Network Security (Version1.0) Modules 20 – 22: ASA Group Test Online

Hint

An integrity checking system can report login and logout activities. Network scanning can detect user names, groups, and shared resources by scanning listening TCP ports. Password cracking is used to test and detect weak passwords. Vulnerability scanning can detect potential weaknesses in a system, such as misconfigurations, default passwords, or DoS attack targets.

Hint

Security Information Event Management (SIEM) is a technology that provides real-time reporting and long-term analysis of security events. SIEM provides the ability to search logs and events from disparate systems or applications to detect threats. SIEM aggregates duplicate events to reduce the volume of event data. SIEM can be implemented as software or as a managed.service. SuperScan is a Microsoft Windows port scanning tool that runs on most versions of Windows.Tools, such as Nmap and SuperScan, can provide effective penetration testing on a network and determine network vulnerabilities while helping to anticipate possible attack mechanisms.

Hint

Nmap and Zenmap are low-level network scanners available to the public. Zenmap is the GUI version of Nmap. SuperScan is a Microsoft port scanning software that detects open TCP and UDP ports on systems. Nessus can scan systems for software vulnerabilities. SIEM is used to provide real-time reporting of security events.

Hint

There are many security tests that can be used to assess a network. Penetration testing is used to determine the possible consequences of successful attacks on the network. Vulnerability scanning can detect potential weaknesses in systems. Password cracking can detect weak passwords. Integrity checkers can detect and report configuration changes.

Hint

Network scanning can help a network administrator strengthen the security of the network and systems by identifying open TCP and UDP ports that could be targets of an attack.

Hint

Routed mode is the traditional mode for deploying a firewall where there are two or more interfaces that separate Layer 3 networks. The ASA is considered to be a router hop in the network and can perform NAT between connected networks. Routed mode supports multiple interfaces. Each interface is on a different subnet and requires an IP address on that subnet.

Hint

When an ASA 5505 device is being utilized, traffic is denied as it travels from a lower security zone to a higher security zone. The highest security zone is the internal network, the DMZ is usually the next highest, and the outside network is the lowest. Traffic is only allowed to move from a lower security level to a higher if it is in response to originating traffic within the higher security zone.

Hint

When traffic moves from an interface with a higher security level to an interface with a lower security level, it is considered outbound traffic. Conversely, traffic that moves from an interface with a lower security level to an interface with a higher security level is considered inbound traffic.

Hint

Multiple interfaces in an ASA can be assigned the same security level. To allow connectivity between interfaces with the same security levels, the same-security-traffic permit inter-interface global configuration command is required. Traffic from the higher level network to the lower level network is allowed by default. However, traffic initiated on the lower level network is denied access to the higher level network by default.

Hint

There are two types of objects that can be configured on the Cisco ASA 5505: network objects and service objects. Network objects can be configured with an IP address and mask. Service objects can be configured with a protocol or port ranges.

Hint

Policy maps are used to bind class maps with actions Class maps are configured to identify Layer 3 and 4 traffic. Service policies are configured to attach the policy map to an interface.

Hint

An ASA device configured in transparent mode functions like a Layer 2 device and does not support dynamic routing protocols, VPNs, QoS, or DHCP.​

Hint

The ASA 5506-X commonly has a pre-installed Base license that has the option to upgrade to the Security Plus license. The Security Plus license supports a higher connection capacity and up to 50 IPsec VPN users.

Hint

Stateful packet inspection allows return traffic that is sourced on the outside network to be received by the originating sender on the internal network.

Hint

When configuring an ASA, each operational interface must have a name and a security level from 0 (lowest) to 100 (highest) assigned.

Hint

Use the show interface ip brief command to verify IP address assignment and interface status on an ASA.

Hint

Configuring IP addresses on interfaces can be done manually using the ip address command. It can also be accomplished by using DHCP when an interface is connecting to an upstream device providing DHCP services. PPPoE is used when an interface is connecting to an upstream DSL device providing point-to-point connectivity over Ethernet services. The dhcpd address IP_address1 [ -IP_address2 ] if_name command is used to establish the IP address pool on a DHCP server.

Hint

From the configuration, the source of IP address translation is the subnet 192.168.5.0/27 and the mapped address is the outside interface. This is an example of dynamic PAT. Dynamic NAT, dynamic PAT, and static NAT are referred to as “network object NAT” because the configuration requires network objects to be configured. Twice NAT identifies both the source and destination address in a single rule ( nat command), and it is used when configuring remote-access IPsec and SSL VPNs.​

Hint

The Nesus tool provides remote vulnerability scanning that focuses on remote access, password misconfiguration, and DoS against the TCP/IP stack. L0phtcrack provides password auditing and recovery. Metasploit provides information about vulnerabilities and aids in penetration testing and IDS signature development.

Hint

Some of the software tools that can be used to perform network testing include:

• SuperScan – port scanning software designed to detect open TCP and UDP ports and to determine what services are running on those ports
• Nessus – vulnerability scanning software that focuses on remote access, misconfigurations, and DoS against the TCP/IP stack
• L0phtCrack – a password auditing and recovery application
• Metasploit – provides information about vulnerabilities and aids in penetration testing and IDS signature development

Hint

When an ASA 5506-X device is being utilized, traffic is denied as it travels from a lower security zone to a higher security zone. The highest security zone is the internal network, the DMZ is usually the next highest, and the outside network is the lowest. Traffic is only allowed to move from a lower security level to a higher if it is in response to originating traffic within the higher security zone.