Objectives. Classes of threats to networks. Network Security. Common types of network attack. Mitigation techniques to protect against threats

Similar documents
DoS Attacks Malicious Code Attacks Device Hardening Social Engineering The Network Security Wheel

Chapter 4. Network Security. Part II

Enterprise Network Security. Accessing the WAN Chapter 4

Accessing the WAN Chapter 4 - PART II Modified by Tony Chen 07/20/2008

Chapter 4. Network Security. Part I

Lab Student Lab Orientation

Chapter 11: It s a Network. Introduction to Networking

Router Startup and Configuration

Accessing the WAN Chapter 4 PART I Modified by Tony Chen 08/20/2008

Chapter 11: Networks

Network security session 9-2 Router Security. Network II

Lab Student Lab Orientation

User Security Configuration Guide, Cisco IOS Release 15MT

AutoSecure. Finding Feature Information. Last Updated: January 18, 2012

Computer Network Vulnerabilities

1. Which network design consideration would be more important to a large corporation than to a small business?

Internetwork Expert s CCNA Security Bootcamp. Securing Cisco Routers. Router Security Challenges

Note that you can also use the password command but the secret command gives you a better encryption algorithm.

Cisco Router Security: Principles and Practise. The foundation of network security is router security.

Chapter 5 Review Questions

Configuring Security with Passwords, Privileges, and Logins

Semester 1. Cisco I. Introduction to Networks JEOPADY. Chapter 11

Lab b Simple DMZ Extended Access Lists Instructor Version 2500

Fundamentals of Network Security v1.1 Scope and Sequence

Chapter 4 Lab A: Configuring CBAC and Zone-Based Firewalls

Welcome! APNIC Security Tutorial. Securing edge network devices. Overview

CCNA 1 Chapter 2 v5.0 Exam Answers %

Lab 7 Configuring Basic Router Settings with IOS CLI

Configuring Passwords and Privileges

URIs in Cisco's IOS look like "flash:/directory/filename" when they're referred to by commands. For example

Course: CCNA Bootcamp (Intensive CCNA)

Dr. Tom Hicks. Computer Science Department Trinity University

Hands-On Ethical Hacking and Network Defense 3 rd Edition

Interconnecting Cisco Networking Devices Part 1 (ICND1) Course Overview

SYLLABUS. DIVISION: Business and Engineering Technology REVISED: FALL 2015 CREDIT HOURS: 4 HOURS/WK LEC: 4 HOURS/WK LAB: 0 LEC/LAB COMB: 4

PT Activity: Configure AAA Authentication on Cisco Routers

Chapter 5 Router and IOS Basics

Lab Configuring an ISR with SDM Express

Introduction p. 1 Self-Assessment p. 9 Networking Fundamentals p. 17 Introduction p. 18 Components and Terms p. 18 Topologies p. 18 LAN Technologies

User Security Configuration Guide, Cisco IOS XE Release 3S

A Review Paper on Network Security Attacks and Defences

CCENT Practice Certification Exam # 2 - CCNA Exploration: Accessing the WAN (Version 4.0)

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

CCNA 1 Chapter 2 v5.0 Exam Answers 2013

CCNA 4 - Final Exam (B)

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats

HikCentral V.1.1.x for Windows Hardening Guide

Skills Assessment Student Training

Configurations for the Layer 3 Switch Router

This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and

Lab 3: Basic Device Configuration

Section 1. General Networking Theory

Basic IOS Command Structure. Router#disable Router>

LAB 3 Basic Switch Configuration Commands

HikCentral V1.3 for Windows Hardening Guide

PROTECTING NETWORK INFRASTRUCTURE - ROUTERS, SWITCHES, ETC.

