Ca Ex S4 C4 Network Security
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
2,656
On Slideshare
2,619
From Embeds
37
Number of Embeds
4

Actions

Shares
Downloads
61
Comments
0
Likes
1

Embeds 37

http://www.oneilusm.com 26
http://www.slideshare.net 7
http://oneil.azurewebsites.net 3
http://localhost 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. CCNA – Semester 4 Chapter 4: Network Security CCNA Exploration 4.0
  • 2. Objectives • Identify security threats to enterprise networks • Describe methods to mitigate security threats to enterprise networks • Configure basic router security • Disable unused router services and interfaces • Use the Cisco SDM one-step lockdown feature • Manage files and software images with the Cisco IOS Integrated File System (IFS) 2
  • 3. Introduction to Network Security 3
  • 4. Why is Network Security Important? • Computer networks have grown in both size and importance in a very short time. If the security of the network is compromised, there could be serious consequences, such as loss of privacy, theft of information, and even legal liability. To make the situation even more challenging, the types of potential threats to network security are always evolving. 4
  • 5. The Increasing Threat to Security 5
  • 6. The Increasing Threat to Security • Over the years, network attack tools and methods have evolved. • As the types of threats, attacks, and exploits have evolved, various terms have been coined to describe the individuals involved: – White hat – Hacker – Black hat – Cracker – Phreaker – Spammer – Phisher 6
  • 7. Think Like a Attacker Seven-step process to gain information and state an attack: • Step 1. Perform footprint analysis (reconnaissance). • Step 2. Enumerate information. • Step 3. Manipulate users to gain access. • Step 4. Escalate privileges. • Step 5. Gather additional passwords and secrets. • Step 6. Install backdoors. • Step 7. Leverage the compromised system. 7
  • 8. Types of Computer Crime • Insider abuse of network • Abuse of wireless network access • System penetration • Virus • Financial fraud • Mobile device theft • Password sniffing • Phishing where an • Key logging organization is fraudulently • Website defacement represented as the sender • Misuse of a public web • Instant messaging misuse application • Denial of service • Theft of proprietary • Unauthorized access to information information • Exploiting the DNS server of an organization • Bots within the organization • Telecom fraud • Theft of customer or • Sabotage employee data 8
  • 9. Open versus Closed Networks 9
  • 10. Developing a Security Policy • The first step any organization should take to protect its data and itself from a liability challenge is to develop a security policy: a set of principles that guide decision-making processes and enable leaders in an organization to distribute authority confidently. • A security policy meets these goals: – Informs users, staff, and managers of their obligatory requirements for protecting technology and information assets – Specifies the mechanisms through which these requirements can be met – Provides a baseline from which to acquire, configure, and audit computer systems and networks for compliance with the policy • A security policy can be as simple as a brief Acceptable Use Policy for network resources, or it can be several hundred pages long and detail every element of connectivity and associated policies. 10
  • 11. Developing a Security Policy • ISO/IEC 27002 is intended to be a common basis and practical guideline for developing organizational security standards and effective security management practices. The document consists of 12 sections: • Risk assessment • Security policy • Organization of information security • Asset management • Human resources security • Physical and environmental security • Communications and operations management • Access control • Information systems acquisition, development, and maintenance • Information security incident management • Business continuity management • Compliance 11
  • 12. Common Security Threats • When discussing network security, three common factors are vulnerability, threat, and attack. Vulnerability • Vulnerability is the degree of weakness which is inherent in every network and device. • There are three primary vulnerabilities or weaknesses: – Technological weaknesses – Configuration weaknesses – Security policy weaknesses 12
  • 13. Vulnerabilities: Technological weaknesses 13
  • 14. Vulnerabilities: Configuration weaknesses 14
  • 15. Vulnerabilities: Security policy weaknesses 15
  • 16. Common Security Threats Threats to Physical Infrastructure • The four classes of physical threats are: – Hardware threats: Physical damage to servers, routers, switches, cabling plant, and workstations – Environmental threats: Temperature extremes (too hot or too cold) or humidity extremes (too wet or too dry) – Electrical threats: Voltage spikes, insufficient supply voltage (brownouts), unconditioned power (noise), and total power loss – Maintenance threats: Poor handling of key electrical components (electrostatic discharge), lack of critical spare parts, poor cabling, and poor labeling 16
  • 17. Physical Security Measures 17
  • 18. Physical Security Measures 18
  • 19. Common Security Threats: Threats to Networks 19
  • 20. Common Security Threats: Threats to Networks • Threats to Networks: four primary classes • Unstructured Threats : consist of mostly inexperienced individuals using easily available hacking tools. An attacker's skills can do serious damage to a network. • Structured Threats: come from individuals or groups that are more highly motivated and technically competent. These people know system vulnerabilities and use sophisticated hacking techniques to penetrate unsuspecting businesses. • External Threats: arise from individuals or organizations working outside of a company who do not have authorized access to the computer systems or network. • Internal Threats: occur when someone has authorized access to the network with either an account or physical access. 20
  • 21. Common Security Threats: Social Engineering • The easiest hack involves no computer skill at all. • Social engineering: an intruder can trick a member of an organization into giving over valuable information, such as the location of files or passwords. • Phishing is a type of social engineering attack that involves using e-mail or other types of messages in an attempt to trick others into providing sensitive information, such as credit card numbers or passwords. • Phishing attacks can be prevented by educating users and implementing reporting guidelines when they receive suspicious e-mail. 21
  • 22. Types of Network Attacks • Reconnaissance – Is the unauthorized discovery and mapping of systems, services, or vulnerabilities. – It is also known as information gathering and, in most cases, it precedes another type of attack. • Access – Is the ability for an intruder to gain access to a device for which the intruder does not have an account or a password. • Denial of service (DoS) – Is when an attacker disables or corrupts networks, systems, or services with the intent to deny services to intended users. • Worms, Viruses, and Trojan Horses 22
  • 23. Reconnaissance Attacks • Reconnaissance attacks can consist of the following: – Internet information queries – Ping sweeps – Port scans – Packet sniffers • The information gathered by eavesdropping can be used to pose other attacks to the network. • Two common uses of eavesdropping are as follows: – Information gathering: Network intruders can identify usernames, passwords, or information carried in a packet. – Information theft: The theft can occur as data is transmitted over the internal or external network. The network intruder can also steal data from networked computers by gaining unauthorized access. 23
  • 24. Reconnaissance Attacks • Three of the most effective methods for counteracting eavesdropping are as follows: – Using switched networks instead of hubs so that traffic is not broadcast to all endpoints or network hosts. – Using encryption that meets the data security needs of the organization without imposing an excessive burden on system resources or users. – Implementing and enforcing a policy directive that forbids the use of protocols with known susceptibilities to eavesdropping. • Encryption provides protection for data susceptible to eavesdropping attacks, password crackers, or manipulation. 24
  • 25. Access Attacks • Access attacks exploit known vulnerabilities in authentication services, FTP services, and web services to gain entry to web accounts, confidential databases, and other sensitive information. • Password Attacks: – Implemented using a packet sniffer to yield user accounts and passwords that are transmitted as clear text. – Use programs repeatedly attempt to log in as a user using words derived from a dictionary. – Another password attack method uses rainbow tables. – A brute-force attack tool is more sophisticated 25
  • 26. Access Attacks • Trust Exploitation – To compromise a trusted host, using it to stage attacks on other hosts in a network. – Trust exploitation-based attacks can be mitigated through tight constraints on trust levels within a network. 26
  • 27. Access Attacks 27
  • 28. Access Attacks • Man-in-the-Middle Attack: – Is carried out by attackers that manage to position themselves between two legitimate hosts. – The transparent proxy: a popular method of MITM. 28
  • 29. DoS Attacks • DoS attacks: – Are the most publicized form of attack and also among the most difficult to eliminate. – DoS attacks take many forms 29
  • 30. DoS Attacks • Ping of Death: – It took advantage of vulnerabilities in older operating systems. – This attack modified the IP portion of a ping packet header to indicate that there is more data in the packet than there actually was. • SYN Flood: – Exploits the TCP three-way handshake. 30
  • 31. DoS Attacks • E-mail bombs: Programs send bulk e-mails to individuals, lists, or domains, monopolizing e-mail services. • Malicious applets: These attacks are Java, JavaScript, or ActiveX programs that cause destruction or tie up computer resources. • DDos Attacks – Distributed DoS (DDoS) attacks are designed to saturate network links with illegitimate data. 31
  • 32. DoS Attacks DDos Attacks (cont.) • There are three components to a DDoS attack. – There is a Client who is typically a person who launches the attack. – A Handler is a compromised host that is running the attacker program and each Handler is capable of controlling multiple Agents – An Agent is a compromised host that is running the attacker program and is responsible for generating a stream of packets that is directed toward the intended victim • Examples of DDoS attacks include the following: SMURF attack, Tribe flood network (TFN), Stacheldraht, MyDoom 32
  • 33. DoS Attacks 33
  • 34. Malicious Code Attacks: Worms • The enabling vulnerability: A worm installs itself by exploiting known vulnerabilities in systems, such as naive end users who open unverified executable attachments in e-mails. • Propagation mechanism: After gaining access to a host, a worm copies itself to that host and then selects new targets. • Payload: Once a host is infected with a worm, the attacker has access to the host, often as a privileged user. Attackers could use a local exploit to escalate their privilege level to administrator. 34
  • 35. Malicious Code Attacks: Worms • Worm attack mitigation requires diligence on the part of system and network administration staff. • The following are the recommended steps for worm attack mitigation: – Containment: Contain the spread of the worm in and within the network. Compartmentalize uninfected parts of the network. – Inoculation: Start patching all systems and, if possible, scanning for vulnerable systems. – Quarantine: Track down each infected machine inside the network. Disconnect, remove, or block infected machines from the network. – Treatment: Clean and patch each infected system. Some worms may require complete core system reinstallations to clean the system. 35
  • 36. Malicious Code Attacks: Viruses and Trojan Horses • A virus is malicious software that is attached to another program to execute a particular unwanted function on a workstation. • A Trojan horse is different only in that the entire application was written to look like something else, when in fact it is an attack tool. 36
  • 37. Host and Server Based Security • Device Hardening – Default usernames and passwords should be changed immediately. – Access to system resources should be restricted to only the individuals that are authorized to use those resources. – Any unnecessary services and applications should be turned off and uninstalled, when possible. • Antivirus Software – It scans files, comparing their contents to known viruses in a virus dictionary. Matches are flagged in a manner defined by the end user. – It monitors suspicious processes running on a host that might indicate infection. This monitoring may include data captures, port monitoring, and other methods. 37
  • 38. Host and Server Based Security • Personal Firewall • Operating System Patches 38
  • 39. Intrusion Detection and Prevention • Intrusion detection systems (IDS) detect attacks against a network and send logs to a management console. • Intrusion prevention systems (IPS) prevent attacks against the network and should provide the following active defense mechanisms in addition to detection: – Prevention: Stops the detected attack from executing. – Reaction: Immunizes the system from future attacks from a malicious source. 39
  • 40. Intrusion Detection and Prevention Host-based Intrusion Detection Systems • Implemented as inline or passive technology • Passive technology, which was the first generation technology, is called a host-based intrusion detection system (HIDS). HIDS sends logs to a management console after the attack has occurred and the damage is done. • Inline technology, called a host-based intrusion prevention system (HIPS), actually stops the attack, prevents damage, and blocks the propagation of worms and viruses. 40
  • 41. Common Security Appliances and Applications • Security is a top consideration whenever planning a network. • Threat control: Regulates network access, isolates infected systems, prevents intrusions, and protects assets by counteracting malicious traffic, such as worms and viruses. Devices that provide threat control solutions are: – Cisco ASA 5500 Series Adaptive Security Appliances – Integrated Services Routers (ISR) – Network Admission Control – Cisco Security Agent for Desktops – Cisco Intrusion Prevention Systems 41
  • 42. Common Security Appliances and Applications • Secure communications: Secures network endpoints with VPN. The devices that allow an organization to deploy VPN are Cisco ISR routers with Cisco IOS VPN solution, and the Cisco 5500 ASA and Cisco Catalyst 6500 switches. • Network admission control (NAC): Provides a roles-based method of preventing unauthorized access to a network. Cisco offers a NAC appliance. • Cisco IOS Software on Cisco Integrated Services Routers (ISRs) – Cisco provides many of the required security measures for customers within the Cisco IOS software. Cisco IOS software provides built-in Cisco IOS Firewall, IPsec, SSL VPN, and IPS services. 42
  • 43. Common Security Appliances and Applications 43
  • 44. The Network Security Wheel • Most security incidents occur because system administrators do not implement available countermeasures, and attackers or disgruntled employees exploit the oversight. • The Security Wheel has proven to be an effective approach. • The Security Wheel promotes retesting and reapplying updated security measures on a continuous basis. • A security policy includes the following: – Identifies the security objectives of the organization. – Documents the resources to be protected. – Identifies the network infrastructure with current maps and inventories. – Identifies the critical resources that need to be protected, such as research and development, finance, and human resources. This is called a risk analysis. 44
  • 45. The Network Security Wheel Secure Step 1: Secure • Threat defense • Stateful inspection and Security Improve Monitor packet filtering: Filter Policy network traffic to allow only valid traffic and services. Test • Intrusion prevention systems. • Vulnerability patching. • Disable unnecessary services 45
  • 46. The Network Security Wheel Step 1: Secure (Cont.) • Secure connectivity – VPNs – Trust and identity – Authentication – Policy enforcement Step 2: Monitor • Active and passive methods of detecting security violations. Step 3: Test • The security measures are proactively tested. Step 4: Improve • Analyzing the data collected during the monitoring and testing phases. 46
  • 47. The Enterprise Security Policy • A security policy is a set of guidelines established to safeguard the network from attacks, both from inside and outside a company. • Security policy benefits: – Provides a means to audit existing network security and compare the requirements to what is in place. – Plan security improvements, including equipment, software, and procedures. – Defines the roles and responsibilities of the company executives, administrators, and users. – Defines which behavior is and is not allowed. – Defines a process for handling network security incidents. – Enables global security implementation and enforcement by acting as a standard between sites. – Creates a basis for legal action if necessary. 47
  • 48. Functions of a Security Policy • Functions of a Security Policy: • The security policy is for everyone, including employees, contractors, suppliers, and customers who have access to the network. 48
  • 49. Components of a Security Policy • Components of a Security Policy – General security policies: 49
  • 50. Components of a Security Policy • Components of a Security Policy: Others that may be necessary: – Account access request policy – Acquisition assessment policy – Audit policy – Information sensitivity policy – Password policy – Risk assessment policy – Global web server policy • E-mail policy: Automatically forwarded e-mail policy, E-mail policy, Spam policy • Remote access policies: Dial-in access policy, Remote access policy, VPN security policy Activity 4.1.6.4 50
  • 51. Securing Cisco Routers 51
  • 52. Router Security Issues The Role of Routers in Network Security • Routers fulfill the following roles: – Advertise networks and filter who can use them. – Provide access to network segments and subnetworks. 52
  • 53. Routers are Targets • Routers provide gateways to other networks, they are obvious targets, and are subject to a variety of attacks. – Compromising the access control can expose network configuration details, thereby facilitating attacks against other network components. – Compromising the route tables can reduce performance, deny network communication services, and expose sensitive data. – Misconfiguring a router traffic filter can expose internal network components to scans and attacks, making it easier for attackers to avoid detection. • Attackers can compromise routers in different ways: trust exploitation attacks, IP spoofing, session hijacking, and MITM attacks 53
  • 54. Securing Your Network • Physical security • Update the router IOS whenever advisable • Backup the router configuration and IOS • Harden the router to eliminate the potential abuse of unused ports and services 54
  • 55. Applying Cisco IOS Security Features to Routers Steps to safeguard a router: • Step 1. Manage router security • Step 2. Secure remote administrative access to routers • Step 3. Logging router activity • Step 4. Secure vulnerable router services and interfaces • Step 5. Secure routing protocols • Step 6. Control and filter network traffic 55
  • 56. Manage Router Security • Basic router security consists of configuring passwords. • Passphrases: for creating strong • By default, Cisco IOS software leaves passwords in plain text when they are entered on a router: not secure. • To encrypt passwords using type 7 encryption, use the service password-encryption global configuration command • Cisco recommends that Type 5 encryption be used instead of Type 7 56
  • 57. Manage Router Security • Type 5 encryption: – enable secret command – username username secret password • Cisco IOS Software Release 12.3(1) and later allow administrators to set the minimum character length for all router passwords using the security passwords min-length global configuration command • Note: Some processes may not be able to use type 5 encrypted passwords (for example, PAP and CHAP) 57
  • 58. Securing Administrative Access to Routers • Network administrators can connect to a router or switch locally or remotely. • Local access through the console port: – Is secure – Can become overwhelming • Remote administrative access: – May be not secure – To secure: secure the administrative lines (VTY, AUX), then you will configure the network device to encrypt traffic in an SSH tunnel. 58
  • 59. Remote Administrative Access with Telnet and SSH • Having remote access to network devices is critical for effectively managing a network. • Remote access typically involves allowing Telnet, Secure Shell (SSH), HTTP, HTTP Secure (HTTPS), or SNMP connections to the router from a computer on the same internetwork as the router. • If remote access is required, your options are as follows: – Establish a dedicated management network. – Encrypt all traffic between the administrator computer and the router. 59
  • 60. Remote Administrative Access with Telnet and SSH 60
  • 61. Implementing SSH to Secure Remote Administrative Access • Telnet traffic is forwarded in plain text, uses port TCP 23 • SSH has replaced Telnet, uses port TCP 22 • Not all Cisco IOS images support SSH. Typically, these images have image IDs of k8 or k9 in their image names. • The SSH terminal-line access feature enables administrators to configure routers with secure access and perform the following tasks: – Connect to a router that has multiple terminal lines connected to consoles or serial ports of other routers, switches, and devices. – Simplify connectivity to a router from anywhere by securely connecting to the terminal server on a specific line. – Allow modems attached to routers to be used for dial-out securely. – Require authentication to each of the lines through a locally defined username and password, or a security server such as a TACACS+ or RADIUS server. 61
  • 62. Configuring SSH Security • Step 1: Set router parameters – the hostname hostname command • Step 2: Set the domain name – the ip domain-name cisco.com command • Step 3: Generate asymmetric keys – the crypto key generate rsa command • Step 4: Configure local authentication and vty – You must define a local user and assign SSH communication to the vty lines as shown in the figure. • Step 5: Configure SSH timeouts (optional) – Use the command ip ssh time-outsecondsauthentication- retriesinteger to enable timeouts and authentication retries Activity 4.2.4.5 62
  • 63. Logging Router Activity • Logs allow you to verify that a router is working properly or to determine whether the router has been compromised. • Configuring logging (syslog) on the router should be done carefully. • Routers support different levels of logging: 0 Emergencies 1 Alerts 2 Critical 3 Errors 4 Warnings 5 Notifications 6 Informational 7 Debugging • Accurate time stamps are important to logging • Dedicated to storing logs R2(config)#service timestamps • Connected on a protected network or a dedicated router interface 63
  • 64. Secure Router Network Services 64
  • 65. Vulnerable Router Services and Interfaces • Cisco routers support a large number of network services at layers 2, 3, 4, and 7 65
  • 66. Vulnerable Router Services and Interfaces 66
  • 67. Vulnerable Router Services and Interfaces • Services which should typically be disabled are: – Small services such as echo, discard, and chargen - Use the no service tcp-small-servers or no service udp-small-servers command. – BOOTP - Use the no ip bootp server command. – Finger - Use the no service finger command. – HTTP - Use the no ip http server command. – SNMP - Use the no snmp-server command. – Cisco Discovery Protocol (CDP) - Use the no cdp run command. – Remote configuration - Use the no service config command. – Source routing - Use the no ip source-route command. – Classless routing - Use the no ip classless command. – Unused interfaces - Use the shutdown command. – No SMURF attacks - Use the no ip directed-broadcast command. – Ad hoc routing - Use the no ip proxy-arp command. 67
  • 68. Vulnerable Router Services and Interfaces • SNMP: – Different versions of SNMP with different security properties. Normally, SNMP version 3 should be used. • NTP: – To reject all NTP messages at a particular interface, use an access list. • DNS: – ip name-server addresses command. – no ip domain-lookup command. 68
  • 69. Securing Routing Protocols Routing systems can be attacked in two ways: • Disruption of peers • Falsification of routing information • The best way to protect routing information on the network is to authenticate routing protocol packets using message digest algorithm 5 (MD5). 69
  • 70. Securing Routing Protocols • RIPv2, EIGRP, OSPF, IS-IS, and BGP all support various forms of MD5 authentication. 70
  • 71. Routing Protocol Authentication for RIPv2 • Step 3. Verify the operation of RIP routing: – Use show ip route command 71
  • 72. Routing Protocol Authentication for EIGRP and OSPF 72
  • 73. Locking Down Your Router with Cisco Auto Secure • Cisco AutoSecure uses a single command to disable non- essential system processes and services, eliminating potential security threats. Two modes of auto secure command: – Interactive mode - This mode prompts you with options to enable and disable services and other security features. This is the default mode. – Non-interactive mode - This mode automatically executes the auto secure command with the recommended Cisco default settings. This mode is enabled with the no-interact command option. 73
  • 74. Locking Down Your Router with Cisco Auto Secure • To start the process of securing a − Interface specifics router issue the auto secure − Banners command, Cisco AutoSecure will − Passwords ask you for a number of items including : − SSH − IOS firewall features 74
  • 75. Using Cisco SDM 75
  • 76. Cisco SDM Overview • What is Cisco SDM? • Security Device Manager (SDM) is an easy-to-use, web- based device-management tool designed for configuring LAN, WAN, and security features on Cisco IOS software- based routers. • The SDM files can be installed on the router, a PC, or on both. • Advantage: it saves router memory, and allows to manage other routers on the network. 76
  • 77. Cisco SDM Overview • Cisco SDM Features 77
  • 78. Configuring Your Router to Support Cisco SDM • Step 1. Access the router's Cisco CLI interface using Telnet or the console connection • Step 2. Enable the HTTP and HTTPS servers on the router • Step 3 Create a user account defined with privilege level 15 (enable privileges). • Step 4 Configure SSH and Telnet for local login and privilege level 15. 78
  • 79. Starting Cisco SDM • Cisco SDM is stored in the router flash memory. It can also be stored on a local PC. • To launch the Cisco SDM use the HTTPS protocol and put the IP address of the router into the browser. 79
  • 80. The Cisco SDM Interface 80
  • 81. The Cisco SDM Interface About Your Host Name Router Hardware Software 81
  • 82. The Cisco SDM Interface 82
  • 83. Cisco SDM Wizards • Cisco SDM provides a number of wizards to help you configure a Cisco ISR router. 83
  • 84. Locking Down a Router with Cisco SDM 84
  • 85. Locking Down a Router with Cisco SDM 85
  • 86. Locking Down a Router with Cisco SDM 86
  • 87. Locking Down a Router with Cisco SDM 87
  • 88. Locking Down a Router with Cisco SDM 88
  • 89. Locking Down a Router with Cisco SDM 89
  • 90. Locking Down a Router with Cisco SDM 90
  • 91. Locking Down a Router with Cisco SDM 91
  • 92. Secure Router Management 92
  • 93. Maintaining Cisco IOS Software Images • Periodically, the router requires updates to be loaded to either the operating system or the configuration file to fix known security vulnerabilities, support new features that allow more advanced security policies, or improve performance. 93
  • 94. Maintaining Cisco IOS Software Images • Cisco recommends following a four-phase migration process to simplify network operations and management. – Plan: Set goals, identify resources, profile network hardware and software, and create a preliminary schedule for migrating to new releases. – Design: Choose new Cisco IOS releases and create a strategy for migrating to the releases. – Implement: Schedule and execute the migration. – Operate: Monitor the migration progress and make backup copies of images that are running on your network. 94
  • 95. Maintaining Cisco IOS Software Images • There are a number of tools available on Cisco.com to aid in migrating Cisco IOS software. • The following tools do not require a Cisco.com login: – Cisco IOS Reference Guide: Covers the basics of the Cisco IOS software family – Cisco IOS software technical documents: Documentation for each release of Cisco IOS software – Software Center: Cisco IOS software downloads • The following tools require valid Cisco.com login accounts: – Bug Toolkit: Searches for known software fixes based on software version, feature set, and keywords – Cisco Feature Navigator: Finds releases that support a set of software features and hardware, and compares releases – Software Advisor: Compares releases, matches Cisco IOS software and Cisco Catalyst OS features to releases, and finds out which software release supports a given hardware device – Cisco IOS Upgrade Planner: Finds releases by hardware, release, and feature set, and downloads images of Cisco IOS software 95
