofing Attacks

Table 1-8 Confidentiality Attack Strategies

Ping sweep and

Table 2-3 Disruption Categories

Table 2-4 Backup Sites

Table 2-5 Annualized Loss Expectancy Factors

Exposure factor (EF)

Table 2-6 Components of a Security Awareness Program

Table 2-7 Cisco Self-Defending Network Core Characteristics

Table 2-8 Examples of Cisco Security Products

Cisco ASA 5500

Cisco PIX 500

Table 2-8 Examples of Cisco Security Products (Continued)

Cisco 4200 series

VPN Routing and

Table 3-2 IOS Security Features (Continued)

Table 3-7 Passwords Configured During the SETUP Script

Table 3-8 Cisco IOS Resilient Configuration Steps

Step 2: Secure the

Step 3: Verify the

Table 3-11 Cisco SDM Wizards

Table 3-11 Cisco SDM Wizards (Continued)

Table 4-3 AAA Authentication Commands

Table 4-4 aaa authentication login Command Elements

Table 4-5 aaa authorization Command Elements

Table 4-5 aaa authorization Command Elements (Continued)

Table 4-6 aaa accounting Command Elements

Table 4-6 aaa accounting Command Elements (Continued)

Table 4-8 Comparison of RADIUS and TACACS+

Table 4-9 Commonly Used AAA Configuration Commands

Table 4-10 aaa authentication login Parameters

Network Time Protocol

Table 5-2 Cisco IOS Features (Continued)

Table 5-3 Methods for Locking Down a Cisco Router

Cisco SDM One-

Table 5-4 Syslog Severity Levels

Table 5-4 Syslog Severity Levels (Continued)

Table 5-5 Components of an SNMPv1 and SNMPv2c Network Management Solution

Table 6-3 PVLAN Ports

Table 6-4 IEEE 802.1x Hardware Components

Table 6-5 IEEE 802.1x Port Authorization Options

Cisco Network Admission

Table 7-3 Basic Security Services Provided to Applications by Operating Systems

Small, verifiable pieces

Table 7-5 Anatomy of a Worm Attack

Table 7-5 Anatomy of a Worm Attack (Continued)

Table 7-7 General Categories of the Cisco NAC Product

Table 7-8 Architectural Components of the Cisco Security Agent

Table 7-9 Cisco Security Agent Interceptors

Table 8-3 Classes of SAN Attacks

Denial of service (DoS)

Table 9-3 VoIP Protocols

Table 9-4 Common VoIP Attack Targets

Table 9-5 Examples of Attacks Targeting Voice Networks

Table 9-6 Methods of Mitigating Attacks Targeting Voice Networks

Table 10-3 Advantages of Application Layer Firewalls

It’s more difficult to