Term
| approaches to hardening Cisco IOS router against attacks |
|
Definition
use Cisco SDM's One-Step lockdown feature
auto secure CLI command |
|
|
Term
| Bootstrap Protocol (BOOTP) server |
|
Definition
| allows a router to serve as a BOOTP server for other routers |
|
|
Term
|
Definition
| Layer 2 protocol that permits adjacent Cisco devices to learn information from one another (example: protocol and platform info) |
|
|
Term
| Configuration autoloading |
|
Definition
| supports a router loading its configuration information from a network server |
|
|
Term
|
Definition
| causes a router to act as an FTP server for file transfer |
|
|
Term
| TFTP server (IOS Feature) |
|
Definition
| permits a router to act as a TFTP server, which does not require authentication |
|
|
Term
| Network Time Protocol (NTP) (IOS feature) |
|
Definition
| allows a router to act as a time source for other network devices |
|
|
Term
| Packet Assembler/Disassembler (PAD) |
|
Definition
| permits access to X.25 commands |
|
|
Term
|
Definition
| allows various daemons to be used for diagnostics |
|
|
Term
| Maintenance Operation Protocol (MOP) (IOS feature) |
|
Definition
| used as a maintenance protocol in a Digital Equipment Corporation (DEC) environment |
|
|
Term
| Simple Network Management Protocol (SNMP) (IOS feature) |
|
Definition
| allows a router to communicate with an SNMP speaking network management station |
|
|
Term
| HTTP/HTTPS configuration and monitoring |
|
Definition
| supports the monitoring and configuration of a router via a web interface (example: SDM) |
|
|
Term
| Domain Name Service (DNS) (IOS feature) |
|
Definition
| allows a router to send DNS queries for name-to-IP address resoluton |
|
|
Term
| Internet Control Message Protocol (ICMP) redirects |
|
Definition
| tells a router to send an ICMP redirect message in case the router resends a packet out the same interface the packet was received on |
|
|
Term
|
Definition
| permits the sender of a packet to dictate the route that the packet will take to its destination |
|
|
Term
|
Definition
| displays users currently logged into a router |
|
|
Term
| ICMP unreachable notifications |
|
Definition
| notifies the send of a packet if the packet was destined for an invalid destination |
|
|
Term
|
Definition
| causes a router to send an ICMP mask reply message, which contains an interface's IP address mask, in response to an ICMP mask request |
|
|
Term
| IP identification service |
|
Definition
| identifies the initiator of a TCP connection to the other party in the connection |
|
|
Term
|
Definition
| helps a router close inactive TCP connections |
|
|
Term
|
Definition
| allows a router to accept replies to Address Resolution Protocol (ARP) requests that the router did not request |
|
|
Term
|
Definition
| supports a router functioning as a Layer 2 bridge by responding to ARP requests on behalf of another network device (example: network server) |
|
|
Term
|
Definition
| allows a router to propagate a broadcast message originating in one subnet and destined for another subnet |
|
|
Term
|
Definition
AutoSecure IOS feature is invoked by issuing
autosecure
command from the CLI |
|
|
Term
| Cisco SDM One-Step Lockdown |
|
Definition
| method for securing a router using a wizard in the Cisco SDM GUI |
|
|
Term
|
Definition
Emergencies
most severe error conditions, which render the system unusable |
|
|
Term
|
Definition
Alerts
conditions requiring immediate attention |
|
|
Term
|
Definition
Critical
A less severe condition as compared to alerts, which should be addressed to prevent an interruption of service |
|
|
Term
|
Definition
Errors
notifications about error conditions within the system that do not render the system unusable |
|
|
Term
|
Definition
Warnings
notifications that specific operations failed to complete successfull |
|
|
Term
|
Definition
Notifications
nonerror notifications that alert an administrator about state changes within a system |
|
|
Term
|
Definition
Informational
detailed information about the normal operation of the system |
|
|
Term
|
Definition
Debugging
highly detailed information (example: information about individual packets) that is typically used for troubleshooting purposes |
|
|
Term
|
Definition
runs a network management application
sometimes called a Network Managment Server (NMS) |
|
|
Term
|
Definition
| piece of software that runs on a managed device (such as a server, router, or switch) |
|
|
Term
| Management Information Base (MIB) |
|
Definition
information about a managed device's resources and activity is defined by a series of objects
the structure of these management objects is defined by a managed device's MIB |
|
|
Term
|
Definition
| used to retrieve information from a managed device |
|
|
Term
|
Definition
| set a variable in a managed device or to trigger an action on a managed device |
|
|
Term
|
Definition
an unsolicited message sent from a managed device to an SNMP manager
can be used to notify the SNMP manager about a significant event that occurred on the managed device |
|
|
Term
|
Definition
defined an approach for user and group authentications
Cisco IOS supports SNMPv1,v2c and v3 security models |
|
|
Term
|
Definition
defines the type of security algorithm performed on SNMP packets
three security levels:
-noAuthNoPriv
-authNoPriv
-authPriv |
|
|
Term
| noAuthNoPriv Security Level |
|
Definition
no authorization, no privacy
uses community strings for authorization and does not use encryption to provide privacy |
|
|
Term
|
Definition
authorization, no privacy
provides authorization using Hashed Message Authentication Code (HMAC) with Message Digest 4 (MD5) or Secure Hash Algorithm (SHA). No encryption is used |
|
|
Term
|
Definition
authorization, privacy
offers HMAC MD5 or SHA authentication and also provides privacy through encryption.
Encryption uses the Cipher Block Chaining (CBC) Data Encryption Standard (DES) (DES-56) algorithm |
|
|
Term
| Security Level and Model of SNMPv1 |
|
Definition
| noAuthNoPriv - Community String - no encryption |
|
|
Term
| Security Level and Security Model SNMPv2c |
|
Definition
| noAuthNoPriv - Community String - no encryption |
|
|
Term
| Security Level and Security Model SNMPv3 |
|
Definition
noAuthNoPriv - Username - no encryption
authNoPriv - MD5 or SHA - no encryption
authPrive - MD5 or SHA - CBC-DES (DES-56) |
|
|
Term
|
Definition
| using hash algorithms, SNMPv3 can ensure that an SNMP message was not modified in transit |
|
|
Term
|
Definition
| hashing allows SNMPv3 to validate the source of an SNMP message |
|
|
Term
|
Definition
| using the CBC-DES (DES-56) encryption algorithm, SNMPv3 provides privacy for SNMP messages, making them unreadable by an attacker who might capture an SNMP packet |
|
|
Term
|
Definition
groupings of individual SNMP components
SNMP apps and manager combine into NMS SNMP entity
SNMP agent and a MIB combine into a managed node SNMP entity |
|
|
