Submit Search
Upload
Ccna sv2 instructor_ppt_ch2
•
Download as PPTX, PDF
•
0 likes
•
71 views
S
SalmenHAJJI1
Follow
CCNA security chapitre 2
Read less
Read more
Internet
Report
Share
Report
Share
1 of 85
Download now
Recommended
Ccna sv2 instructor_ppt_ch3
Ccna sv2 instructor_ppt_ch3
SalmenHAJJI1
Ccna sv2 instructor_ppt_ch4
Ccna sv2 instructor_ppt_ch4
SalmenHAJJI1
Ccna sv2 instructor_ppt_ch6
Ccna sv2 instructor_ppt_ch6
SalmenHAJJI1
Ccna sv2 instructor_ppt_ch1
Ccna sv2 instructor_ppt_ch1
SalmenHAJJI1
Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8
Babaa Naya
Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8
Mukesh Chinta
ClearPass Policy Model - An Introduction
ClearPass Policy Model - An Introduction
Aruba, a Hewlett Packard Enterprise company
CCNA 2 Routing and Switching v5.0 Chapter 11
CCNA 2 Routing and Switching v5.0 Chapter 11
Nil Menon
Recommended
Ccna sv2 instructor_ppt_ch3
Ccna sv2 instructor_ppt_ch3
SalmenHAJJI1
Ccna sv2 instructor_ppt_ch4
Ccna sv2 instructor_ppt_ch4
SalmenHAJJI1
Ccna sv2 instructor_ppt_ch6
Ccna sv2 instructor_ppt_ch6
SalmenHAJJI1
Ccna sv2 instructor_ppt_ch1
Ccna sv2 instructor_ppt_ch1
SalmenHAJJI1
Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8
Babaa Naya
Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8
Mukesh Chinta
ClearPass Policy Model - An Introduction
ClearPass Policy Model - An Introduction
Aruba, a Hewlett Packard Enterprise company
CCNA 2 Routing and Switching v5.0 Chapter 11
CCNA 2 Routing and Switching v5.0 Chapter 11
Nil Menon
Attribute based access control
Attribute based access control
Elimity
ATT&CKcon Intro
ATT&CKcon Intro
MITRE ATT&CK
CCNA 1 Routing and Switching v5.0 Chapter 5
CCNA 1 Routing and Switching v5.0 Chapter 5
Nil Menon
Ace Up the Sleeve
Ace Up the Sleeve
Will Schroeder
System hacking
System hacking
CAS
Cisco CCNA module 1
Cisco CCNA module 1
Anjar Septiawan
Access Management with Aruba ClearPass
Access Management with Aruba ClearPass
Aruba, a Hewlett Packard Enterprise company
ClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirements
Aruba, a Hewlett Packard Enterprise company
Threat Modelling - It's not just for developers
Threat Modelling - It's not just for developers
MITRE ATT&CK
CCNA v6.0 ITN - Chapter 02
CCNA v6.0 ITN - Chapter 02
Irsandi Hasan
ETHICAL HACKING
ETHICAL HACKING
Sweta Leena Panda
DerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting Revisited
Will Schroeder
Exploring how Students Map Social Engineering Techniques to the ATT&CK Framew...
Exploring how Students Map Social Engineering Techniques to the ATT&CK Framew...
