CCIE Security written: 2– Application Protocols

Highlights of CCIE Security written Study Guide

Active FTP is less secure than passive mode because the FTP server, which, in theory, could be any host, initiates the data channel.

In passive mode, the second connection for the FTP data connection is also initiated from the client to the server (the reverse of active FTP).

In passive FTP, the client initiates both the control connection and the data connection. In active mode, the FTP server initiates the FTP data channel. When using passive FTP, the probability of compromising data is less because the FTP client initiates both connections.

If the snmp-server community command is not used during the SNMP configuration session, it will automatically be added to the configuration after the snmp-server host command is used. In this case, the default password ( string) for the  snmp-server community is taken from the  snmp-server host command. You must always set the community string manually; otherwise, your router could be left vulnerable to SNMP  get commands.

snmp-server host  host-addr [traps | informs] [ version {1 | 2c | 3    [auth | noauth  | priv]}]  community-string    [udp-port  port] [notification-type ]
  • SNMP Version 3 is the most secure model because it allows packet encryption with the priv keyword.
  • auth —(Optional) Enables Message Digest 5 (MD5) and Secure Hash Algorithm (SHA) packet authentication.
  • priv —(Optional) Enables Data Encryption Standard (DES) packet encryption (also called privacy).

NTP uses the concept of a stratum to describe how many NTP hops away a machine is from an authoritative time source. A stratum 1 time server has a radio or atomic clock directly attached; a stratum 2 time server receives its time via NTP from a stratum 1 time server, and so on. Cisco routers cannot support stratum 1 (in other words, you cannot connect a Cisco router to an atomic clock source)

To ensure that R1 sends R2 a clock source via NTP, R1 must be configured to send NTP traffic over the Frame Relay cloud with the command ntp broadcast. To specify that a specific interface should send NTP broadcast packets, use the  ntp broadcast  interface configuration command. Similarly, R2 must receive NTP traffic and is considered an NTP client with the IOS command ntp broadcast client.

Share this!

Author: Mo Moghaddas

Building to give users more time back and make scheduling a pleasant experience.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.