SlideShare a Scribd company logo

ITNetworkSecurity_GabrielBorlean

Download as PPTX, PDF
G
Gabriel Borlean (CCNP, CCDP)

This document discusses IT network security topics including zone-based policy firewalls, VLAN hopping attacks, and high availability in data centers. It covers why zone-based firewalls are useful, the steps to configure them with an example. VLAN hopping attacks are explained as well as best practices to prevent them. Finally, it compares virtual switching systems and virtual port channels that are used to provide high availability in data centers. References are provided for further information on each topic.

1 of 13
IT NETWORK SECURITY Prevention & Attacks - A Study Gabriel Emanuel Maagaard, Borlean Datatekniker svendeprøve presentation Syddansk Erhvervsskole, Odense C December 17th, 2015 A.D.
IT NETWORK SECURITY - WHY ?
IT NETWORK SECURITY - 2 TOPICS  ZONE-BASED POLICY FIREWALL (Cisco ZFW, ZBF or ZPF)  Why, how  Example  LAYER 2 ATTACK: VLAN-HOPPING  What, how  Example  HIGH AVAILABILITY – DATA CENTER  VSS vs. vPC
ZONE-BASED POLICY FIREWALL Intro:  Benefits  Zones  Actions
ZONE-BASED POLICY FIREWALL The four parts and relationships:  Step 1: Create the zones  Step 2: Identify traffic with a class-map  Step 3: Define an action with a policy-map  Step 4: Identify a zone pair and match it to a policy-map  Step 5: Assign zones to the appropriate interfaces
ZONE-BASED POLICY FIREWALL Example:  Direktion no RDP access to Server 0. 1. 2. 3. 4. 5.
VLAN HOPPING Trunking & Switch Masquerading:
VLAN HOPPING Double-tagging:
VLAN HOPPING  Disable auto-trunking on user facing ports (DTP off)  Disable unused ports and put them in a unused VLAN  Be paranoid: do not use VLAN 1 for anything (change native VLAN #)  Use all tagged mode for the Native VLAN on trunks  Disable autonegotiation on trunk ports  Explicitly configure trunking on infrastructure ports  Use PC Voice VLAN Access on phones that support it  Use 802.1q tag on trunk ports Security Best Practices:
DATA CENTER TECHNOLOGIES OVSS – Virtual Switching System:
DATA CENTER TECHNOLOGIES OVSS – A High View:
DATA CENTER TECHNOLOGIES OvPC vs. VSS – Contrast & Comparison:  Both support multi-chassis ether-channel  vPC - Nexus, while VSS - Catalyst 6500s  vPC – separate control & management plane, while VSS - én logisk switch
LA FIN  Security – business case:  ”Cisco Connect 2015” conference Keynote- ”Connect the Unconnected” Christian Heinel, Security Evangelist, Cisco Danmark, Copenhagen  Networkworld.com ezine  Security– Zone-Based Policy Firewall:  CBTNuggets ”CCNA Security” with Keith Barker  CiscoPress ”Implementing Cisco IOS Network Security (IINS 640-554) Foundation Learning Guide, 2nd Edition”  Security– VLAN Hopping:  Webopedia definition  Firewall.cx article  Data Center – High Availability:  VSS: Cisco.com catalyst-6500-virtual-switching-system-1440  vPC: mycciedatacenter.blogspot.com OCRÉDITS:

Recommended

Data Center Network in a Bundle
Data Center Network in a BundleData Center Network in a Bundle
Data Center Network in a Bundle
Dhiman Chowdhury
 
Ccnax
CcnaxCcnax
Ccnax
qosnetworking
 
Juniper vSRX - Fast Performance, Low TCO
Juniper vSRX - Fast Performance, Low TCOJuniper vSRX - Fast Performance, Low TCO
Juniper vSRX - Fast Performance, Low TCO
Juniper Networks
 
Cv letter page 2
Cv letter page 2Cv letter page 2
Cv letter page 2
Deny Indra Gunawan
 
See Your OpenStack Network Like Never Before
See Your OpenStack Network Like Never BeforeSee Your OpenStack Network Like Never Before
See Your OpenStack Network Like Never Before
PLUMgrid
 
Ccnp cursus
Ccnp cursusCcnp cursus
Ccnp cursus
Christophe Proust
 
SDN Network Function Virtualization Project Topics
SDN Network Function Virtualization Project TopicsSDN Network Function Virtualization Project Topics
SDN Network Function Virtualization Project Topics
Network Simulation Tools
 
SmarTB, monotoring énergétique citoyen
SmarTB, monotoring énergétique citoyenSmarTB, monotoring énergétique citoyen
SmarTB, monotoring énergétique citoyen
La French Tech Rennes St Malo
 

Recommended

Data Center Network in a Bundle
Data Center Network in a BundleData Center Network in a Bundle
Data Center Network in a Bundle
Dhiman Chowdhury
 
Ccnax
CcnaxCcnax
Ccnax
qosnetworking
 
Juniper vSRX - Fast Performance, Low TCO
Juniper vSRX - Fast Performance, Low TCOJuniper vSRX - Fast Performance, Low TCO
Juniper vSRX - Fast Performance, Low TCO
Juniper Networks
 
Cv letter page 2
Cv letter page 2Cv letter page 2
Cv letter page 2
Deny Indra Gunawan
 
See Your OpenStack Network Like Never Before
See Your OpenStack Network Like Never BeforeSee Your OpenStack Network Like Never Before
See Your OpenStack Network Like Never Before
PLUMgrid
 
Ccnp cursus
Ccnp cursusCcnp cursus
Ccnp cursus
Christophe Proust
 
SDN Network Function Virtualization Project Topics
SDN Network Function Virtualization Project TopicsSDN Network Function Virtualization Project Topics
SDN Network Function Virtualization Project Topics
Network Simulation Tools
 
SmarTB, monotoring énergétique citoyen
SmarTB, monotoring énergétique citoyenSmarTB, monotoring énergétique citoyen
SmarTB, monotoring énergétique citoyen
La French Tech Rennes St Malo
 
Protect Kubernetes Environments with Cisco Stealthwatch Cloud
Protect Kubernetes Environments with Cisco Stealthwatch CloudProtect Kubernetes Environments with Cisco Stealthwatch Cloud
Protect Kubernetes Environments with Cisco Stealthwatch Cloud
Robb Boyd
 
NECOS Industrial Workshop lightning talk by Mateus Santos (Ericsson Research)
NECOS Industrial Workshop lightning talk by Mateus Santos (Ericsson Research) NECOS Industrial Workshop lightning talk by Mateus Santos (Ericsson Research)
NECOS Industrial Workshop lightning talk by Mateus Santos (Ericsson Research)
Christian Esteve Rothenberg
 
Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015
Winston Morton
 
Design and Deploy Secure Clouds for Financial Services Use Cases
Design and Deploy Secure Clouds for Financial Services Use CasesDesign and Deploy Secure Clouds for Financial Services Use Cases
Design and Deploy Secure Clouds for Financial Services Use Cases
PLUMgrid
 
Network security-ieee-2014-projects
Network security-ieee-2014-projectsNetwork security-ieee-2014-projects
Network security-ieee-2014-projects
Vijay Karan
 
nquiring minds
nquiring mindsnquiring minds
nquiring minds
IoTUK
 
Nuage Networks for Dynamic Network Orchestration
Nuage Networks for Dynamic Network OrchestrationNuage Networks for Dynamic Network Orchestration
Nuage Networks for Dynamic Network Orchestration
Jonas Vermeulen
 
Connecting the smart factory to the cloud with MQTT and Sparkplug
Connecting the smart factory to the cloud with MQTT and SparkplugConnecting the smart factory to the cloud with MQTT and Sparkplug
Connecting the smart factory to the cloud with MQTT and Sparkplug
Ian Skerrett
 
What is SDN and how to approach it with Python
What is SDN and how to approach it with PythonWhat is SDN and how to approach it with Python
What is SDN and how to approach it with Python
Justin Park
 
Ns2 Projects
Ns2 ProjectsNs2 Projects
Ns2 Projects
Phdtopiccom
 
Latest Networking Research Project Topics
Latest Networking Research Project Topics Latest Networking Research Project Topics
Latest Networking Research Project Topics
Network Simulation Tools
 
Getting started on IoT with AWS and NodeMCU for less than 5€
Getting started on IoT with AWS and NodeMCU for less than 5€Getting started on IoT with AWS and NodeMCU for less than 5€
Getting started on IoT with AWS and NodeMCU for less than 5€
Stylight
 
Security protocols in constrained environments
Security protocols in constrained environments Security protocols in constrained environments
Security protocols in constrained environments
Chris Swan
 
Chris Swan's Cloud World Forum 2015 Presentation: Reperimiterisation in the C...
Chris Swan's Cloud World Forum 2015 Presentation: Reperimiterisation in the C...Chris Swan's Cloud World Forum 2015 Presentation: Reperimiterisation in the C...
Chris Swan's Cloud World Forum 2015 Presentation: Reperimiterisation in the C...
Cohesive Networks
 
Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...
Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...
Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...
Joel W. King
 
Stores
StoresStores
Stores
Мехедов Александр
 
TFI2014 Session I - State of SDN - Gary Hemminger
TFI2014 Session I - State of SDN - Gary HemmingerTFI2014 Session I - State of SDN - Gary Hemminger
TFI2014 Session I - State of SDN - Gary Hemminger
Colorado Internet Society (CO ISOC)
 
Hack wifi password using kali linux
Hack wifi password using kali linuxHack wifi password using kali linux
Hack wifi password using kali linux
Helder Oliveira
 
How to Quickly Implement a Secure Cloud for Government and Military | Webinar
How to Quickly Implement a Secure Cloud for Government and Military | WebinarHow to Quickly Implement a Secure Cloud for Government and Military | Webinar
How to Quickly Implement a Secure Cloud for Government and Military | Webinar
PLUMgrid
 
SplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomSplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case Swisscom
Georg Knon
 
Guia practica
Guia practicaGuia practica
Guia practica
Carlos Camara
 
In what ways does your media product use, develop or challenge forms and conv...
In what ways does your media product use, develop or challenge forms and conv...In what ways does your media product use, develop or challenge forms and conv...
In what ways does your media product use, develop or challenge forms and conv...
Hxrrywmedia
 

More Related Content

What's hot

Protect Kubernetes Environments with Cisco Stealthwatch Cloud
Protect Kubernetes Environments with Cisco Stealthwatch CloudProtect Kubernetes Environments with Cisco Stealthwatch Cloud
Protect Kubernetes Environments with Cisco Stealthwatch Cloud
Robb Boyd
 
Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015
Winston Morton
 
What is SDN and how to approach it with Python
What is SDN and how to approach it with PythonWhat is SDN and how to approach it with Python
What is SDN and how to approach it with Python
Justin Park
 

What's hot (20)

Protect Kubernetes Environments with Cisco Stealthwatch Cloud
Protect Kubernetes Environments with Cisco Stealthwatch CloudProtect Kubernetes Environments with Cisco Stealthwatch Cloud
Protect Kubernetes Environments with Cisco Stealthwatch Cloud
 
NECOS Industrial Workshop lightning talk by Mateus Santos (Ericsson Research)
NECOS Industrial Workshop lightning talk by Mateus Santos (Ericsson Research) NECOS Industrial Workshop lightning talk by Mateus Santos (Ericsson Research)
NECOS Industrial Workshop lightning talk by Mateus Santos (Ericsson Research)
 
Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015
 
Design and Deploy Secure Clouds for Financial Services Use Cases
Design and Deploy Secure Clouds for Financial Services Use CasesDesign and Deploy Secure Clouds for Financial Services Use Cases
Design and Deploy Secure Clouds for Financial Services Use Cases
 
Network security-ieee-2014-projects
Network security-ieee-2014-projectsNetwork security-ieee-2014-projects
Network security-ieee-2014-projects
 
nquiring minds
nquiring mindsnquiring minds
nquiring minds
 
Nuage Networks for Dynamic Network Orchestration
Nuage Networks for Dynamic Network OrchestrationNuage Networks for Dynamic Network Orchestration
Nuage Networks for Dynamic Network Orchestration
 
Connecting the smart factory to the cloud with MQTT and Sparkplug
Connecting the smart factory to the cloud with MQTT and SparkplugConnecting the smart factory to the cloud with MQTT and Sparkplug
Connecting the smart factory to the cloud with MQTT and Sparkplug
 
What is SDN and how to approach it with Python
What is SDN and how to approach it with PythonWhat is SDN and how to approach it with Python
What is SDN and how to approach it with Python
 
Ns2 Projects
Ns2 ProjectsNs2 Projects
Ns2 Projects
 
Latest Networking Research Project Topics
Latest Networking Research Project Topics Latest Networking Research Project Topics
Latest Networking Research Project Topics
 
Getting started on IoT with AWS and NodeMCU for less than 5€
Getting started on IoT with AWS and NodeMCU for less than 5€Getting started on IoT with AWS and NodeMCU for less than 5€
Getting started on IoT with AWS and NodeMCU for less than 5€
 
Security protocols in constrained environments
Security protocols in constrained environments Security protocols in constrained environments
Security protocols in constrained environments
 
Chris Swan's Cloud World Forum 2015 Presentation: Reperimiterisation in the C...
Chris Swan's Cloud World Forum 2015 Presentation: Reperimiterisation in the C...Chris Swan's Cloud World Forum 2015 Presentation: Reperimiterisation in the C...
Chris Swan's Cloud World Forum 2015 Presentation: Reperimiterisation in the C...
 
Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...
Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...
Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...
 
Stores
StoresStores
Stores
 
TFI2014 Session I - State of SDN - Gary Hemminger
TFI2014 Session I - State of SDN - Gary HemmingerTFI2014 Session I - State of SDN - Gary Hemminger
TFI2014 Session I - State of SDN - Gary Hemminger
 
Hack wifi password using kali linux
Hack wifi password using kali linuxHack wifi password using kali linux
Hack wifi password using kali linux
 
How to Quickly Implement a Secure Cloud for Government and Military | Webinar
How to Quickly Implement a Secure Cloud for Government and Military | WebinarHow to Quickly Implement a Secure Cloud for Government and Military | Webinar
How to Quickly Implement a Secure Cloud for Government and Military | Webinar
 
SplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomSplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case Swisscom
 

Viewers also liked

In what ways does your media product use, develop or challenge forms and conv...
In what ways does your media product use, develop or challenge forms and conv...In what ways does your media product use, develop or challenge forms and conv...
In what ways does your media product use, develop or challenge forms and conv...
Hxrrywmedia
 
Taste%2310-0910-251
Taste%2310-0910-251Taste%2310-0910-251
Taste%2310-0910-251
Laura Lyons
 
GRGFrozenPlanetFinalSummativeEvaluationExecutiveSummary-6-27-12
GRGFrozenPlanetFinalSummativeEvaluationExecutiveSummary-6-27-12GRGFrozenPlanetFinalSummativeEvaluationExecutiveSummary-6-27-12
GRGFrozenPlanetFinalSummativeEvaluationExecutiveSummary-6-27-12
Markeisha Grant
 
478-01-9 FEEDBACK REPORT PDF
478-01-9 FEEDBACK REPORT PDF478-01-9 FEEDBACK REPORT PDF
478-01-9 FEEDBACK REPORT PDF
Eboni Washington
 

Viewers also liked (13)

Guia practica
Guia practicaGuia practica
Guia practica
 
In what ways does your media product use, develop or challenge forms and conv...
In what ways does your media product use, develop or challenge forms and conv...In what ways does your media product use, develop or challenge forms and conv...
In what ways does your media product use, develop or challenge forms and conv...
 
Taste%2310-0910-251
Taste%2310-0910-251Taste%2310-0910-251
Taste%2310-0910-251
 
Catalogo de rutas turisticas de Huescar
Catalogo de rutas turisticas de HuescarCatalogo de rutas turisticas de Huescar
Catalogo de rutas turisticas de Huescar
 
GRGFrozenPlanetFinalSummativeEvaluationExecutiveSummary-6-27-12
GRGFrozenPlanetFinalSummativeEvaluationExecutiveSummary-6-27-12GRGFrozenPlanetFinalSummativeEvaluationExecutiveSummary-6-27-12
GRGFrozenPlanetFinalSummativeEvaluationExecutiveSummary-6-27-12
 
Quinua ecológica
Quinua ecológicaQuinua ecológica
Quinua ecológica
 
478-01-9 FEEDBACK REPORT PDF
478-01-9 FEEDBACK REPORT PDF478-01-9 FEEDBACK REPORT PDF
478-01-9 FEEDBACK REPORT PDF
 
Устав управления культуры
Устав управления культурыУстав управления культуры
Устав управления культуры
 
医用画像における解剖学的ランドマークの検出、定義および応用
医用画像における解剖学的ランドマークの検出、定義および応用医用画像における解剖学的ランドマークの検出、定義および応用
医用画像における解剖学的ランドマークの検出、定義および応用
 
Pakolaisten mielen hyvinvointi
Pakolaisten mielen hyvinvointi Pakolaisten mielen hyvinvointi
Pakolaisten mielen hyvinvointi
 
Pmi – pmbok
Pmi – pmbokPmi – pmbok
Pmi – pmbok
 
Social Media Case Study Presentation
Social Media Case Study PresentationSocial Media Case Study Presentation
Social Media Case Study Presentation
 
Ассортимент Candy фокстрот 2016
Ассортимент Candy фокстрот 2016Ассортимент Candy фокстрот 2016
Ассортимент Candy фокстрот 2016
 

Similar to ITNetworkSecurity_GabrielBorlean

Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure
Brad Eckert
 
Cisco.350-701.v2021-12-14.q124.pdf
Cisco.350-701.v2021-12-14.q124.pdfCisco.350-701.v2021-12-14.q124.pdf
Cisco.350-701.v2021-12-14.q124.pdf
RoysLoudes
 
New Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersNew Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data Centers
Iben Rodriguez
 
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SAMeh Zaghloul
 

Similar to ITNetworkSecurity_GabrielBorlean (20)

Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure
 
Simplifying the secure data center
Simplifying the secure data centerSimplifying the secure data center
Simplifying the secure data center
 
Secure SDN
Secure SDNSecure SDN
Secure SDN
 
SDN and Security: A Marriage Made in Heaven. Or Not.
SDN and Security: A Marriage Made in Heaven. Or Not.SDN and Security: A Marriage Made in Heaven. Or Not.
SDN and Security: A Marriage Made in Heaven. Or Not.
 
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
 
Cloud Network Technology Development & Deployment Trends
Cloud Network Technology Development & Deployment TrendsCloud Network Technology Development & Deployment Trends
Cloud Network Technology Development & Deployment Trends
 
Cisco.350-701.v2021-12-14.q124.pdf
Cisco.350-701.v2021-12-14.q124.pdfCisco.350-701.v2021-12-14.q124.pdf
Cisco.350-701.v2021-12-14.q124.pdf
 
Solution Demonstration Overview - Steve Wallo
Solution Demonstration Overview - Steve WalloSolution Demonstration Overview - Steve Wallo
Solution Demonstration Overview - Steve Wallo
 
Making NFV-Based Business Services Secure
Making NFV-Based Business Services SecureMaking NFV-Based Business Services Secure
Making NFV-Based Business Services Secure
 
PLNOG 8: Ivan Pepelnjak - Cloud Networking - From Theory to Practice
PLNOG 8: Ivan Pepelnjak - Cloud Networking - From Theory to Practice PLNOG 8: Ivan Pepelnjak - Cloud Networking - From Theory to Practice
PLNOG 8: Ivan Pepelnjak - Cloud Networking - From Theory to Practice
 