MITRE ATT&CK
Mapping ATT&CK Techniques to ENGAGE Activities
Mapping ATT&CK Techniques to ENGAGE Activities
MITRE ATT&CK
CCNAv5 - S2: Chapter2 Basic Switching Concepts and Configuration
CCNAv5 - S2: Chapter2 Basic Switching Concepts and Configuration
Vuz Dở Hơi
Chapter 6 Presentation
Chapter 6 Presentation
Amy McMullin
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network security
Ahmed Habib
Defending Your "Gold"
Defending Your "Gold"
Will Schroeder
Kablosuz Ağlara Yapılan Saldırılar
Kablosuz Ağlara Yapılan Saldırılar
BGA Cyber Security
Chapter 19 : single-area ospf
Chapter 19 : single-area ospf
teknetir
CCNASv2_InstructorPPT_CH2.pptx
CCNASv2_InstructorPPT_CH2.pptx
mohamedabdelwahed68
Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8
SalmenHAJJI1
More Related Content
What's hot
Attribute based access control
Attribute based access control
Elimity
ATT&CKcon Intro
ATT&CKcon Intro
MITRE ATT&CK
CCNA 1 Routing and Switching v5.0 Chapter 5
CCNA 1 Routing and Switching v5.0 Chapter 5
Nil Menon
Ace Up the Sleeve
Ace Up the Sleeve
Will Schroeder
System hacking
System hacking
CAS
Cisco CCNA module 1
Cisco CCNA module 1
Anjar Septiawan
Access Management with Aruba ClearPass
Access Management with Aruba ClearPass
Aruba, a Hewlett Packard Enterprise company
ClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirements
Aruba, a Hewlett Packard Enterprise company
Threat Modelling - It's not just for developers
Threat Modelling - It's not just for developers
MITRE ATT&CK
CCNA v6.0 ITN - Chapter 02
CCNA v6.0 ITN - Chapter 02
Irsandi Hasan
ETHICAL HACKING
ETHICAL HACKING
Sweta Leena Panda
DerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting Revisited
Will Schroeder
Exploring how Students Map Social Engineering Techniques to the ATT&CK Framew...
Exploring how Students Map Social Engineering Techniques to the ATT&CK Framew...
MITRE ATT&CK
Mapping ATT&CK Techniques to ENGAGE Activities
Mapping ATT&CK Techniques to ENGAGE Activities
MITRE ATT&CK
CCNAv5 - S2: Chapter2 Basic Switching Concepts and Configuration
CCNAv5 - S2: Chapter2 Basic Switching Concepts and Configuration
Vuz Dở Hơi
Chapter 6 Presentation
Chapter 6 Presentation
Amy McMullin
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network security
Ahmed Habib
Defending Your "Gold"
Defending Your "Gold"
Will Schroeder
Kablosuz Ağlara Yapılan Saldırılar
Kablosuz Ağlara Yapılan Saldırılar
BGA Cyber Security
Chapter 19 : single-area ospf
Chapter 19 : single-area ospf
teknetir
What's hot
(20)
Attribute based access control
Attribute based access control
ATT&CKcon Intro
ATT&CKcon Intro
CCNA 1 Routing and Switching v5.0 Chapter 5
CCNA 1 Routing and Switching v5.0 Chapter 5
Ace Up the Sleeve
Ace Up the Sleeve
System hacking
System hacking
Cisco CCNA module 1
Cisco CCNA module 1
Access Management with Aruba ClearPass
Access Management with Aruba ClearPass
ClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirements
Threat Modelling - It's not just for developers
Threat Modelling - It's not just for developers
CCNA v6.0 ITN - Chapter 02
CCNA v6.0 ITN - Chapter 02
ETHICAL HACKING
ETHICAL HACKING
DerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting Revisited
Exploring how Students Map Social Engineering Techniques to the ATT&CK Framew...
Exploring how Students Map Social Engineering Techniques to the ATT&CK Framew...
Mapping ATT&CK Techniques to ENGAGE Activities
Mapping ATT&CK Techniques to ENGAGE Activities
CCNAv5 - S2: Chapter2 Basic Switching Concepts and Configuration
CCNAv5 - S2: Chapter2 Basic Switching Concepts and Configuration
Chapter 6 Presentation
Chapter 6 Presentation
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network security
Defending Your "Gold"
Defending Your "Gold"
Kablosuz Ağlara Yapılan Saldırılar
Kablosuz Ağlara Yapılan Saldırılar
Chapter 19 : single-area ospf
Chapter 19 : single-area ospf
Similar to Ccna sv2 instructor_ppt_ch2
CCNASv2_InstructorPPT_CH2.pptx
CCNASv2_InstructorPPT_CH2.pptx
mohamedabdelwahed68
Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8
SalmenHAJJI1
Ccna security v2 instructor_ppt_ch10
Ccna security v2 instructor_ppt_ch10
SalmenHAJJI1
Ccna sv2 instructor_ppt_ch9
Ccna sv2 instructor_ppt_ch9
SalmenHAJJI1
Chapter 2 Configure a Network Operating System
Chapter 2 Configure a Network Operating System
newbie2019
Ccna sv2 instructor_ppt_ch7
Ccna sv2 instructor_ppt_ch7
SalmenHAJJI1
Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5
SalmenHAJJI1
012 2 ccna sv2-instructor_ppt_ch9
012 2 ccna sv2-instructor_ppt_ch9
Babaa Naya
PC LEESOON 6.pptx
PC LEESOON 6.pptx
MLG College of Learning, Inc
CCNASv2_InstructorPPT_CH8.en.es.pptx
CCNASv2_InstructorPPT_CH8.en.es.pptx
RichardChecca1
TitleABC123 Version X1Film ListPSYCH650 Version 2.docx
TitleABC123 Version X1Film ListPSYCH650 Version 2.docx
juliennehar
04 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch5
Babaa Naya
Chapter 2 overview
Chapter 2 overview
ali raza
CCNA_Security_02.ppt
CCNA_Security_02.ppt
veracru1
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
Cisco Russia
network security
network security
Dayanna Moyano
Chapter 3 overview
Chapter 3 overview
ali raza
CCNA Security 05- securing the management plane
CCNA Security 05- securing the management plane
Ahmed Habib
It nv51 instructor_ppt_ch8
It nv51 instructor_ppt_ch8
newbie2019
Experiencias aumentadas por la red
Experiencias aumentadas por la red
schangan1
Similar to Ccna sv2 instructor_ppt_ch2
(20)
CCNASv2_InstructorPPT_CH2.pptx
CCNASv2_InstructorPPT_CH2.pptx
Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8
Ccna security v2 instructor_ppt_ch10
Ccna security v2 instructor_ppt_ch10
Ccna sv2 instructor_ppt_ch9
Ccna sv2 instructor_ppt_ch9
Chapter 2 Configure a Network Operating System
Chapter 2 Configure a Network Operating System
Ccna sv2 instructor_ppt_ch7
Ccna sv2 instructor_ppt_ch7
Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5
012 2 ccna sv2-instructor_ppt_ch9
012 2 ccna sv2-instructor_ppt_ch9
PC LEESOON 6.pptx
PC LEESOON 6.pptx
CCNASv2_InstructorPPT_CH8.en.es.pptx
CCNASv2_InstructorPPT_CH8.en.es.pptx
TitleABC123 Version X1Film ListPSYCH650 Version 2.docx
TitleABC123 Version X1Film ListPSYCH650 Version 2.docx
04 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch5
Chapter 2 overview
Chapter 2 overview
CCNA_Security_02.ppt
CCNA_Security_02.ppt
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
network security
network security
Chapter 3 overview
Chapter 3 overview
CCNA Security 05- securing the management plane
CCNA Security 05- securing the management plane
It nv51 instructor_ppt_ch8
It nv51 instructor_ppt_ch8
Experiencias aumentadas por la red
Experiencias aumentadas por la red
Recently uploaded
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
divyansh0kumar0
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
Call girls in Ahmedabad High profile
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of india
imessage0108
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
anamikaraghav4
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Damian Radcliffe
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Dana Luther
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
Damian Radcliffe
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
soniya singh
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
ellan12
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
aditipandeya
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girls
stephieert
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Delhi Call girls
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
Thierry TROUIN ☁
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
APNIC
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
sonalikaur4
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
APNIC
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
aditipandeya
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
kojalkojal131
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
James Anderson
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
divyansh0kumar0
Recently uploaded
(20)
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of india
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
Ccna sv2 instructor_ppt_ch2
1.
CCNA Security v2.0 Chapter
2: Securing Network Devices
2.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 2 2.0 Introduction 2.1 Securing Device Access 2.2 Assigning Administrative Roles 2.3 Monitoring and Managing Devices 2.4 Using Automated Security Features 2.5 Securing the Control Plane 2.6 Summary
3.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 3 Upon completion of this section, you should be able to: • Explain how to secure a network perimeter. • Configure secure administrative access to Cisco routers. • Configure enhanced security for virtual logins. • Configure an SSH daemon for secure remote management.
4.
Cisco Public© 2013
Cisco and/or its affiliates. All rights reserved. 4
5.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 5
6.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 6 Single Router Approach Defense in Depth Approach DMZ Approach
7.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 7
8.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 8 Tasks: • Restrict device accessibility • Log and account for all access • Authenticate access • Authorize actions • Present legal notification • Ensure the confidentiality of data
9.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 9 Local Access Remote Access Using Telnet Remote Access Using Modem and Aux Port
10.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 10 Dedicated Management Network
11.
Cisco Public© 2013
Cisco and/or its affiliates. All rights reserved. 11
12.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 12 Guidelines: • Use a password length of 10 or more characters. • Include a mix of uppercase and lowercase letters, numbers, symbols, and spaces. • Avoid passwords based on easily identifiable pieces of information. • Deliberately misspell a password (Smith = Smyth = 5mYth). • Change passwords often. • Do not write passwords down and leave them in obvious places. Weak Password Why it is Weak Strong Password Why it is Strong secret Simple dictionary password b67n42d39c Combines alphanumeric characters smith Mother’s maiden name 12^h u4@1p7 Combines alphanumeric characters, symbols, and includes a space toyota Make of car bob1967 Name and birthday of user Blueleaf23 Simple words and numbers
13.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 13
14.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 14 Guidelines: • Configure all secret passwords using type 8 or type 9 passwords • Use the enable algorithm-type command syntax to enter an unencrypted password • Use the username name algorithm-type command to specify type 9 encryption
15.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 15
16.
Cisco Public© 2013
Cisco and/or its affiliates. All rights reserved. 16
17.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 17 Virtual login security enhancements: • Implement delays between successive login attempts • Enable login shutdown if DoS attacks are suspected • Generate system-logging messages for login detection
18.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 18
19.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 19 Command Syntax: login block-for Example: login quiet-mode access-class Example: login delay
20.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 20 Generate Login Syslog Messages Example: show login failures
21.
Cisco Public© 2013
Cisco and/or its affiliates. All rights reserved. 21
22.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 22 Example SSH Configuration Example Verification of SSH
23.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 23
24.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 24 Two ways to connect: • Enable SSH and use a Cisco router as an SSH server or SSH client. As a server, the router can accept SSH client connections As a client, the router can connect via SSH to another SSH-enabled router • Use an SSH client running on a host, such as PuTTY, OpenSSH, or TeraTerm.
25.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 25 Upon completion of this section, you should be able to: • Configure administrative privilege levels to control command availability. • Configure role-based CLI access to control command availability.
26.
Cisco Public© 2013
Cisco and/or its affiliates. All rights reserved. 26
27.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 27 Levels of access commands: • User EXEC mode (privilege level 1) Lowest EXEC mode user privileges Only user-level command available at the router> prompt • Privileged EXEC mode (privilege level 15) All enable-level commands at the router# prompt Privilege levels: • Level 0: Predefined for user-level access privileges. • Level 1: Default level for login with the router prompt. • Level 2-14: May be customized for user-level privileges. • Level 15: Reserved for the enable mode privileges. Privilege Level Syntax
28.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 28
29.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 29 • No access control to specific interfaces, ports, logical interfaces, and slots on a router • Commands available at lower privilege levels are always executable at higher privilege levels • Commands specifically set at higher privilege levels are not available for lower privilege users • Assigning a command with multiple keywords allows access to all commands that use those
30.
Cisco Public© 2013
Cisco and/or its affiliates. All rights reserved. 30
31.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 31 For example: • Security operator privileges Configure AAA Issue show commands Configure firewall Configure IDS/IPS Configure NetFlow • WAN engineer privileges Configure routing Configure interfaces Issue show commands
32.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 32
33.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 33 Step 1 Step 2 Step 3 Step 4
34.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 34 Step 1 Step 2 Step 3
35.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 35 Enable Root View and Verify All Views
36.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 36 Upon completion of this section, you should be able to: • Use the Cisco IOS resilient configuration feature to secure the Cisco IOS image and configuration files. • Compare in-band and out-of band management access. • Configure syslog to log system events. • Configure secure SNMPv3 access using ACL • Configure NTP to enable accurate timestamping between all devices.
37.
Cisco Public© 2013
Cisco and/or its affiliates. All rights reserved. 37
38.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 38
39.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 39
40.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 40
41.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 41 Configure the router for server-side SCP with local AAA: 1. Configure SSH 2. Configure at least one user with privilege level 15 3. Enable AAA 4. Specify that the local database is to be used for authentication 5. Configure command authorization 6. Enable SCP server-side functionality
42.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 42 1. Connect to the console port. 2. Record the configuration register setting. 3. Power cycle the router. 4. Issue the break sequence. 5. Change the default configuration register with the confreg 0x2142 command. 6. Reboot the router. 7. Press Ctrl-C to skip the initial setup procedure. 8. Put the router into privileged EXEC mode. 9. Copy the startup configuration to the running configuration. 10. Verify the configuration. 11. Change the enable secret password. 12. Enable all interfaces. 13. Change the config-register with the config-register configuration_register_setting. 14. Save the configuration changes.
43.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 43 Password Recovery Functionality is Disabled No Service Password Recovery Disable Password Recovery
44.
Cisco Public© 2013
Cisco and/or its affiliates. All rights reserved. 44
45.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 45 In-Band Management: • Apply only to devices that need to be managed or monitored • Use IPsec, SSH, or SSL when possible • Decide whether the management channel need to be open at all time Out-of-Band (OOB) Management: • Provide highest level of security • Mitigate the risk of passing management protocols over the production network
46.
Cisco Public© 2013
Cisco and/or its affiliates. All rights reserved. 46
47.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 47
48.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 48
49.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 49 Security Levels Example Severity Levels
50.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 50
51.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 51
52.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 52 Step 1 Step 2 (optional) Step 3 Step 4
53.
Cisco Public© 2013
Cisco and/or its affiliates. All rights reserved. 53
54.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 54
55.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 55 Cisco MIB Hierarchy
56.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 56
57.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 57
58.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 58 Message integrity & authentication Encryption Access control • Transmissions from manager to agent may be authenticated to guarantee the identity of the sender and the integrity and timeliness of a message. • SNMPv3 messages may be encrypted to ensure privacy. • Agent may enforce access control to restrict each principal to certain actions on specific portions of data.
59.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 59
60.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 60
61.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 61
62.
Cisco Public© 2013
Cisco and/or its affiliates. All rights reserved. 62
63.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 63
64.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 64 Sample NTP Topology Sample NTP Configuration on R1 Sample NTP Configuration on R2
65.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 65
66.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 66 Upon completion of this section, you should be able to: • Use security audit tools to determine IOS-based router vulnerabilities. • Use AutoSecure to enable security on IOS-based routers.
67.
Cisco Public© 2013
Cisco and/or its affiliates. All rights reserved. 67
68.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 68
69.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 69 There is a detailed list of security settings for protocols and services provided in Figure 2 of this page in the course. Additional recommended practices to ensure a device is secure: • Disable unnecessary services and interfaces. • Disable and restrict commonly configured management services. • Disable probes and scans. Ensure terminal access security. • Disable gratuitous and proxy ARPs • Disable IP-directed broadcasts.
70.
Cisco Public© 2013
Cisco and/or its affiliates. All rights reserved. 70
71.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 71
72.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 72
73.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 73 1. The auto secure command is entered 2. Wizard gathers information about the outside interfaces 3. AutoSecure secures the management plane by disabling unnecessary services 4. AutoSecure prompts for a banner 5. AutoSecure prompts for passwords and enables password and login features 6. Interfaces are secured 7. Forwarding plane is secured
74.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 74 Upon completion of this section, you should be able to: • Configure a routing protocol authentication. • Explain the function of Control Plane Policing.
75.
Cisco Public© 2013
Cisco and/or its affiliates. All rights reserved. 75
76.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 76 Consequences of protocol spoofing: • Redirect traffic to create routing loops. • Redirect traffic so it can be monitored on an insecure link. • Redirect traffic to discard it.
77.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 77
78.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 78
79.
Cisco Public© 2013
Cisco and/or its affiliates. All rights reserved. 79
80.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 80
81.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 81
82.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 82
83.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 83 Chapter Objectives: • Configure secure administrative access. • Configure command authorization using privilege levels and role-based CLI. • Implement the secure management and monitoring of network devices. • Use automated features to enable security on IOS-based routers. • Implement control plane security.
84.
Thank you.
85.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 85 • Remember, there are helpful tutorials and user guides available via your NetSpace home page. (https://www.netacad.com) • These resources cover a variety of topics including navigation, assessments, and assignments. • A screenshot has been provided here highlighting the tutorials related to activating exams, managing assessments, and creating quizzes. 1 2
Editor's Notes
2.1.1.1 Securing the Network Infrastructure
2.1.1.2 Edge Router Security Approaches
2.1.1.3 Three Areas of Router Security
2.1.1.4 Secure Administrative Access
2.1.1.5 Secure Local and Remote Access
2.1.1.5 Secure Local and Remote Access
2.1.2.1 Strong Passwords
2.1.2.2 Increasing Access Security
2.1.2.3 Secret Password Algorithms
2.1.2.4 Securing Line Access Syntax Checker: Secure Administrative Access on R2
2.1.3.1 Enhancing the Login Process
2.1.3.2 Configuring Login Enhancement Features
2.1.3.3 Enable Login Enhancements Syntax Checker: Configure Enhanced Login Security on R2
2.1.3.4 Logging Failed Attempts
2.1.4.1 Steps for Configuring SSH
2.1.4.2 Modifying the SSH Configuration Syntax Checker: Enable SSH on R2
2.1.4.3 Connecting to an SSH-Enabled Router
2.2.1.1 Limiting Command Availability
2.2.1.2 Configuring and Assigning Privilege Levels
2.2.1.3 Limitations of Privilege Levels Syntax Checker: Configure Privilege Levels on R2
2.2.2.1 Role-Based CLI Access
2.2.2.2 Role-Based Views
2.2.2.3 Configuring Role-Based Views Syntax Checker: Configure Views on R2
2.2.2.4 Configuring Role-Based CLI Superviews Syntax Checker: Configure Superviews on R2
2.2.2.5 Verify Role-Based CLI Views
2.3.1.1 Cisco IOS Resilient Configuration Feature
2.3.1.2 Enabling the IOS Image Resilience Feature
2.3.1.3 The Primary Bootset Image
2.3.1.4 Configuring Secure Copy
2.3.1.5 Recovering a Router Password
2.3.1.6 Password Recovery
2.3.2.1 Determining the Type of Management Access 2.3.2.2 Out-of-Band and In-Band Access
2.3.3.1 Introduction to Syslog
2.3.3.2 Syslog Operation
2.3.3.3 Syslog Message
2.3.3.3 Syslog Message 2.3.3.4 Activity - Parts 1-3 : Interpret Syslog Output
2.3.3.5 Syslog Systems
2.3.3.6 Configuring System Logging
2.3.4.1 Introduction to SNMP
2.3.4.2 Management Information Base
2.3.4.3 SNMP Versions
2.3.4.4 SNMP Vulnerabilities
2.3.4.5 SNMPv3
2.3.4.6 Configuring SNMPv3 Security
2.3.4.7 Secure SNMPv3 Configuration Example Syntax Checker: Configure SNMPv3 Authentication Using an ACL
2.3.4.8 Verifying the SNMPv3 Configuration
2.3.5.1 Network Time Protocol
2.3.5.2 NTP Server
2.3.5.3 NTP Authentication Syntax Checker: Configure NTP Authentication on R1
2.4.1.1 Discovery Protocols CDP and LLDP
2.4.1.2 Settings for Protocols and Services
2.4.2.1 Cisco AutoSecure
2.4.2.2 Using the Cisco AutoSecure Feature
2.4.2.3 Using the auto secure Command Syntax Checker: Use AutoSecure to Secure R1
2.5.1.1 Routing Protocol Spoofing
2.5.1.2 OSPF MD5 Routing Protocol Authentication
2.5.1.3 OSPF SHA Routing Protocol Authentication Syntax Checker: Configure OSPF Authentication Using SHA 256
2.5.2.1 Network Device Operations
2.5.2.2 Control and Management Plane Vulnerabilities
2.5.2.3 CoPP Operation 2.5.2.4 Activity - Identify the Features of CoPP 2.5.2.5 Activity - Identify the Network Device Security Features
2.6.1.1 Packet Tracer - Configure Cisco Routers for Syslog, NTP, and SSH Operations
https://www.netacad.com
Download now