Chapter 2. Switch Concepts and Configuration. Part II

Similar documents
CCNA Semester 2 labs. Labs for chapters 2 10

CCNA 1 Chapter 2 v5.0 Exam Answers %

Lab Configuring Switch Security Features Topology

Network security session 9-2 Router Security. Network II

CCNA 1 Chapter 2 v5.0 Exam Answers 2013

Preview Test: cis191_chap1_quiz

Interconnecting Cisco Networking Devices Part 1 ( )

Lab Using the CLI to Gather Network Device Information Topology

Skills Assessment Student Training

Cisco Networking Academy CCNP

MiPDF.COM. 3. Which procedure is used to access a Cisco 2960 switch when performing an initial configuration in a secure environment?

CCNA 1 Final Exam Answers UPDATE 2012 eg.1

1. Which OSI layers offers reliable, connection-oriented data communication services?

CISCO EXAM QUESTIONS & ANSWERS

Lab Securing Network Devices

CCNA 1 Final Exam Answers UPDATE 2012 eg.2

exam. Number: Passing Score: 800 Time Limit: 120 min CISCO Interconnecting Cisco Networking Devices Part 1 (ICND)

Switches Chapter 2 1

Lab - Examining Telnet and SSH in Wireshark

Lab - Configuring a Switch Management Address

Chapter 4. Network Security. Part II

CCNP Switch Questions/Answers Securing Campus Infrastructure

Lab Configuring and Verifying Extended ACLs Topology

CCENT Practice Certification Exam # 2 - CCNA Exploration: Accessing the WAN (Version 4.0)

Network Security. The Art of War in The LAN Land. Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, September 27th, 2018

Lab 1.4.6B Implementing Port Security

Exam E1 Copyright 2010 Thaar AL_Taiey

Cisco.BrainDump v by.MuTe

Support for policy-based routing applies to the Barracuda Web Security Gateway running version 6.x only.

Lab Exploring Cisco IOS and Configuring Basic Switch Settings

EIGRP Practice Skills Assessment - Packet Tracer

When does it work? Packet Sniffers. INFO Lecture 8. Content 24/03/2009

Configuring the WMIC for the First Time

CHAPTER 2 ACTIVITY

Lab 1-2Connecting to a Cisco Router or Switch via Console. Lab 1-6Basic Graphic Network Simulator v3 Configuration

Lab 7 Configuring Basic Router Settings with IOS CLI

CCNA Security 1.0 Student Packet Tracer Manual

Lab 1. CLI Navigation. Scenario. Initial Configuration for R1

Troubleshooting Network analysis Software communication tests and development Education. Protocols used for communication (10 seconds capture)

Configuring Port-Based Traffic Control

Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM

CCNA 1 Chapter 6 v5.0 Exam Answers 2013

NETWORK INTRUSION. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Skills Assessment Student Practice

Lab Configure Basic AP Security through IOS CLI

Configuring Port-Based Traffic Control

Lab - Troubleshooting Standard IPv4 ACL Configuration and Placement Topology

DoS Attacks Malicious Code Attacks Device Hardening Social Engineering The Network Security Wheel

CCNA Security PT Practice SBA

Chapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM

Skills Assessment Student Training Exam

Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM

AutoSecure. Finding Feature Information. Last Updated: January 18, 2012

CyberPatriot Packet Tracer Tool Kit

Lab 3: Basic Device Configuration

Semester 1. Cisco I. Introduction to Networks JEOPADY. Chapter 11

Configuring Port-Based Traffic Control

Interconnecting Cisco Networking Devices Part 1 (ICND1) Course Overview

Skills Assessment (OSPF) Student Training Exam

Skills Assessment (EIGRP) Student Training Exam

Lab - Building a Switch and Router Network

Configuring Port-Based Traffic Control

CCNA Cisco Certified Network Associate CCNA (v3.0)

Skills Assessment (EIGRP) Student Training Exam

Laboration 2 Troubleshooting Switching and First-Hop Redundancy

Lab 8.5.2: Troubleshooting Enterprise Networks 2

ICND1. Switch Configuration Lab. All configurations have been set to factory defaults for these labs

Skills Assessment (OSPF) Student Training Exam

Chapter 10 - Configure ASA Basic Settings and Firewall using ASDM

Lab Student Lab Orientation

Internetwork Expert s CCNA Security Bootcamp. Mitigating Layer 2 Attacks. Layer 2 Mitigation Overview

Configuring the Cisco NAM 2220 Appliance

Configuring Authentication Proxy

Actual4Test. Actual4test - actual test exam dumps-pass for IT exams

When the Lights go out. Hacking Cisco EnergyWise. Version: 1.0. Date: 7/1/14. Classification: Ayhan Koca, Matthias Luft

2. Which two functions of the OSI model occur at layer two? (Choose two.) physical addressing encoding routing cabling media access control

CCNA 1 Chapter 11 V4.0 Answers

DGS-1510 Series Gigabit Ethernet SmartPro Switch Web UI Reference Guide. Figure 9-1 Port Security Global Settings window

CHCSS. Certified Hands-on Cyber Security Specialist (510)

UNIVERSITY OF BOLTON CREATIVE TECHNOLOGIES COMPUTING PATHWAYS SEMESTER ONE EXAMINATION 2015/2016 ROUTING FUNDAMENTALS MODULE NO: CPU5010

Security Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 9300 Switches)

Actual4Test. Actual4test - actual test exam dumps-pass for IT exams

Lab Configuring EtherChannel

Configure a Switch. LAN Switching and Wireless Chapter 2. Version Cisco Systems, Inc. All rights reserved.

Configuring Switch-Based Authentication

Configuring Dynamic ARP Inspection

Securing Wireless Networks by By Joe Klemencic Mon. Apr

Retake - Skills Assessment Student Training (Answer Key)

Lab Establishing and Verifying a Telnet Connection Instructor Version 2500

CISCO EXAM QUESTIONS & ANSWERS

Internetwork Expert s CCNA Security Bootcamp. Securing Cisco Routers. Router Security Challenges

Wireless Access Points (Part 2)

CISCO EXAM QUESTIONS & ANSWERS

CCNA Exploration Network Fundamentals. Chapter 3 Application Layer Functionality and Protocols

CCNA 4 - Final Exam (B)

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

Lab Configuring Static Routes Instructor Version 2500

Lab Capturing and Analyzing Network Traffic

CCNA 1 v5.0 R&S ITN Final Exam 2014

Lab - Troubleshooting ACL Configuration and Placement Topology

Transcription:

Chapter 2 Switch Concepts and Configuration Part II CCNA3-1 Chapter 2-2

Switch Concepts and Configuration Configuring Switch Security MAC Address Flooding Passwords Spoofing Attacks Console Security Tools Telnet Attacks Encryption Port Security Telnet / SSH CDP Attacks Password Recovery CCNA3-2 Chapter 2-2

Configuring Password Options Securing Console Access: CCNA3-3 Chapter 2-2

Configuring Password Options Securing Virtual Terminal Access: There are 16 available default Telnet sessions as opposed to the 5 sessions set up for a router. CCNA3-4 Chapter 2-2

Configuring Password Options Securing Privileged EXEC Access: Always use enable secret for password encryption. CCNA3-5 Chapter 2-2

Configuring Password Options Encrypting Switch Passwords: You can encrypt all passwords assigned to a switch using the service password-encryption command. password cisco CCNA3-6 Chapter 2-2

Configuring Password Options Password Recovery: To recover a switch password: Power up the switch with the Mode button pressed. Initialize flash. Load helper A detailed files password recovery Rename procedure the current will configuration be provided on file. Reboot the Blackboard system. and in the lab. Reinstate the name of the configuration file and copy it into RAM. Change the password. Copy to start up configuration Reload the switch. CCNA3-7 Chapter 2-2

Login Banners Login Banner: Message-Of-The-Day (MOTD) Banner: CCNA3-8 Chapter 2-2

Configure Telnet and SSH Telnet: Most common method. Virtual Terminal application. Send in clear text. Not secure. Secure Shell (SSH): Virtual Terminal application. Sends an encrypted data stream. Is secure. CCNA3-9 Chapter 2-2

Configure Telnet and SSH Configuring Telnet: Telnet is the default transport for the vty lines. No need to specify it after the initial configuration of the switch has been performed. If you have switched the transport protocol on the vty lines to permit only SSH, you need to enable the Telnet protocol to permit Telnet access. CCNA3-10 Chapter 2-2

Configure Telnet and SSH Configuring Secure Shell (SSH): SSH is a cryptographic security feature that is subject to export restrictions. To use this feature, a cryptographic image must be installed on your switch. Perform the following to configure SSH ONLY Access: CCNA3-11 Chapter 2-2

Common Security Attacks MAC Address Flooding: Recall that the MAC address table in a switch: Contains the MAC addresses available on a given physical port of a switch. Contains the associated VLAN parameters for each. Is searched for the destination address of a frame. If it IS in the table, it is forwarded out the proper port. If it IS NOT in the table, the frame is forwarded out all ports of the switch except the port that received the frame. CCNA3-12 Chapter 2-2

Common Security Attacks MAC Address Flooding: The MAC address table is limited in size. An intruder will use a network attack tool that continually sends bogus MAC addresses to the switch. (e.g. 155,000 MAC addresses per minute) The switch learns each bogus address and in a short span of time, the table becomes full. When a switch MAC table becomes full and stays full, it has no choice but to forward each frame it receives out of every port just like a hub. The intruder can now see all the traffic on the switch. CCNA3-13 Chapter 2-2

