Do you have implemented IPv6 addresses in border devices? 2 points
By implementing IPv6 in border devices, organizations ensure they can fully participate in the evolving internet ecosystem. Neglecting to adopt IPv6 addresses increases the risk of network limitations and potential incompatibility with emerging technologies. Therefore, integrating IPv6 addresses into border devices is a fundamental step in ensuring long-term network sustainability and compatibility.
Do the dynamic routing protocols use key authentication techniques, to avoid the Router Rogue in your organization? 2 points
Using key authentication for dynamic protocol routing is crucial in preventing rogue routers, as it ensures that only trusted routers can participate, therefore preventing unauthorized users from potentially joining the network, which can lead security breaches or disruptions in the network traffic.
Do you ever scan the network from the external site and verify the ports which you were not aware for their existence? 3 points
Performing external network scans to identify unexpected open ports is a critical security practice. This proactive approach helps uncover potential vulnerabilities or unauthorized services running on the network. Detecting such unexpected open ports allows for timely investigation and remediation, reducing the risk of unauthorized access or exploitation.
Do you use ssh tunnel for accessing the remote device? 3 points
Using an SSH tunnel for accessing remote devices is a recommended security practice. SSH tunnels encrypt the connection, providing a secure way to access resources on a remote network. This helps protect sensitive data from interception or unauthorized access. It's a crucial measure, particularly when accessing devices over untrusted networks like the internet.
Do you use the DHCP snooping in your switch to avoid the DHCP spoofing and rogue? 3 points
Enabling DHCP snooping on switches is a crucial security measure to prevent DHCP spoofing and rogue DHCP servers in a network. DHCP snooping helps validate DHCP messages, ensuring that only legitimate DHCP servers are allowed to provide IP addresses. This prevents potential man-in-the-middle attacks and helps maintain network integrity and security.
Do you use the IP Source guard to prevent IP Spoofing? 2 points
Implementing IP Source Guard is a crucial security measure to prevent IP spoofing attacks. It restricts traffic to only allow packets with legitimate source IP addresses, preventing attackers from using forged or malicious IPs. This helps maintain network integrity and safeguards against various forms of network-based attacks.
Do you use the Port Security Features in Switches to avoid Flood Attack? 3 points
Using Port Security features in switches helps in avoiding Flood Attacks as they restric the number of MAC addresses allowed on a port, preventing attackers from flooding the switch with a large number of fake MAC addresses, consequently maintaining the network integrity and security
Do you put the MAC Address in CAM of the switches in static or dynamic learning with sticky features in your company? 2 points
By managing MAC addresses in the CAM table of the switches, whether in static or dynamic learning, helps in maintaining and controlling network access and port security, preventing unauthorized devices from connecting and overall enhancing the network security by mitigating the risk of MAC spoofing.
Do you configure the switch with Dynamic ARP-Spoofing Inspection in order to avoid ARP Poisoning in your Cache? 2 points
A vital security measure is the configuration of a switch with Dynamic ARP-Spoofing Inspection in order to prevent ARP poisoning attacks. Dynamic ARP-Spoofing Inspection helps validate ARP requests and responses, ensuring that only legitimate ARP messages are accepted, this way preventing malicious actors manipulating the ARP cache to redirect network traffic.
10. Do you specify each switch port as static and based on their rule and activities, i.e trunk or access, to avoid Switch Rogue? 3 points
Specifying each switch port as either static, trunk or access based on their rule and activities is a fundamental security practice in preventing rogue switches from compromising the network, as organizations can effectively control network access, preventing unauthorized devices from connecting to the network, therefore maintaining network integrity and security.
