Module 13: Quiz – Endpoint Security (Answers) Network Security

Explanation: When using 802.1x authentication, a switch must be configured with the IP address of the RADIUS server, and the port numbers used to communicate with the authentication server.

Explanation: In an 802.1x implementation the authentication server is typically a host server running software supporting the RADIUS and EAP protocols.

Explanation: The primary goal of a network access control (NAC) system is to allow only authorized and compliant systems onto the network. NAC systems can have the following capabilities:

• profiling and visibility – recognize and profile users and devices before malicious code can cause damage
• guest network access – manage guest access including authentication, registration, and sponsoring
• security posture check – evaluate security policy compliance by user type, device type, and operating system
• incident response – mitigate network threats by enforcing security policies

Explanation: The Cisco Web Security Appliance (WSA) acts as a web proxy for an enterprise network. WSA can provide many types of logs related to web traffic security including ACL decision logs, malware scan logs, and web reputation filtering logs. The Cisco Email Security Appliance (ESA) is a tool to monitor most aspects of email delivery, system functioning, antivirus, antispam operations, and block list and allowed list decisions. The Cisco ASA is a firewall appliance. The Cisco Application Visibility and Control (AVC) system combines multiple technologies to recognize, analyze, and control over 1000 applications.

Explanation: The first step in configuring 802.1X is to enable AAA using the aaa new-model global configuration command. The next step is to designate the RADIUS server and configure its address and ports.

Explanation: When a client supplicant is starting the 802.1X message exchange, an EAPOL-Start message is sent between the supplicant and the authenticator, which is the switch. The authenticator then sends EAP data, encapsulated using RADIUS, to the authentication server.

Explanation: A host-based firewall is software installed on a single host that restricts incoming and outgoing connections to that host.

Explanation: 802.1x is an industry standard for providing port-based network access control. It provides a mechanism to authenticate devices onto the local-area networks and WLANs.

Explanation: Two internal LAN elements to protect are the endpoints and the network infrastructure devices. Endpoints are susceptible to malware-related attacks and once infiltrated, can become a starting point to access other system devices.

Explanation: Denylisting blocks endpoints from connecting to suspicious websites that have a bad reputation based on the latest intelligence.

Explanation: The authentication port-control switch interface command is used when an organization wants to control the port authorization state, of a particular port, during the 802.1X authentication process. When the authentication port-control auto command is issued, it enables 802.1X port-based authentication and only allows EAPOL, STP, and CDP traffic to be sent until the client device has been authenticated.

Explanation: The devices involved in the 802.1X authentication process are as follows:

• The supplicant, which is the client that is requesting network access
• The authenticator, which is the switch that the client is connecting and that is actually controlling physical network access
• The authentication server, which performs the actual authentication

Explanation: When a port is configured for 802.1X, the port starts in the unauthorized state and stays that way until the client has successfully authenticated. Once authenticated, the port moves to the authorized state and the client is granted access to the network.