SlideShare a Scribd company logo

CCNA Icnd110 s02l06

Download as PPT, PDF
C
computerlenguyen

CCNA

Education
1 of 12
© 2007 Cisco Systems, Inc. All rights reserved. ICND1 v1.0—2-1 Ethernet LANs Understanding Switch Security
© 2007 Cisco Systems, Inc. All rights reserved. ICND1 v1.0—2-2 Common Threats to Physical Installations  Hardware threats  Environmental threats  Electrical threats  Maintenance threats
© 2007 Cisco Systems, Inc. All rights reserved. ICND1 v1.0—2-3 Configuring a Switch Password
© 2007 Cisco Systems, Inc. All rights reserved. ICND1 v1.0—2-4 Configuring the Login Banner  Defines and enables a customized banner to be displayed before the username and password login prompts. SwitchX# banner login " Access for authorized users only. Please enter your username and password. "
© 2007 Cisco Systems, Inc. All rights reserved. ICND1 v1.0—2-5 Telnet vs. SSH Access  Telnet – Most common access method – Insecure  SSH-encrypted !– The username command create the username and password for the SSH session Username cisco password cisco ip domain-name mydomain.com crypto key generate rsa ip ssh version 2 line vty 0 4 login local transport input ssh
© 2007 Cisco Systems, Inc. All rights reserved. ICND1 v1.0—2-6 Cisco Catalyst 2960 Series SwitchX(config-if)#switchport port-security [ mac-address mac-address | mac-address sticky [mac-address] | maximum value | violation {restrict | shutdown}] SwitchX(config)#interface fa0/5 SwitchX(config-if)#switchport mode access SwitchX(config-if)#switchport port-security SwitchX(config-if)#switchport port-security maximum 1 SwitchX(config-if)#switchport port-security mac-address sticky SwitchX(config-if)#switchport port-security violation shutdown Configuring Port Security
© 2007 Cisco Systems, Inc. All rights reserved. ICND1 v1.0—2-7 SwitchX#show port-security [interface interface-id] [address] [ | {begin | exclude | include} expression] SwitchX#show port-security interface fastethernet 0/5 Port Security : Enabled Port Status : Secure-up Violation Mode : Shutdown Aging Time : 20 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 0 Sticky MAC Addresses : 0 Last Source Address : 0000.0000.0000 Security Violation Count : 0 Verifying Port Security on the Catalyst 2960 Series
© 2007 Cisco Systems, Inc. All rights reserved. ICND1 v1.0—2-8 SwitchX#sh port-security Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count) -------------------------------------------------------------------------- Fa0/5 1 1 0 Shutdown --------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 1024 SwitchX#sh port-security address Secure Mac Address Table ------------------------------------------------------------------- Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 0008.dddd.eeee SecureConfigured Fa0/5 - ------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 1024 Verifying Port Security on the Catalyst 2960 Series (Cont.)
© 2007 Cisco Systems, Inc. All rights reserved. ICND1 v1.0—2-9 Securing Unused Ports  Unsecured ports can create a security hole.  A switch plugged into an unused port will be added to the network.  Secure unused ports by disabling interfaces (ports).
© 2007 Cisco Systems, Inc. All rights reserved. ICND1 v1.0—2-10 Disabling an Interface (Port) shutdown SwitchX(config-int)#  To disable an interface, use the shutdown command in interface configuration mode.  To restart a disabled interface, use the no form of this command.
© 2007 Cisco Systems, Inc. All rights reserved. ICND1 v1.0—2-11 Summary  The first level of security is physical.  Passwords can be used to limit access to users that have been given the password.  The login banner can be used to display a message before the user is prompted for a username.  Telnet sends session traffic in cleartext; SSH encrypts the session traffic.  Port security can be used to limit MAC addresses to a port.  Unused ports should be shut down.
© 2007 Cisco Systems, Inc. All rights reserved. ICND1 v1.0—2-12

Recommended

CCNA icnd110 s03l03
CCNA icnd110 s03l03CCNA icnd110 s03l03
CCNA icnd110 s03l03computerlenguyen
 
CCNA Icnd110 s02l04
CCNA Icnd110 s02l04CCNA Icnd110 s02l04
CCNA Icnd110 s02l04computerlenguyen
 
CCNA Icnd110 s02l05
CCNA Icnd110 s02l05CCNA Icnd110 s02l05
CCNA Icnd110 s02l05computerlenguyen
 
CCNA Icnd110 s02l07
CCNA Icnd110 s02l07CCNA Icnd110 s02l07
CCNA Icnd110 s02l07computerlenguyen
 
CCNA Icnd110 s02l08
CCNA Icnd110 s02l08 CCNA Icnd110 s02l08
CCNA Icnd110 s02l08computerlenguyen
 
CCNA Icnd110 s02l09
CCNA Icnd110 s02l09CCNA Icnd110 s02l09
CCNA Icnd110 s02l09computerlenguyen
 
CCNA Icnd110 s02l02
CCNA Icnd110 s02l02CCNA Icnd110 s02l02
CCNA Icnd110 s02l02computerlenguyen
 
CCNA Icnd110 s04l01
CCNA Icnd110 s04l01CCNA Icnd110 s04l01
CCNA Icnd110 s04l01computerlenguyen
 

Recommended

CCNA icnd110 s03l03
CCNA icnd110 s03l03CCNA icnd110 s03l03
CCNA icnd110 s03l03computerlenguyen
 
CCNA Icnd110 s02l04
CCNA Icnd110 s02l04CCNA Icnd110 s02l04
CCNA Icnd110 s02l04computerlenguyen
 
CCNA Icnd110 s02l05
CCNA Icnd110 s02l05CCNA Icnd110 s02l05
CCNA Icnd110 s02l05computerlenguyen
 
CCNA Icnd110 s02l07
CCNA Icnd110 s02l07CCNA Icnd110 s02l07
CCNA Icnd110 s02l07computerlenguyen
 
CCNA Icnd110 s02l08
CCNA Icnd110 s02l08 CCNA Icnd110 s02l08
CCNA Icnd110 s02l08computerlenguyen
 
CCNA Icnd110 s02l09
CCNA Icnd110 s02l09CCNA Icnd110 s02l09
CCNA Icnd110 s02l09computerlenguyen
 
CCNA Icnd110 s02l02
CCNA Icnd110 s02l02CCNA Icnd110 s02l02
CCNA Icnd110 s02l02computerlenguyen
 
CCNA Icnd110 s04l01
CCNA Icnd110 s04l01CCNA Icnd110 s04l01
CCNA Icnd110 s04l01computerlenguyen
 
CCNA Icnd110 s03l02
CCNA Icnd110 s03l02CCNA Icnd110 s03l02
CCNA Icnd110 s03l02computerlenguyen
 
CCNA Icnd110 s01l04
CCNA Icnd110 s01l04CCNA Icnd110 s01l04
CCNA Icnd110 s01l04computerlenguyen
 
CCNA Icnd110 s03l01
CCNA Icnd110 s03l01CCNA Icnd110 s03l01
CCNA Icnd110 s03l01computerlenguyen
 
CCNA Icnd110 s02l03
CCNA Icnd110 s02l03CCNA Icnd110 s02l03
CCNA Icnd110 s02l03computerlenguyen
 
CCNA Icnd110 s04l10
CCNA Icnd110 s04l10CCNA Icnd110 s04l10
CCNA Icnd110 s04l10computerlenguyen
 
CCNA Icnd110 s04l04
CCNA Icnd110 s04l04CCNA Icnd110 s04l04
CCNA Icnd110 s04l04computerlenguyen
 
CCNA Icnd110 s05l02
CCNA Icnd110 s05l02CCNA Icnd110 s05l02
CCNA Icnd110 s05l02computerlenguyen
 
CCNA Icnd110 s06l01
CCNA Icnd110 s06l01 CCNA Icnd110 s06l01
CCNA Icnd110 s06l01computerlenguyen
 
CCNA Icnd110 s04l03
CCNA Icnd110 s04l03CCNA Icnd110 s04l03
CCNA Icnd110 s04l03computerlenguyen
 
CCNA Icnd110 s01l06
CCNA Icnd110 s01l06CCNA Icnd110 s01l06
CCNA Icnd110 s01l06computerlenguyen
 
CCNA Icnd110 s06l03
CCNA Icnd110 s06l03CCNA Icnd110 s06l03
CCNA Icnd110 s06l03computerlenguyen
 
CCNA Icnd110 s05l01
CCNA Icnd110 s05l01CCNA Icnd110 s05l01
CCNA Icnd110 s05l01computerlenguyen
 
CCNA Icnd110 s02l01
CCNA Icnd110 s02l01CCNA Icnd110 s02l01
CCNA Icnd110 s02l01computerlenguyen
 
Icnd210 s02l04
Icnd210 s02l04Icnd210 s02l04
Icnd210 s02l04computerlenguyen
 
CCNA Icnd110 cag
CCNA Icnd110 cagCCNA Icnd110 cag
CCNA Icnd110 cagcomputerlenguyen
 
CCNA Icnd110 s05l05
CCNA Icnd110 s05l05CCNA Icnd110 s05l05
CCNA Icnd110 s05l05computerlenguyen
 
CCNA Icnd110 s04l06
CCNA Icnd110 s04l06CCNA Icnd110 s04l06
CCNA Icnd110 s04l06computerlenguyen
 
CCNA Icnd110 s01l03
CCNA Icnd110 s01l03CCNA Icnd110 s01l03
CCNA Icnd110 s01l03computerlenguyen
 
Icnd210 s03l01
Icnd210 s03l01Icnd210 s03l01
Icnd210 s03l01computerlenguyen
 
CCNA Icnd110 s05l04
CCNA Icnd110 s05l04CCNA Icnd110 s05l04
CCNA Icnd110 s05l04computerlenguyen
 
Icnd210 s06l01
Icnd210 s06l01Icnd210 s06l01
Icnd210 s06l01computerlenguyen
 
Icnd210 s08l04
Icnd210 s08l04Icnd210 s08l04
Icnd210 s08l04computerlenguyen
 

More Related Content

What's hot

What's hot (20)

CCNA Icnd110 s03l02
CCNA Icnd110 s03l02CCNA Icnd110 s03l02
CCNA Icnd110 s03l02
 
CCNA Icnd110 s01l04
CCNA Icnd110 s01l04CCNA Icnd110 s01l04
CCNA Icnd110 s01l04
 
CCNA Icnd110 s03l01
CCNA Icnd110 s03l01CCNA Icnd110 s03l01
CCNA Icnd110 s03l01
 
CCNA Icnd110 s02l03
CCNA Icnd110 s02l03CCNA Icnd110 s02l03
CCNA Icnd110 s02l03
 
CCNA Icnd110 s04l10
CCNA Icnd110 s04l10CCNA Icnd110 s04l10
CCNA Icnd110 s04l10
 
CCNA Icnd110 s04l04
CCNA Icnd110 s04l04CCNA Icnd110 s04l04
CCNA Icnd110 s04l04
 
CCNA Icnd110 s05l02
CCNA Icnd110 s05l02CCNA Icnd110 s05l02
CCNA Icnd110 s05l02
 
CCNA Icnd110 s06l01
CCNA Icnd110 s06l01 CCNA Icnd110 s06l01
CCNA Icnd110 s06l01
 
CCNA Icnd110 s04l03
CCNA Icnd110 s04l03CCNA Icnd110 s04l03
CCNA Icnd110 s04l03
 
CCNA Icnd110 s01l06
CCNA Icnd110 s01l06CCNA Icnd110 s01l06
CCNA Icnd110 s01l06
 
CCNA Icnd110 s06l03
CCNA Icnd110 s06l03CCNA Icnd110 s06l03
CCNA Icnd110 s06l03
 
CCNA Icnd110 s05l01
CCNA Icnd110 s05l01CCNA Icnd110 s05l01
CCNA Icnd110 s05l01
 
CCNA Icnd110 s02l01
CCNA Icnd110 s02l01CCNA Icnd110 s02l01
CCNA Icnd110 s02l01
 
Icnd210 s02l04
Icnd210 s02l04Icnd210 s02l04
Icnd210 s02l04
 
CCNA Icnd110 cag
CCNA Icnd110 cagCCNA Icnd110 cag
CCNA Icnd110 cag
 
CCNA Icnd110 s05l05
CCNA Icnd110 s05l05CCNA Icnd110 s05l05
CCNA Icnd110 s05l05
 
CCNA Icnd110 s04l06
CCNA Icnd110 s04l06CCNA Icnd110 s04l06
CCNA Icnd110 s04l06
 
CCNA Icnd110 s01l03
CCNA Icnd110 s01l03CCNA Icnd110 s01l03
CCNA Icnd110 s01l03
 
Icnd210 s03l01
Icnd210 s03l01Icnd210 s03l01
Icnd210 s03l01
 
CCNA Icnd110 s05l04
CCNA Icnd110 s05l04CCNA Icnd110 s05l04
CCNA Icnd110 s05l04
 

Viewers also liked

Icnd210 sg vol 2
Icnd210 sg vol 2Icnd210 sg vol 2
Icnd210 sg vol 2Fer Rosas
 

Viewers also liked (18)

Icnd210 s06l01
Icnd210 s06l01Icnd210 s06l01
Icnd210 s06l01
 
Icnd210 s08l04
Icnd210 s08l04Icnd210 s08l04
Icnd210 s08l04
 
CCNA Icnd110 s04l07
CCNA Icnd110 s04l07CCNA Icnd110 s04l07
CCNA Icnd110 s04l07
 
CCNA Icnd110 s01l08
CCNA Icnd110 s01l08CCNA Icnd110 s01l08
CCNA Icnd110 s01l08
 
Icnd210 cag
Icnd210 cagIcnd210 cag
Icnd210 cag
 
Icnd210 s04l03
Icnd210 s04l03Icnd210 s04l03
Icnd210 s04l03
 
CCNA Icnd110 s04l08
CCNA Icnd110 s04l08CCNA Icnd110 s04l08
CCNA Icnd110 s04l08
 
CCNA Icnd110 lg
CCNA Icnd110 lgCCNA Icnd110 lg
CCNA Icnd110 lg
 
CCNA Icnd110 s05l03
CCNA Icnd110 s05l03CCNA Icnd110 s05l03
CCNA Icnd110 s05l03
 
Icnd210 sg vol 2
Icnd210 sg vol 2Icnd210 sg vol 2
Icnd210 sg vol 2
 
Icnd210 s01l01
Icnd210 s01l01Icnd210 s01l01
Icnd210 s01l01
 
CCNA Icnd110 s01l07
CCNA Icnd110 s01l07CCNA Icnd110 s01l07
CCNA Icnd110 s01l07
 
Icnd210 s08l03
Icnd210 s08l03Icnd210 s08l03
Icnd210 s08l03
 
Icnd210 s04l01
Icnd210 s04l01Icnd210 s04l01
Icnd210 s04l01
 
CCNA Icnd110 s01l02
CCNA Icnd110 s01l02CCNA Icnd110 s01l02
CCNA Icnd110 s01l02
 
Icnd210 s02l02
Icnd210 s02l02Icnd210 s02l02
Icnd210 s02l02
 
Icnd210 lg
Icnd210 lgIcnd210 lg
Icnd210 lg
 
Icnd210 s07l03
Icnd210 s07l03Icnd210 s07l03
Icnd210 s07l03
 

Similar to CCNA Icnd110 s02l06

SESI 7 RouterTroubleshooting.pptx
SESI 7 RouterTroubleshooting.pptxSESI 7 RouterTroubleshooting.pptx
SESI 7 RouterTroubleshooting.pptxFirmanAFauzi1
 
Chapter 13 : Introduction to switched networks
Chapter 13 : Introduction to switched networksChapter 13 : Introduction to switched networks
Chapter 13 : Introduction to switched networksteknetir
 
CCNAv5 - S2: Chapter2 Basic Switching Concepts and Configuration
CCNAv5 - S2: Chapter2 Basic Switching Concepts and ConfigurationCCNAv5 - S2: Chapter2 Basic Switching Concepts and Configuration
CCNAv5 - S2: Chapter2 Basic Switching Concepts and ConfigurationVuz Dở Hơi
 
Chapter 02 - Introduction to Switched Networks
Chapter 02 - Introduction to Switched NetworksChapter 02 - Introduction to Switched Networks
Chapter 02 - Introduction to Switched NetworksYaser Rahmati
 
KPUCC-Rs instructor ppt_chapter2_final
KPUCC-Rs instructor ppt_chapter2_finalKPUCC-Rs instructor ppt_chapter2_final
KPUCC-Rs instructor ppt_chapter2_finalFisal Anwari
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATCisco Russia
 
Cisco WIC-2T
Cisco WIC-2TCisco WIC-2T
Cisco WIC-2Tsavomir
 
introduction to switched networks - JARINGAN KOMPUTER
introduction to switched networks - JARINGAN KOMPUTERintroduction to switched networks - JARINGAN KOMPUTER
introduction to switched networks - JARINGAN KOMPUTERhasby if
 
Network Security.pptx
Network Security.pptxNetwork Security.pptx
Network Security.pptxJohn572978
 
Sca n instructorppt_chapter1_final
Sca n instructorppt_chapter1_finalSca n instructorppt_chapter1_final
Sca n instructorppt_chapter1_finalCamTESOL2015
 
CCNAv5 - S3: Chapter1 Introduction to Scaling Networks
CCNAv5 - S3: Chapter1 Introduction to Scaling NetworksCCNAv5 - S3: Chapter1 Introduction to Scaling Networks
CCNAv5 - S3: Chapter1 Introduction to Scaling NetworksVuz Dở Hơi
 
CCNA 2 Routing and Switching v5.0 Chapter 2
CCNA 2 Routing and Switching v5.0 Chapter 2CCNA 2 Routing and Switching v5.0 Chapter 2
CCNA 2 Routing and Switching v5.0 Chapter 2Nil Menon
 
Chapter 01 - Introduction to Switched Networks
Chapter 01 - Introduction to Switched NetworksChapter 01 - Introduction to Switched Networks
Chapter 01 - Introduction to Switched NetworksYaser Rahmati
 
rsinstructorpptchapter1final-141024021337-conversion-gate01
rsinstructorpptchapter1final-141024021337-conversion-gate01rsinstructorpptchapter1final-141024021337-conversion-gate01
rsinstructorpptchapter1final-141024021337-conversion-gate01Lema John Michael
 

Similar to CCNA Icnd110 s02l06 (20)

CCNA Icnd110 s04l11
CCNA Icnd110 s04l11CCNA Icnd110 s04l11
CCNA Icnd110 s04l11
 
Day 13.1..1 catalyst switch
Day 13.1..1 catalyst switchDay 13.1..1 catalyst switch
Day 13.1..1 catalyst switch
 
SESI 7 RouterTroubleshooting.pptx
SESI 7 RouterTroubleshooting.pptxSESI 7 RouterTroubleshooting.pptx
SESI 7 RouterTroubleshooting.pptx
 
Day 5.2 startingarouter
Day 5.2 startingarouterDay 5.2 startingarouter
Day 5.2 startingarouter
 
L2 Attacks.pdf
L2 Attacks.pdfL2 Attacks.pdf
L2 Attacks.pdf
 
Day 13.1 startingaswitch
Day 13.1 startingaswitchDay 13.1 startingaswitch
Day 13.1 startingaswitch
 
Chapter 13 : Introduction to switched networks
Chapter 13 : Introduction to switched networksChapter 13 : Introduction to switched networks
Chapter 13 : Introduction to switched networks
 
CCNAv5 - S2: Chapter2 Basic Switching Concepts and Configuration
CCNAv5 - S2: Chapter2 Basic Switching Concepts and ConfigurationCCNAv5 - S2: Chapter2 Basic Switching Concepts and Configuration
CCNAv5 - S2: Chapter2 Basic Switching Concepts and Configuration
 
Chapter 02 - Introduction to Switched Networks
Chapter 02 - Introduction to Switched NetworksChapter 02 - Introduction to Switched Networks
Chapter 02 - Introduction to Switched Networks
 
KPUCC-Rs instructor ppt_chapter2_final
KPUCC-Rs instructor ppt_chapter2_finalKPUCC-Rs instructor ppt_chapter2_final
KPUCC-Rs instructor ppt_chapter2_final
 
Ccnas v11 ch02_eb
Ccnas v11 ch02_ebCcnas v11 ch02_eb
Ccnas v11 ch02_eb
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NAT
 
Cisco WIC-2T
Cisco WIC-2TCisco WIC-2T
Cisco WIC-2T
 
introduction to switched networks - JARINGAN KOMPUTER
introduction to switched networks - JARINGAN KOMPUTERintroduction to switched networks - JARINGAN KOMPUTER
introduction to switched networks - JARINGAN KOMPUTER
 
Network Security.pptx
Network Security.pptxNetwork Security.pptx
Network Security.pptx
 
Sca n instructorppt_chapter1_final
Sca n instructorppt_chapter1_finalSca n instructorppt_chapter1_final
Sca n instructorppt_chapter1_final
 
CCNAv5 - S3: Chapter1 Introduction to Scaling Networks
CCNAv5 - S3: Chapter1 Introduction to Scaling NetworksCCNAv5 - S3: Chapter1 Introduction to Scaling Networks
CCNAv5 - S3: Chapter1 Introduction to Scaling Networks
 
CCNA 2 Routing and Switching v5.0 Chapter 2
CCNA 2 Routing and Switching v5.0 Chapter 2CCNA 2 Routing and Switching v5.0 Chapter 2
CCNA 2 Routing and Switching v5.0 Chapter 2
 
Chapter 01 - Introduction to Switched Networks
Chapter 01 - Introduction to Switched NetworksChapter 01 - Introduction to Switched Networks
Chapter 01 - Introduction to Switched Networks
 
rsinstructorpptchapter1final-141024021337-conversion-gate01
rsinstructorpptchapter1final-141024021337-conversion-gate01rsinstructorpptchapter1final-141024021337-conversion-gate01
rsinstructorpptchapter1final-141024021337-conversion-gate01
 

More from computerlenguyen

More from computerlenguyen (18)

Icnd210 s08l05
Icnd210 s08l05Icnd210 s08l05
Icnd210 s08l05
 
Icnd210 s08l02
Icnd210 s08l02Icnd210 s08l02
Icnd210 s08l02
 
Icnd210 s08l01
Icnd210 s08l01Icnd210 s08l01
Icnd210 s08l01
 
Icnd210 s07l02
Icnd210 s07l02Icnd210 s07l02
Icnd210 s07l02
 
Icnd210 s07l01
Icnd210 s07l01Icnd210 s07l01
Icnd210 s07l01
 
Icnd210 s06l03
Icnd210 s06l03Icnd210 s06l03
Icnd210 s06l03
 
Icnd210 s06l02
Icnd210 s06l02Icnd210 s06l02
Icnd210 s06l02
 
Icnd210 s05l03
Icnd210 s05l03Icnd210 s05l03
Icnd210 s05l03
 
Icnd210 s05l02
Icnd210 s05l02Icnd210 s05l02
Icnd210 s05l02
 
Icnd210 s04l02
Icnd210 s04l02Icnd210 s04l02
Icnd210 s04l02
 
Icnd210 s03l03
Icnd210 s03l03Icnd210 s03l03
Icnd210 s03l03
 
Icnd210 s03l02
Icnd210 s03l02Icnd210 s03l02
Icnd210 s03l02
 
Icnd210 s02l06
Icnd210 s02l06Icnd210 s02l06
Icnd210 s02l06
 
Icnd210 s02l05
Icnd210 s02l05Icnd210 s02l05
Icnd210 s02l05
 
Icnd210 s02l03
Icnd210 s02l03Icnd210 s02l03
Icnd210 s02l03
 
Icnd210 s02l01
Icnd210 s02l01Icnd210 s02l01
Icnd210 s02l01
 
Icnd210 s01l02
Icnd210 s01l02Icnd210 s01l02
Icnd210 s01l02
 
Eigrp authentication
Eigrp authenticationEigrp authentication
Eigrp authentication
 

Recently uploaded

Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...PsychoTech Services
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024Janet Corral
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 

Recently uploaded (20)

Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 

CCNA Icnd110 s02l06

  • 1. © 2007 Cisco Systems, Inc. All rights reserved. ICND1 v1.0—2-1 Ethernet LANs Understanding Switch Security
  • 2. © 2007 Cisco Systems, Inc. All rights reserved. ICND1 v1.0—2-2 Common Threats to Physical Installations  Hardware threats  Environmental threats  Electrical threats  Maintenance threats
  • 3. © 2007 Cisco Systems, Inc. All rights reserved. ICND1 v1.0—2-3 Configuring a Switch Password
  • 4. © 2007 Cisco Systems, Inc. All rights reserved. ICND1 v1.0—2-4 Configuring the Login Banner  Defines and enables a customized banner to be displayed before the username and password login prompts. SwitchX# banner login " Access for authorized users only. Please enter your username and password. "
  • 5. © 2007 Cisco Systems, Inc. All rights reserved. ICND1 v1.0—2-5 Telnet vs. SSH Access  Telnet – Most common access method – Insecure  SSH-encrypted !– The username command create the username and password for the SSH session Username cisco password cisco ip domain-name mydomain.com crypto key generate rsa ip ssh version 2 line vty 0 4 login local transport input ssh
  • 6. © 2007 Cisco Systems, Inc. All rights reserved. ICND1 v1.0—2-6 Cisco Catalyst 2960 Series SwitchX(config-if)#switchport port-security [ mac-address mac-address | mac-address sticky [mac-address] | maximum value | violation {restrict | shutdown}] SwitchX(config)#interface fa0/5 SwitchX(config-if)#switchport mode access SwitchX(config-if)#switchport port-security SwitchX(config-if)#switchport port-security maximum 1 SwitchX(config-if)#switchport port-security mac-address sticky SwitchX(config-if)#switchport port-security violation shutdown Configuring Port Security
  • 7. © 2007 Cisco Systems, Inc. All rights reserved. ICND1 v1.0—2-7 SwitchX#show port-security [interface interface-id] [address] [ | {begin | exclude | include} expression] SwitchX#show port-security interface fastethernet 0/5 Port Security : Enabled Port Status : Secure-up Violation Mode : Shutdown Aging Time : 20 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 0 Sticky MAC Addresses : 0 Last Source Address : 0000.0000.0000 Security Violation Count : 0 Verifying Port Security on the Catalyst 2960 Series
  • 8. © 2007 Cisco Systems, Inc. All rights reserved. ICND1 v1.0—2-8 SwitchX#sh port-security Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count) -------------------------------------------------------------------------- Fa0/5 1 1 0 Shutdown --------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 1024 SwitchX#sh port-security address Secure Mac Address Table ------------------------------------------------------------------- Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 0008.dddd.eeee SecureConfigured Fa0/5 - ------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 1024 Verifying Port Security on the Catalyst 2960 Series (Cont.)
  • 9. © 2007 Cisco Systems, Inc. All rights reserved. ICND1 v1.0—2-9 Securing Unused Ports  Unsecured ports can create a security hole.  A switch plugged into an unused port will be added to the network.  Secure unused ports by disabling interfaces (ports).
  • 10. © 2007 Cisco Systems, Inc. All rights reserved. ICND1 v1.0—2-10 Disabling an Interface (Port) shutdown SwitchX(config-int)#  To disable an interface, use the shutdown command in interface configuration mode.  To restart a disabled interface, use the no form of this command.
  • 11. © 2007 Cisco Systems, Inc. All rights reserved. ICND1 v1.0—2-11 Summary  The first level of security is physical.  Passwords can be used to limit access to users that have been given the password.  The login banner can be used to display a message before the user is prompted for a username.  Telnet sends session traffic in cleartext; SSH encrypts the session traffic.  Port security can be used to limit MAC addresses to a port.  Unused ports should be shut down.
  • 12. © 2007 Cisco Systems, Inc. All rights reserved. ICND1 v1.0—2-12

Editor's Notes

  1. <number> Layer 2 of 2 Emphasize: The router has one enable password. Remember that this is your only protection. Whoever owns this password can do anything with the router, so be careful about communicating this password to others. To provide an additional layer of security, particularly for passwords that cross the network or are stored on a TFTP server, you can use either the enable password or enable secret commands. Both commands accomplish the same thing; that is, they allow you to establish an encrypted password that users must enter to access enable mode (the default), or any privilege level you specify. Cisco recommends that you use the enable secret command because it uses an improved encryption algorithm. Use the enable password command only if you boot an older image of the Cisco IOS software, or if you boot older boot ROMs that do not recognize the enable secret command. If you configure the enable secret password, it is used instead of the enable password, not in addition to it. Cisco supports password encryption. Turn on password encryption using the service password-encryption command. Then enter the desired passwords for encryption. Immediately, on the next line, enter the no service password-encryption command. Only those passwords that are set between the two commands will be encrypted. If you enter service password-encryption and then press Ctrl-Z to exit, all passwords will be encrypted. Note: Password recovery is not covered in the course materials. Refer the students to the IMCR class.
  2. <number> Layer 2 of 2 Note: When the switch-sticky learns a MAC address on a secured port, the switch will make that MAC address a permanent address.
  3. <number> Layer 2 of 2 Emphasize: The default action is “suspend.”
  4. <number> Layer 2 of 2 Emphasize: The default action is “suspend.”