INDEX. Symbols. Cisco Routers for the Desperate, 2nd Edition (C) 2009 by Michael W. Lucas

The commands in this appendix are organized in the following sections:

Teacher s Reference Manual

Interconnecting Cisco Networking Devices Part 1 ICND1

Skills Assessment Student Training Exam

CCNA MCQS with Answers Set-1

Strategic Infrastructure Security

Configuring Local Authentication

Lab Configuring and Verifying Extended ACLs Topology

Russian Cyber Attack Warning and Impact on AccessEnforcer UTM Firewall

Payload Types At Different OSI Layers: Layer 2 - Frame Layer 3 - Packet Layer 4 - Datagram

Cisco CCNA (ICND1, ICND2) Bootcamp

Cisco 2: Routing Technologies

Lab Configuring Basic RIPv2 (Solution)

Chapter 11. Configuring and Testing Your Network

CCNA. Course Catalog

IOS and Configuration Basics

2.1. Device Connection

Skills Assessment (EIGRP) Student Training Exam

Overview of the Cisco NCS Command-Line Interface

Lab 8.5.2: Troubleshooting Enterprise Networks 2

Chapter 2. Switch Concepts and Configuration. Part II

Lab Securing Network Devices

Hands-On TCP/IP Networking

Interconnecting Cisco Networking Devices: Accelerated

CHAPTER 2 ACTIVITY

Network Infrastructure Filtering at the border. stole slides from Fakrul Alam

Take Assessment - CCNA 607 Certification Practice Exam - CCNA 4 WAN Technologies Version 3.1

CCNA Security 1.0 Student Packet Tracer Manual

CCNA Semester 2 labs. Labs for chapters 2 10

Lab Using the CLI to Gather Network Device Information Topology

Configuring TACACS+ Finding Feature Information. Prerequisites for TACACS+

Hackveda Training - Ethical Hacking, Networking & Security

Implementing Cisco Network Security (IINS) 3.0

Lab Capturing and Analyzing Network Traffic

SEMESTER 2 Chapter 1 Planning and Cabling a Network V 4.0

Cisco IOS Configuration Basics

CISCO EXAM QUESTIONS & ANSWERS

Module 20: Security. The Security Problem Authentication Program Threats System Threats Threat Monitoring Encryption. Operating System Concepts 20.

This document is a tutorial related to the Router Emulator which is available at:

4(b): Assign the IP address on the Serial interface of Router. Console Cable

Maintaining the MGX RPM-PR

Exam E1 Copyright 2010 Thaar AL_Taiey

Ethics and Information Security. 10 주차 - 경영정보론 Spring 2014

Transcription:

ITE I Chapter 6 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Enterprise Network Security Describe the general methods used to mitigate security threats to Enterprise networks Configure Basic Router Security Explain how to disable unused Cisco router network services and interfaces Explain how to use Cisco SDM Manage Cisco IOS devices Accessing the WAN Chapter 4 2 Network Security White hat looks for vulnerabilities in networks and reports them Hacker a computer programming expert Black hat or Cracker tries to gain unauthorized access to network resources with malicious intent. Phreaker manipulates the phone network Spammer sends large quantities of unsolicited e-mail messages Phisher Classes of threats to networks Unstructured threats inexperienced individuals using easily available hacking tools Structured threats from individuals or groups that are more highly motivated and technically competent. External threats from the Internet or dialup access servers Internal threats someone who has authorized access to the network with either an account or physical access. use e-mails to trick others into providing sensitive info 3 4 Common types of network attack Reconnaissance unauthorized discovery and mapping of systems, services, or vulnerabilities. Access usually involves running a hack, script, or tool that exploits a known vulnerability of the system or application being attacked Denial of Service (DoS) disable or corrupt networks, systems, or services with intent to deny services to legitimate users Malicious Software worms, viruses, and Trojan horses 5 Mitigation techniques to protect against threats Device Hardening Default usernames and passwords should be changed immediately. Access to system resources should be restricted to only the individuals that are authorized to use those resources. Any unnecessary services and applications should be turned off and uninstalled, when possible. Antivirus Software Operating System Patches Intrusion detection systems (IDS), Intrusion prevention systems (IPS) 6

The Network Security Wheel Goals of a comprehensive security policy in an organization A security policy includes the following: Identifies the security objectives of the organization. Documents the resources to be protected. Identifies the network infrastructure with current maps and inventories. Identifies the critical resources that need to be protected. This is called a risk analysis. 7 8 The Role of Routers in Network Security Routers fulfill the following roles: Advertise networks and filter who can use them. Provide access to network segments and subnetworks. Routers are definite targets for network attackers Need to apply Cisco IOS security features to routers: Secure administrative access First line of defense: passwords on console and vty lines Using a single password: R(config)# line console 0 R(config-line)# login R(config-line)# password cisco Using a local database of usernames/passwords R(config)# username mark password kram R(config)# line console 0 R(config-line)# login local Second line of defense: password on privileged mode R(config)# enable secret class 9 10 Password Encryption Routing protocol security 0 By default, Cisco IOS leaves passwords in plain text 7 - Cisco-defined encryption algorithm. Use the service password-encryption global configuration command 5 - Complex encryption using MD5 hash. Replace the keyword password with secret RIPv2, EIGRP, OSPF, IS-IS, and BGP all support various forms of MD5 authentication Configure all interfaces not involved in routing to passive mode. router rip passive-interface default no passive-interface s0/0/0 11 12