Common Security Attacks Spoofing Attacks: Man-In-The-Middle: Intercepting network traffic. DHCP or DNS spoofing. The attacking device responds to DHCP or DNS requests with IP configuration or address information that points the user to the intruder s destination. DHCP Starvation: The attacking device continually requests IP addresses from a real DHCP server with continually changing MAC addresses. Eventually the pool of addresses is used up and actual users cannot access the network. CCNA3-14 Chapter 2-2

Common Security Attacks CDP Attacks: Cisco Discovery Protocol (CDP) is a proprietary protocol that exchanges information among Cisco devices. IP address Software version Usually on by default. Platform If you don t need it, turn it off. Capabilities Native VLAN (Trunk Links Chapter 3). With a free network sniffer (Wireshark) an intruder could obtain this information. It can be used to find ways to perform Denial Of Service (DoS) attacks and others. CCNA3-15 Chapter 2-2

Common Security Attacks Telnet Attacks: Recall that Telnet transmits in plain text and is not secure. While you may have set passwords, the following types of attacks are possible. Brute force (password guessing) DoS (Denial of Service) With a free network sniffer (Wireshark) an intruder could obtain this information. Use strong passwords and change them frequently. Use SSH. CCNA3-16 Chapter 2-2

Network Security Tools Help you test your network for various weaknesses. They are tools that allow you to play the roles of a hacker and a network security analyst. Network Security Audits: Reveals what sort of information an attacker can gather simply by monitoring network traffic. Determine MAC address table limits and age-out period. Network Penetration Testing: Identify security weaknesses. Plan to avoid performance impacts. CCNA3-17 Chapter 2-2

Network Security Tools Common Features: Service Identification: IANA port numbers, discover FTP and HTTP servers, test all of the services running on a host. Support of SSL Service: Testing services that use SSL Level security. HTTPS, SMTPS, IMAPS and security certificates. Non-destructive and Destructive Testing: Security audits that can degrade performance. Database of Vulnerabilities: Compile a database that can be updated over time. CCNA3-18 Chapter 2-2

Network Security Tools You can use them to: Capture chat messages. Capture files from NFS traffic. Capture HTTP requests. Capture mail messages. Capture passwords. Display captured URLs in a browser in real-time. Flood a switched LAN with random MAC addresses. Forge replies to DNS addresses. Intercept packets. CCNA3-19 Chapter 2-2

Configuring Port Security Implement Port Security to: Port security is disabled by default. Limit the number of valid MAC addresses allowed on a port. When you assign secure MAC addresses to a secure port, the port does not forward packets with source addresses outside the group of defined addresses. Specify a group of valid MAC addresses allowed on a port. Or Allow only one MAC address access to the port. Specify that the port automatically shuts down if an invalid MAC address is detected. CCNA3-20 Chapter 2-2

Configuring Port Security Secure MAC Address types: Static: Manually specify that a specific MAC address is the ONLY address allowed to connect to that port. They are added to the MAC address table and stored in the running configuration. Dynamic: MAC addresses are learned dynamically when a device connects to the switch. They are stored in the address table and are lost when the switch reloads. CCNA3-21 Chapter 2-2

Configuring Port Security Secure MAC Address types: Sticky: Specifies that MAC addresses are: Dynamically learned. Added to the MAC address table. Stored in the running configuration. You may also manually add a MAC address. MAC addresses that are sticky learned (you will hear that phrase) will be lost if you fail to save your configuration. CCNA3-22 Chapter 2-2

Configuring Port Security Security Violation Modes: Violations occur when: A station whose MAC address is not in the address table attempts to access the interface and the address table is full. An address is being used on two secure interfaces in the same VLAN. Modes: Protect: drop frames no notify Restrict: drop frames - notify Shutdown: disable port - notify CCNA3-23 Chapter 2-2

Configuring Port Security Default Security Configuration: CCNA3-24 Chapter 2-2

Configuring Port Security Configure Static Port Security: ONLY address allowed. Add to MAC table and running configuration. Configure the Interface Enable Port Security Specify the MAC address CCNA3-25 Chapter 2-2

Configuring Port Security Configure Dynamic Port Security: Dynamically learned when the device connects. Added to MAC table only. Configure the Interface Enable Port Security CCNA3-26 Chapter 2-2

Configuring Port Security Configure Sticky Port Security: Dynamically learn MAC addresses. Add to MAC table and running configuration. Configure the Interface Enable Port Security Specify a maximum Enable sticky learning CCNA3-27 Chapter 2-2

Verify Port Security Verify Port Security Settings: CCNA3-28 Chapter 2-2

Verify Port Security Verify Secure MAC Addresses: CCNA3-29 Chapter 2-2

Securing Unused Ports Disable unused ports: You can specify a range of interfaces. For example, to specify the first 10 interfaces: interface range fastethernet 0/1-10 CCNA3-30 Chapter 2-2

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback