Which three Cisco security product features assist in preventing TCP-based man-in-the-middle attacks? (Choose three.)
Click on the arrows to vote for the correct answerA. B. C. D.
Sure, I'll do my best to provide a detailed explanation of each of the options and how they relate to preventing TCP-based man-in-the-middle attacks.
A. Cisco ASA TCP initial sequence number randomization:
The initial sequence number (ISN) is a random number used by TCP to synchronize communication between two devices. It's important to keep this number unpredictable to prevent attackers from guessing it and hijacking the TCP session. Cisco ASA (Adaptive Security Appliance) devices offer ISN randomization as a feature to help prevent man-in-the-middle attacks. This feature generates a random ISN for each new TCP connection, making it much harder for attackers to guess the sequence number and hijack the connection.
B. Cisco ASA TCP sliding-window conformance validation:
TCP sliding windows are used to manage the flow of data between two devices. The sending device can transmit a certain amount of data, known as the window size, before waiting for an acknowledgement from the receiving device. Man-in-the-middle attacks can exploit weaknesses in the sliding window implementation to inject or modify data in transit. Cisco ASA devices offer sliding-window conformance validation as a feature to prevent these attacks. This feature checks that the TCP sliding window is functioning as expected and drops any packets that violate the sliding window protocol.
C. Cisco IPS TCP stream reassembly:
Intrusion Prevention Systems (IPS) are used to detect and prevent malicious activity on a network. One common technique used by attackers is to fragment TCP packets in such a way that they are not reassembled correctly by the recipient device. This can lead to buffer overflows, denial of service attacks, and other security issues. Cisco IPS devices offer TCP stream reassembly as a feature to prevent these types of attacks. This feature reassembles TCP packets before they are inspected for malicious content, ensuring that the packets are correctly reconstructed and the device is not vulnerable to attack.
D. Cisco IOS TCP maximum segment size adjustment:
The maximum segment size (MSS) is the largest amount of data that can be transmitted in a single TCP packet. Man-in-the-middle attacks can exploit weaknesses in the MSS negotiation process to inject or modify data in transit. Cisco IOS (Internetwork Operating System) devices offer MSS adjustment as a feature to prevent these attacks. This feature adjusts the MSS value based on the MTU (Maximum Transmission Unit) of the network path, ensuring that packets are correctly sized and reducing the risk of attack.
In summary, the three Cisco security product features that assist in preventing TCP-based man-in-the-middle attacks are Cisco ASA TCP initial sequence number randomization, Cisco ASA TCP sliding-window conformance validation, and Cisco IPS TCP stream reassembly. These features help to ensure that TCP sessions are established securely, that data is transmitted correctly, and that malicious activity is detected and prevented.