Configure authentication for RIPv2: key chain RIP_KEY key 1 key-string cisco ip rip authentication mode md5 ip rip authentication key-chain RIP_KEY Configure authentication for EIGRP: key chain EIGRP_KEY key 1 key-string cisco Configure authentication for OSPF ip ospf message-digest-key 1 md5 cisco ip ospf authentication message-digest router ospf 10 area 0 authentication message-digest ip authentication mode eigrp 1 md5 ip authentication key-chain eigrp 1 EIGRP_KEY 13 14 Disabling Unused Cisco Router Network Services and Interfaces TCP/IP has many vulnerabilities Disable all services and protocols that are not actually needed. 15 Vulnerable Router Services and Interfaces Global configuration mode: no service tcp-small-servers no service udp-small-servers no ip bootp server no ip finger no service finger no ip http server no snmp-server no ip bootp server no ip name-server no cdp run no boot network no service config no ip source-route no ip classless Interface mode: shutdown no ip directed-broadcast no ip proxy-arp no ip unreachable no ip redirect 16 Locking down a router with Cisco AutoSecure Use a single command to disable non-essential system processes and services, eliminating potential security threats. The Cisco Router and Security Device Manager (SDM) SDM is an easy-to-use, web-based devicemanagement tool. Can be installed on routers or run from a PC Simplifies router and security configuration of key router virtual private network (VPN) and Cisco IOS firewall parameters. Smart wizards guide users step-by-step through router and security configuration Intelligently detects incorrect configurations and propose fixes 17 18

Cisco SDM Interface Configure a router to use SDM: Below is the configuration required to run SDM on a production router: ip http server ip http secure-server ip http authentication local username Student privilege 15 secret cisco line vty 0 4 privilege level 15 login local transport input telnet ssh 19 20 Cisco IOS Integrated File System (IFS) * represents current file system. # bootable disk dir lists the content of the current default file system cd change directory command pwd present working directory Backing up configuration files copy command is used to move configuration files from one place to another, such as RAM, NVRAM, or a TFTP server copy from to Examples: copy system:running-config nvram:startup-config copy system:running-config tftp: copy tftp: system:running-config copy tftp: nvram:startup-config 21 22 Cisco IOS File Naming Conventions c2600-i-mz.122-24.bin Platform c2600 Feature set i designates the IP feature set Where the image runs and if the file is compressed mz Version number 12.2(24) File extension bin - binary 23 Upgrading or Backing Up IOS Software Image Ping the tftp server to establish connectivity Backup existing IOS image copy flash: tftp: Check there is sufficient flash show flash: Upload the new IOS image copy tftp: flash: May be prompted to erase existing image Reload router reload 24

Upgrading IOS Software Image Password Recovery Can only be done from a console port connection. In a router, a configuration register, represented by a single hexadecimal value, tells the router what specific steps to take when powered on. Boot router and press break key on terminal console to enter ROMmon. Type confreg 0x2142 to bypass the startup configuration Type reset to reboot the router without a configuration Read passwords or set new encrypted passwords Set config registe back to original setting: R1(config)# config-register 0x2102 25 26 Security Threats to an Enterprise network include: Unstructured threats Structured threats External threats Internal threats Methods to lessen security threats consist of: Device hardening Use of antivirus software Firewalls Download security updates Basic router security involves the following: Physical security Update and backup IOS Backup configuration files Password configuration Logging router activity Disable unused router interfaces & services to minimize their exploitation by intruders Cisco SDM A web based management tool for configuring security measures on Cisco routers 27 28 Cisco IOS Integrated File System (IFS) Allows for the creation, navigation & manipulation of directories on a cisco device 29

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback