Name four IOS security features.
The Cisco IOS firewall feature allows an IOS router to perform stateful inspection of traffic (using Context-Based Access Control [CBAC]), in addition to basic traffic filtering using access control lists (ACL).
The IOS feature can detect malicious network traffic inline and stop it before it reaches its destination.
A firewall maintains a separate routing and forwarding table for each VPN, which helps eliminate issues that arise from more than one VPN using the same address space.
Cisco IOS routers can participate in
Name three passwords configured during the SETUP Script
This password is used to permit access to a router’s privileged mode.
The Enable secret password is stored in the router’s configuration as an hash value, making it difficult for an attacker to guess and impossible to see with the naked eye.
This password is not encrypted (or hashed) by default.
The enable password is considered than the enable secret password.
When an administrator connects to a router over a network connection (such as a Telnet or SSH connection), she might be prompted to enter a password to have access to the virtual tty line to which she is connecting.
Name three Cisco IOS Resilient Configuration Steps
Enable image Secure the configuration
Verify the security of the
The command, issued in global configuration mode, secures the Cisco IOS image. The secured image is hidden so that it does not appear in a directory listing of files.
The command, issued in global configuration mode, archives the running configuration of a router to persistent storage.
The command can be used to verify that Cisco IOS Resilient Configuration is enabled and that the files in the bootset have been secured.
Requirements added by Cisco IOS Login Enhancements for Virtual Connections
■ Create a between repeated login attempts.
■ Suspend the process if a denial-of-service (DoS) attack is suspected.
■ Create messages upon the success and/or failure of a login attempt.
The SDM wizard that helps you configure LAN and WAN interfaces
The SDM wizard that supports the configuration of basic and advanced IOSbased firewalls
The SDM wizard that helps you configure a secure site-to-site VPN, Cisco Easy VPN Server, Cisco Easy VPN Remote, and DMVPN
The SDM wizard that identifies potential security vulnerabilities in a router’s current configuration and tweaks the router’s configuration to eliminate those weaknesses
The SDM wizard that allows an administrator to modify and view routing configurations for the RIP, OSPF, or EIGRP routing protocols
The SDM wizard that helps you configure Network Address Translation (NAT)
The SDM wizard that walks an administrator through the process of configuring an IOS-based IPS
The SDM wizard that provides wizards for configuring Network Admission Control (NAC) features such as Extensible Authentication Protocols (EAP)
The SDM wizard that helps you configure NAC