Digital Transformation Drives WAN Evolution
Digital Transformation Drives WAN EvolutionDigital Transformation Drives WAN Evolution
Digital Transformation Drives WAN Evolution
 
#CiscoLiveLA 2017 Presentacion de Jerome Henry
#CiscoLiveLA 2017 Presentacion de Jerome Henry#CiscoLiveLA 2017 Presentacion de Jerome Henry
#CiscoLiveLA 2017 Presentacion de Jerome Henry
 
Network Virtualization
Network VirtualizationNetwork Virtualization
Network Virtualization
 
Transforming Networks with NFV & SDN
Transforming Networks with NFV & SDNTransforming Networks with NFV & SDN
Transforming Networks with NFV & SDN
 
Cloud networking workshop
Cloud networking workshopCloud networking workshop
Cloud networking workshop
 
New Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersNew Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data Centers
 
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
 
VMware NSX 101: What, Why & How
VMware NSX 101: What, Why & HowVMware NSX 101: What, Why & How
VMware NSX 101: What, Why & How
 
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)
 
NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della SicurezzaNSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
 

ITNetworkSecurity_GabrielBorlean

  • 1. IT NETWORK SECURITY Prevention & Attacks - A Study Gabriel Emanuel Maagaard, Borlean Datatekniker svendeprøve presentation Syddansk Erhvervsskole, Odense C December 17th, 2015 A.D.
  • 3. IT NETWORK SECURITY - 2 TOPICS  ZONE-BASED POLICY FIREWALL (Cisco ZFW, ZBF or ZPF)  Why, how  Example  LAYER 2 ATTACK: VLAN-HOPPING  What, how  Example  HIGH AVAILABILITY – DATA CENTER  VSS vs. vPC
  • 4. ZONE-BASED POLICY FIREWALL Intro:  Benefits  Zones  Actions
  • 5. ZONE-BASED POLICY FIREWALL The four parts and relationships:  Step 1: Create the zones  Step 2: Identify traffic with a class-map  Step 3: Define an action with a policy-map  Step 4: Identify a zone pair and match it to a policy-map  Step 5: Assign zones to the appropriate interfaces
  • 6. ZONE-BASED POLICY FIREWALL Example:  Direktion no RDP access to Server 0. 1. 2. 3. 4. 5.
  • 7. VLAN HOPPING Trunking & Switch Masquerading:
  • 9. VLAN HOPPING  Disable auto-trunking on user facing ports (DTP off)  Disable unused ports and put them in a unused VLAN  Be paranoid: do not use VLAN 1 for anything (change native VLAN #)  Use all tagged mode for the Native VLAN on trunks  Disable autonegotiation on trunk ports  Explicitly configure trunking on infrastructure ports  Use PC Voice VLAN Access on phones that support it  Use 802.1q tag on trunk ports Security Best Practices:
  • 10. DATA CENTER TECHNOLOGIES OVSS – Virtual Switching System:
  • 11. DATA CENTER TECHNOLOGIES OVSS – A High View:
  • 12. DATA CENTER TECHNOLOGIES OvPC vs. VSS – Contrast & Comparison:  Both support multi-chassis ether-channel  vPC - Nexus, while VSS - Catalyst 6500s  vPC – separate control & management plane, while VSS - én logisk switch
  • 13. LA FIN  Security – business case:  ”Cisco Connect 2015” conference Keynote- ”Connect the Unconnected” Christian Heinel, Security Evangelist, Cisco Danmark, Copenhagen  Networkworld.com ezine  Security– Zone-Based Policy Firewall:  CBTNuggets ”CCNA Security” with Keith Barker  CiscoPress ”Implementing Cisco IOS Network Security (IINS 640-554) Foundation Learning Guide, 2nd Edition”  Security– VLAN Hopping:  Webopedia definition  Firewall.cx article  Data Center – High Availability:  VSS: Cisco.com catalyst-6500-virtual-switching-system-1440  vPC: mycciedatacenter.blogspot.com OCRÉDITS: