Добавил:
Опубликованный материал нарушает ваши авторские права? Сообщите нам.
Вуз: Предмет: Файл:
Securing Cisco IOS Networks Study Guide - Carl Timm.pdf
Скачиваний:
73
Добавлен:
24.05.2014
Размер:
9.74 Mб
Скачать

204 Chapter 6 Cisco IOS Firewall Authentication and Intrusion Detection

Key Terms

Before you take the exam, be certain you are familiar with the following terms:

atomic signatures

Intrusion Detection System (IDS)

attack signatures

IOS Firewall Authentication Proxy

audit rule

IOS Firewall IDS

compound signatures

signatures

info signatures

 

Commands Used in This Chapter

Here is the list of commands used in this chapter:

 

Command

Meaning

(config)#aaa new-model

Prepares the router for AAA

 

configuration.

(config)#aaa authentication login default

Enables AAA authentication using

group tacacs+

TACACS+.

(config)#aaa authorization auth-proxy

Enables AAA authorization using

default group tacacs+

TACACS+.

(config)#tacacs-server host ip-address

Specifies the TACACS+ server at the

 

designated IP address.

(config)#tacacs-server key key-name

Specifies the TACACS+ server key.

(config)#ip http server

Enables the router’s HTTP server.

(config)#ip http server authentication aaa

Enables AAA authentication for HTTP.

(config)#ip auth-proxy auth-cache-time time

Sets the default idle timeout to the

 

specified interval (in minutes).

(config)#ip auth-proxy name name http

Creates an Authentication Proxy rule

 

with the specified name.

(config)#clear ip auth-proxy cache *

Clears all Authentication Proxy cache

 

entries.

Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501.

www.sybex.com

Written Lab

205

Command

Meaning

(config)#ip audit notify log

Configures the IOS Firewall IDS to log

 

to the Syslog server.

(config)#logging ip-address

Specifies the Syslog server at the

 

designated IP address.

(config)#ip audit signature signature

Disables the specified IDS signature;

disable

there’s no form to enable.

(config)#ip audit signature signature

Excludes hosts and networks in the

list list

specified list from the designated

 

signature.

(config)#ip audit info action alarm

Sets the default action for info to alarm.

(config)#ip audit attack action alarm drop

Sets the default action for attack to

reset

alarm, drop, and reset.

(config)#ip audit name name info action

Sets the action for the specified audit

alarm

rule type info to alarm.

(config)#ip audit name name attack action

Sets the action for the specified audit

alarm drop reset

rule type attack to alarm, drop, and

 

reset.

(config)#ip audit po protected ip-address to ip-address

Defines the protected network using the specified IP addresses.

Written Lab

This section asks you 10 write-in-the-answer questions to help you understand the technology that you need to know in order to pass the SECUR exam.

1.List three TACACS+ servers supported by the IOS Firewall Authentication Proxy.

2.What are the three issues to consider when implementing the IOS Firewall IDS?

3.What is the command that clears the cache of all entries when running the IOS Firewall Authorization Proxy?

4.What is the order in which modules are evaluated when a packet is evaluated by the IOS Firewall IDS?

5.What is the command that enables AAA on the router?

6.What is the command to change the default idle time for the IOS Firewall Authentication Proxy to 30 minutes?

Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501.

www.sybex.com

206 Chapter 6 Cisco IOS Firewall Authentication and Intrusion Detection

7.What actions can the IOS Firewall IDS take when a signature is matched?

8.List four RADIUS servers supported by the IOS Firewall Authentication Proxy.

9.List the four signature-type combinations in the IOS Firewall IDS.

10.What is the correct command to specify a TACACS+ server on a router?

Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501.

www.sybex.com

Review Questions

207

Review Questions

1.Which of the following are issues to consider when implementing the IOS Firewall IDS? (Choose all that apply.)

A.Memory usage

B.Signature coverage

C.User address space

D.TACACS+ server type

2.In the IOS Firewall IDS, what type of signature triggers on a single packet?

A.Atomic

B.Compound

C.Info

D.Attack

3.What is the default action for attack signatures in the IOS Firewall IDS?

A.Alert

B.Reset

C.Drop

D.Reset and drop

E.Alert, reset, and drop

4.In the IOS Firewall IDS, which types of signatures are informative in nature?

A.Atomic

B.Compound

C.Info

D.Attack

5.What is the default idle timeout period on the IOS Firewall Authentication proxy?

A.60 seconds

B.60 minutes

C.30 seconds

D.30 minutes

E.90 seconds

F.90 minutes

Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501.

www.sybex.com

208 Chapter 6 Cisco IOS Firewall Authentication and Intrusion Detection

6.When packets enter an IOS Firewall IDS, which module is evaluated first?

A.ICMP

B.IP

C.TCP/UDP

D.Application-level protocol

7.When packets enter an IOS Firewall IDS, which module is evaluated last?

A.ICMP

B.IP

C.TCP/UDP

D.Application-level protocol

8.What types of RADIUS servers are supported by the IOS Firewall Authentication Proxy? (Choose all that apply.)

A.Active Directory

B.CiscoSecure ACS for Unix

C.NDS

D.Freeware TACACS+

E.Lucent

F.CiscoSecure ACS for Windows NT/2000

9.Which of the following best describes the function of the IOS Firewall Authentication Proxy?

A.Provides dynamic per-user authentication and authorization via TACACS+ and/or RADIUS

B.Provides dynamic per-user authentication and authorization via CiscoSecure ACS

C.Provides dynamic per-user authentication via TACACS+ and/or RADIUS

D.Provides dynamic per-user authorization via TACACS+ and/or RADIUS

E.Provides dynamic per-user authentication via CiscoSecure ACS

10.Which command tells a router that a Syslog server is available at 10.1.1.2?

A.syslog-server 10.1.1.2

B.logging 10.1.1.2

C.ip logging 10.1.1.2

D.ip syslog 10.1.1.2

Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501.

www.sybex.com

Review Questions

209

11.In the IOS Firewall IDS, which types of signatures indicate a potentially malicious problem?

A.Atomic

B.Compound

C.Info

D.Attack

12.When configuring the AAA server for the IOS Firewall Authentication Proxy, what privilege level must you set at the end of each list?

A.1

B.3

C.10

D.15

E.*

13.Which TACACS+ servers are supported by the IOS Firewall Authentication Proxy? (Choose all that apply.)

A.Active Directory

B.CiscoSecure ACS for Unix

C.NDS

D.Freeware TACACS+

E.Lucent

F.CiscoSecure ACS for Windows NT/2000

14.Which command would remove all AAA processing from the router?

A.clear aaa *

B.aaa new-model

C.clear ip auth-proxy cache *

D.no aaa new-model

E.no clear ip auth-proxy cache *

15.When a signature in the IOS Firewall IDS matches a packet or packets, which of the following are valid actions? (Choose all that apply.)

A.Log

B.Alarm

C.Activate CBAC

D.Reset

E.Drop

Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501.

www.sybex.com

210 Chapter 6 Cisco IOS Firewall Authentication and Intrusion Detection

16.Which of the following commands will clear all entries of the cache on the IOS Firewall Authentication Proxy?

A.clear ip auth-proxy cache all

B.clear ip auth proxy cache

C.clear ip auth-proxy cache *

D.clear ip cache

E.clear auth-proxy cache *

17.What is the default action for info signatures in the IOS Firewall IDS?

A.Alert

B.Reset

C.Drop

D.Reset and drop

E.Alert, reset, and drop

18.In the IOS Firewall IDS, which type of signature matches based on multiple packets?

A.Atomic

B.Compound

C.Info

D.Attack

19.Which of the following commands successfully changes the default idle timeout of the IOS Firewall Authentication Proxy?

A.ip auth-proxy 30

B.ip auth-proxy auth-cache-time 60

C.ip auth-proxy idle-timeout 30

D.ip auth-proxy auth-cache-time 30

E.ip auth-proxy idle-timeout 60

20.Which command halts all IOS Firewall IDS functions?

A.no aaa new-model

B.clear ip audit-configuration

C.no ip audit configuration

D.clear ip audit configuration

Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501.

www.sybex.com