  • 96. Managing Cisco IOS Images Cisco IOS File Systems and Devices • You have to be able to save, back up, and restore configuration and IOS images. • Use show file system command 96
  • 97. Managing Cisco IOS Images 97
  • 98. Managing Cisco IOS Images • URL Prefixes for Cisco Devices 98
  • 99. Commands for Managing Configuration Files • R2# copy running-config startup-config • R2# copy system:running-config nvram:startup-config • R2# copy running-config tftp: • R2# copy system:running-config tftp: • R2# copy tftp: running-config • R2# copy tftp: system:running-config • R2# copy tftp: startup-config • R2# copy tftp: nvram:startup-config 99
  • 100. Cisco IOS File Naming Conventions • i - Designates the IP feature set • j - Designates the enterprise feature set (all protocols)s - Designates a PLUS feature set (extra queuing, manipulation, or translations) • 56i - Designates 56-bit IPsec DES encryption • 3 - Designates the firewall/IDS • k2 - Designates the 3DES IPsec encryption (168 bit) 100
  • 101. Using TFTP Servers to Manage IOS Images • Using a network TFTP server allows image and configuration uploads and downloads over the network. 101
  • 102. Backing Up IOS Software Image • Step 1 • Step 2 • Step 3 102
  • 103. Upgrading IOS Software Images • Note: Make sure that the Cisco IOS image loaded is appropriate for the router platform. If the wrong Cisco IOS image is loaded, the router could be made unbootable, requiring ROM monitor (ROMmon) intervention. 103
  • 104. Restoring IOS Software Images • Step 1. Connect the devices. • Step 2. Boot the router and set the ROMmon variables. • Step 3. Use tftpdnld command 104
  • 105. Using xmodem to Restore an IOS Image • Step 1. Connect the devices • Step 2. 105
  • 106. Using xmodem to Restore an IOS Image • Step 3 • Step 4 106
  • 107. Cisco IOS Troubleshooting Commands • Using the show command • The show command displays static information. 107
  • 108. Cisco IOS Troubleshooting Commands • Using the debug command • By default, the network server sends the output from debug commands and system error messages to the console. • The debug command displays dynamic data and events. 108
  • 109. Cisco IOS Troubleshooting Commands Commands Related to the debug Command • R1 (config) # service timestamps debug datetime mesc • R1# show processes • R1 # no debug all • R1 # terminal monitor 109
  • 110. Recovering a Lost Router Password • Step 1. Connect to the console port. • Step 2. If you have lost the enable password, you would still have access to user EXEC mode. • Step 3. Use the power switch to turn off the router, and then turn the router back on. • Step 4. Press Break on the terminal keyboard within 60 seconds of power up to put the router into ROMmon. • Step 5. Type confreg 0x2142 at the rommon 1> prompt. This causes the router to bypass the startup configuration where the forgotten enable password is stored. • Step 6. Type reset at the rommon 2> prompt. The router reboots, but ignores the saved configuration. 110
  • 111. Recovering a Lost Router Password • Step 7. Type no after each setup question, or press Ctrl-C to skip the initial setup procedure. • Step 8. Type enable at the Router> prompt. This puts you into enable mode, and you should be able to see the Router# prompt. • Step 9. Type copy startup-config running-config to copy the NVRAM into memory. • Step 10. Type show running-config. • Step 11. Type configure terminal. The hostname(config)# prompt appears. • Step 12. Type enable secret password to change the enable secret password. 111
  • 112. Recovering a Lost Router Password • Step 13. Issue the no shutdown command on every interface that you want to use. You can issue a show ip interface brief command to confirm that your interface configuration is correct. Every interface that you want to use should display up up. • Step 14. Type config-registerconfiguration_register_setting. The configuration_register_setting is either the value you recorded in Step 2 or 0x2102 . For example: • R1(config)#config-register 0x2102 • Step 15. Press Ctrl-Z or type end to leave configuration mode. The hostname# prompt appears. • Step 16. Type copy running-config startup-config to commit the changes. 112
  • 113. Summary • Identify security threats to enterprise networks • Describe methods to mitigate security threats to enterprise networks • Configure basic router security • Disable unused router services and interfaces • Use the Cisco SDM one-step lockdown feature • Manage files and software images with the Cisco IOS Integrated File System (IFS) 113