SlideShare a Scribd company logo
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1
Instructor Materials
Chapter 5: Network
Security and Monitoring
CCNA Routing and Switching
Connecting Networks
Presentation_ID 6© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Chapter 5: Best Practices
Prior to teaching Chapter 5, the instructor should:
 Complete Chapter 5 Assessment.
 Ensure all activities are completed. This is a very important
concept and hands-on time is vital.
 Provide the students many network security and network
monitoring activities.
 Encourage students to login with their cisco.com login and
download
http://docwiki.cisco.com/wiki/Internetworking_Technology_H
andbook
• Review the Security Technologies and the Network Management
chapters.
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 9
Chapter 5: Network Security
and Monitoring
Connecting Networks
Presentation_ID 10© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Chapter 5 - Sections & Objectives
 5.1 LAN Security
• Explain how to mitigate common LAN security.
 5.2 SNMP
• Configure SNMP to monitor network operations in a small to medium-
sized business network.
 5.3 Cisco Switch Port Analyzer (SPAN)
• Troubleshoot a network problem using SPAN.
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 11
5.1 LAN Security
Presentation_ID 12© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
LAN Security
LAN Security Attacks
 Common attacks against the Layer 2 LAN infrastructure
include:
• CDP Reconnaissance Attacks
• Telnet Attacks
• MAC Address Table Flooding Attacks
• VLAN Attacks
• DHCP Attacks
Presentation_ID 13© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 This topic covers several Layer 2 security solutions:
• Mitigating MAC address table flooding attacks using port security
• Mitigating VLAN attacks
• Mitigating DHCP attacks using DHCP snooping
• Securing administrative access using AAA
• Securing device access using 802.1X port authentication
LAN Security
LAN Security Best Practices
Presentation_ID 14© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 There are several strategies to help secure Layer 2 of a
network:
• Always use secure variants of these protocols such as SSH, SCP, SSL,
SNMPv3, and SFTP.
• Always use strong passwords and change them often.
• Enable CDP on select ports only.
• Secure Telnet access.
• Use a dedicated management VLAN where nothing but management
traffic resides.
• Use ACLs to filter unwanted access.
LAN Security
LAN Security Best Practices
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 15
5.2 SNMP
Presentation_ID 16© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
SNMP
SNMP Operation
 SNMP allows administrators
to manage and monitor
devices on an IP network.
 SNMP Elements
• SNMP Manager
• SNMP Agent
• MIB
 SNMP Operation
• Trap
• Get
• Set
Presentation_ID 17© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
SNMP
SNMP Operation
 SNMP Security Model and Levels
Presentation_ID 18© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
SNMP
Configuring SNMP
 Configuration steps
• Configure community string
• Document location of device
• Document system contact
• Restrict SNMP Access
• Specify recipient of SNMP
Traps
• Enable traps on SNMP agent
Presentation_ID 19© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
SNMP
Configuring SNMP
 Securing SNMPv3
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 20
5.3 Cisco Switch Port Analyzer
(SPAN)
Presentation_ID 21© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Cisco Switch Port Analyzer
SPAN Overview
 Port mirroring
• The port mirroring feature allows a switch to copy and send Ethernet
frames from specific ports to the destination port connected to a
packet analyzer. The original frame is still forwarded in the usual
manner.
Presentation_ID 22© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Cisco Switch Port Analyzer
SPAN Overview
 SPAN terminology
Presentation_ID 23© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Cisco Switch Port Analyzer
SPAN Overview
 RSPAN terminology
Presentation_ID 24© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Cisco Switch Port Analyzer
SPAN Configuration
 Use monitor session global configuration command
Presentation_ID 25© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Cisco Switch Port Analyzer
SPAN as a Troubleshooting Tool
 SPAN allows administrators to
troubleshoot network issues
 Administrator can use SPAN to
duplicate and redirect traffic to a
packet analyzer
 Administrator can analyze traffic
from all devices to troubleshoot
sub-optimal operation of
network applications
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 26
5.4 Chapter Summary
Presentation_ID 27© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Chapter Summary
Summary
 At Layer 2, a number of vulnerabilities exist that require
specialized mitigation techniques:
• MAC address table flooding attacks are addressed with port security.
• VLAN attacks are controlled by disabling DTP and following basic
guidelines for configuring trunk ports.
• DHCP attacks are addressed with DHCP snooping.
 The SNMP protocol has three elements: the Manager, the
Agent, and the MIB. The SNMP manager resides on the
NMS, while the Agent and the MIB are on the client devices.
• The SNMP Manager can poll the client devices for information, or it can
use a TRAP message that tells a client to report immediately if the client
reaches a particular threshold. SNMP can also be used to change the
configuration of a device.
Presentation_ID 28© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Summary Continued
 SNMPv3 is the recommended version because it provides security.
 SNMP is a comprehensive and powerful remote management tool. Nearly every
item available in a show command is available through SNMP.
 Switched Port Analyzer (SPAN) is used to mirror the traffic going to and/or
coming from the host. It is commonly implemented to support traffic analyzers or
IPS devices.
Presentation_ID 29© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Presentation_ID 30© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential

More Related Content

What's hot

Lesson 2 slideshow
Lesson 2 slideshowLesson 2 slideshow
Lesson 2 slideshow
Arnold Derrick Kinney
 
CCNA 1 Routing and Switching v5.0 Chapter 9
CCNA 1 Routing and Switching v5.0 Chapter 9CCNA 1 Routing and Switching v5.0 Chapter 9
CCNA 1 Routing and Switching v5.0 Chapter 9
Nil Menon
 
Implications of super channels on CDC ROADM architectures
Implications of super channels on CDC ROADM architecturesImplications of super channels on CDC ROADM architectures
Implications of super channels on CDC ROADM architectures
Anuj Malik
 
ccnp-enterprise-core-networking-encor-product-overview.pptx
ccnp-enterprise-core-networking-encor-product-overview.pptxccnp-enterprise-core-networking-encor-product-overview.pptx
ccnp-enterprise-core-networking-encor-product-overview.pptx
ssuserff1f40
 
Gpon Network
Gpon NetworkGpon Network
Gpon Network
mansoor_gr8
 
Juniper bti packet optical training
Juniper bti packet optical training Juniper bti packet optical training
Juniper bti packet optical training
Muhammad Denis Iqbal
 
CCNP Switching Chapter 5
CCNP Switching Chapter 5CCNP Switching Chapter 5
CCNP Switching Chapter 5
Chaing Ravuth
 
Basic network training2
Basic network training2Basic network training2
Basic network training2
Arunchai Seangparch
 
MPLS + BGP Presentation
MPLS + BGP PresentationMPLS + BGP Presentation
MPLS + BGP Presentation
Gino McCarty
 
Network management
Network management Network management
Network management
Manali Wadnerkar
 
Passive Optical Networks - PON: Customer Case Study, Design, Implementation a...
Passive Optical Networks - PON: Customer Case Study, Design, Implementation a...Passive Optical Networks - PON: Customer Case Study, Design, Implementation a...
Passive Optical Networks - PON: Customer Case Study, Design, Implementation a...
Bruno Teixeira
 
MPLS Traffic Engineering
MPLS Traffic EngineeringMPLS Traffic Engineering
MPLS Traffic Engineering
APNIC
 
SNMP
SNMPSNMP
Ccnp presentation [Day 1-3] Class
Ccnp presentation [Day 1-3] ClassCcnp presentation [Day 1-3] Class
Ccnp presentation [Day 1-3] Class
SagarR24
 
MPLS L3 VPN Deployment
MPLS L3 VPN DeploymentMPLS L3 VPN Deployment
MPLS L3 VPN Deployment
APNIC
 
Introduction to nexux from zero to Hero
Introduction to nexux  from zero to HeroIntroduction to nexux  from zero to Hero
Introduction to nexux from zero to Hero
Dhruv Sharma
 
Optical Fiber Cables :- An Introduction
Optical Fiber Cables :- An Introduction Optical Fiber Cables :- An Introduction
Optical Fiber Cables :- An Introduction
Pradeep Singh
 
Ospf
OspfOspf
MPLS basic interview questions and Answers
MPLS basic interview questions and AnswersMPLS basic interview questions and Answers
MPLS basic interview questions and Answers
NetworKingStudy
 
Bgp
BgpBgp

What's hot (20)

Lesson 2 slideshow
Lesson 2 slideshowLesson 2 slideshow
Lesson 2 slideshow
 
CCNA 1 Routing and Switching v5.0 Chapter 9
CCNA 1 Routing and Switching v5.0 Chapter 9CCNA 1 Routing and Switching v5.0 Chapter 9
CCNA 1 Routing and Switching v5.0 Chapter 9
 
Implications of super channels on CDC ROADM architectures
Implications of super channels on CDC ROADM architecturesImplications of super channels on CDC ROADM architectures
Implications of super channels on CDC ROADM architectures
 
ccnp-enterprise-core-networking-encor-product-overview.pptx
ccnp-enterprise-core-networking-encor-product-overview.pptxccnp-enterprise-core-networking-encor-product-overview.pptx
ccnp-enterprise-core-networking-encor-product-overview.pptx
 
Gpon Network
Gpon NetworkGpon Network
Gpon Network
 
Juniper bti packet optical training
Juniper bti packet optical training Juniper bti packet optical training
Juniper bti packet optical training
 
CCNP Switching Chapter 5
CCNP Switching Chapter 5CCNP Switching Chapter 5
CCNP Switching Chapter 5
 
Basic network training2
Basic network training2Basic network training2
Basic network training2
 
MPLS + BGP Presentation
MPLS + BGP PresentationMPLS + BGP Presentation
MPLS + BGP Presentation
 
Network management
Network management Network management
Network management
 
Passive Optical Networks - PON: Customer Case Study, Design, Implementation a...
Passive Optical Networks - PON: Customer Case Study, Design, Implementation a...Passive Optical Networks - PON: Customer Case Study, Design, Implementation a...
Passive Optical Networks - PON: Customer Case Study, Design, Implementation a...
 
MPLS Traffic Engineering
MPLS Traffic EngineeringMPLS Traffic Engineering
MPLS Traffic Engineering
 
SNMP
SNMPSNMP
SNMP
 
Ccnp presentation [Day 1-3] Class
Ccnp presentation [Day 1-3] ClassCcnp presentation [Day 1-3] Class
Ccnp presentation [Day 1-3] Class
 
MPLS L3 VPN Deployment
MPLS L3 VPN DeploymentMPLS L3 VPN Deployment
MPLS L3 VPN Deployment
 
Introduction to nexux from zero to Hero
Introduction to nexux  from zero to HeroIntroduction to nexux  from zero to Hero
Introduction to nexux from zero to Hero
 
Optical Fiber Cables :- An Introduction
Optical Fiber Cables :- An Introduction Optical Fiber Cables :- An Introduction
Optical Fiber Cables :- An Introduction
 
Ospf
OspfOspf
Ospf
 
MPLS basic interview questions and Answers
MPLS basic interview questions and AnswersMPLS basic interview questions and Answers
MPLS basic interview questions and Answers
 
Bgp
BgpBgp
Bgp
 

Similar to CCNA4 Verson6 Chapter5

CCNA (R & S) Module 02 - Connecting Networks - Chapter 5
CCNA (R & S) Module 02 - Connecting Networks - Chapter 5CCNA (R & S) Module 02 - Connecting Networks - Chapter 5
CCNA (R & S) Module 02 - Connecting Networks - Chapter 5
Waqas Ahmed Nawaz
 
CCNP Switching Chapter 10
CCNP Switching Chapter 10CCNP Switching Chapter 10
CCNP Switching Chapter 10
Chaing Ravuth
 
CCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the networkCCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the network
Vuz Dở Hơi
 
Chapter 6 overview
Chapter 6 overviewChapter 6 overview
Chapter 6 overview
ali raza
 
L2 Attacks.pdf
L2 Attacks.pdfL2 Attacks.pdf
L2 Attacks.pdf
vinaykumar947680
 
CCNA4 Verson6 Chapter2
CCNA4 Verson6 Chapter2CCNA4 Verson6 Chapter2
CCNA4 Verson6 Chapter2
Chaing Ravuth
 
CCNAv5 - S4: Chapter 7: Securing Site-to-site Connectivity
CCNAv5 - S4: Chapter 7: Securing Site-to-site ConnectivityCCNAv5 - S4: Chapter 7: Securing Site-to-site Connectivity
CCNAv5 - S4: Chapter 7: Securing Site-to-site Connectivity
Vuz Dở Hơi
 
Chapter 02 - Introduction to Switched Networks
Chapter 02 - Introduction to Switched NetworksChapter 02 - Introduction to Switched Networks
Chapter 02 - Introduction to Switched Networks
Yaser Rahmati
 
KPUCC-Rs instructor ppt_chapter2_final
KPUCC-Rs instructor ppt_chapter2_finalKPUCC-Rs instructor ppt_chapter2_final
KPUCC-Rs instructor ppt_chapter2_final
Fisal Anwari
 
CCNAv5 - S2: Chapter2 Basic Switching Concepts and Configuration
CCNAv5 - S2: Chapter2 Basic Switching Concepts and ConfigurationCCNAv5 - S2: Chapter2 Basic Switching Concepts and Configuration
CCNAv5 - S2: Chapter2 Basic Switching Concepts and Configuration
Vuz Dở Hơi
 
CCNAv5 - S4: Chapter3 Point to-point Connections
CCNAv5 - S4: Chapter3 Point to-point ConnectionsCCNAv5 - S4: Chapter3 Point to-point Connections
CCNAv5 - S4: Chapter3 Point to-point Connections
Vuz Dở Hơi
 
Chapter 13 : Introduction to switched networks
Chapter 13 : Introduction to switched networksChapter 13 : Introduction to switched networks
Chapter 13 : Introduction to switched networks
teknetir
 
CCNA 2 Routing and Switching v5.0 Chapter 2
CCNA 2 Routing and Switching v5.0 Chapter 2CCNA 2 Routing and Switching v5.0 Chapter 2
CCNA 2 Routing and Switching v5.0 Chapter 2
Nil Menon
 
Chapter 14 : vlan
Chapter 14 : vlanChapter 14 : vlan
Chapter 14 : vlan
teknetir
 
CCNA (R & S) Module 02 - Connecting Networks - Chapter 8
CCNA (R & S) Module 02 - Connecting Networks - Chapter 8CCNA (R & S) Module 02 - Connecting Networks - Chapter 8
CCNA (R & S) Module 02 - Connecting Networks - Chapter 8
Waqas Ahmed Nawaz
 
Chapter 03 - VLANs
Chapter 03 - VLANsChapter 03 - VLANs
Chapter 03 - VLANs
Yaser Rahmati
 
CCNAv5 - S2: Chapter3 Vlans
CCNAv5 - S2: Chapter3 VlansCCNAv5 - S2: Chapter3 Vlans
CCNAv5 - S2: Chapter3 Vlans
Vuz Dở Hơi
 
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_finalKPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
Fisal Anwari
 
CCNA 2 Routing and Switching v5.0 Chapter 3
CCNA 2 Routing and Switching v5.0 Chapter 3CCNA 2 Routing and Switching v5.0 Chapter 3
CCNA 2 Routing and Switching v5.0 Chapter 3
Nil Menon
 
CCNA4 Verson6 Chapter8
CCNA4 Verson6 Chapter8CCNA4 Verson6 Chapter8
CCNA4 Verson6 Chapter8
Chaing Ravuth
 

Similar to CCNA4 Verson6 Chapter5 (20)

CCNA (R & S) Module 02 - Connecting Networks - Chapter 5
CCNA (R & S) Module 02 - Connecting Networks - Chapter 5CCNA (R & S) Module 02 - Connecting Networks - Chapter 5
CCNA (R & S) Module 02 - Connecting Networks - Chapter 5
 
CCNP Switching Chapter 10
CCNP Switching Chapter 10CCNP Switching Chapter 10
CCNP Switching Chapter 10
 
CCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the networkCCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the network
 
Chapter 6 overview
Chapter 6 overviewChapter 6 overview
Chapter 6 overview
 
L2 Attacks.pdf
L2 Attacks.pdfL2 Attacks.pdf
L2 Attacks.pdf
 
CCNA4 Verson6 Chapter2
CCNA4 Verson6 Chapter2CCNA4 Verson6 Chapter2
CCNA4 Verson6 Chapter2
 
CCNAv5 - S4: Chapter 7: Securing Site-to-site Connectivity
CCNAv5 - S4: Chapter 7: Securing Site-to-site ConnectivityCCNAv5 - S4: Chapter 7: Securing Site-to-site Connectivity
CCNAv5 - S4: Chapter 7: Securing Site-to-site Connectivity
 
Chapter 02 - Introduction to Switched Networks
Chapter 02 - Introduction to Switched NetworksChapter 02 - Introduction to Switched Networks
Chapter 02 - Introduction to Switched Networks
 
KPUCC-Rs instructor ppt_chapter2_final
KPUCC-Rs instructor ppt_chapter2_finalKPUCC-Rs instructor ppt_chapter2_final
KPUCC-Rs instructor ppt_chapter2_final
 
CCNAv5 - S2: Chapter2 Basic Switching Concepts and Configuration
CCNAv5 - S2: Chapter2 Basic Switching Concepts and ConfigurationCCNAv5 - S2: Chapter2 Basic Switching Concepts and Configuration
CCNAv5 - S2: Chapter2 Basic Switching Concepts and Configuration
 
CCNAv5 - S4: Chapter3 Point to-point Connections
CCNAv5 - S4: Chapter3 Point to-point ConnectionsCCNAv5 - S4: Chapter3 Point to-point Connections
CCNAv5 - S4: Chapter3 Point to-point Connections
 
Chapter 13 : Introduction to switched networks
Chapter 13 : Introduction to switched networksChapter 13 : Introduction to switched networks
Chapter 13 : Introduction to switched networks
 
CCNA 2 Routing and Switching v5.0 Chapter 2
CCNA 2 Routing and Switching v5.0 Chapter 2CCNA 2 Routing and Switching v5.0 Chapter 2
CCNA 2 Routing and Switching v5.0 Chapter 2
 
Chapter 14 : vlan
Chapter 14 : vlanChapter 14 : vlan
Chapter 14 : vlan
 
CCNA (R & S) Module 02 - Connecting Networks - Chapter 8
CCNA (R & S) Module 02 - Connecting Networks - Chapter 8CCNA (R & S) Module 02 - Connecting Networks - Chapter 8
CCNA (R & S) Module 02 - Connecting Networks - Chapter 8
 
Chapter 03 - VLANs
Chapter 03 - VLANsChapter 03 - VLANs
Chapter 03 - VLANs
 
CCNAv5 - S2: Chapter3 Vlans
CCNAv5 - S2: Chapter3 VlansCCNAv5 - S2: Chapter3 Vlans
CCNAv5 - S2: Chapter3 Vlans
 
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_finalKPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
 
CCNA 2 Routing and Switching v5.0 Chapter 3
CCNA 2 Routing and Switching v5.0 Chapter 3CCNA 2 Routing and Switching v5.0 Chapter 3
CCNA 2 Routing and Switching v5.0 Chapter 3
 
CCNA4 Verson6 Chapter8
CCNA4 Verson6 Chapter8CCNA4 Verson6 Chapter8
CCNA4 Verson6 Chapter8
 

More from Chaing Ravuth

CCNP ROUTE V7 CH8
CCNP ROUTE V7 CH8CCNP ROUTE V7 CH8
CCNP ROUTE V7 CH8
Chaing Ravuth
 
CCNP ROUTE V7 CH7
CCNP ROUTE V7 CH7CCNP ROUTE V7 CH7
CCNP ROUTE V7 CH7
Chaing Ravuth
 
CCNP ROUTE V7 CH6
CCNP ROUTE V7 CH6CCNP ROUTE V7 CH6
CCNP ROUTE V7 CH6
Chaing Ravuth
 
CCNP ROUTE V7 CH5
CCNP ROUTE V7 CH5CCNP ROUTE V7 CH5
CCNP ROUTE V7 CH5
Chaing Ravuth
 
CCNP ROUTE V7 CH4
CCNP ROUTE V7 CH4CCNP ROUTE V7 CH4
CCNP ROUTE V7 CH4
Chaing Ravuth
 
CCNP ROUTE V7 CH3
CCNP ROUTE V7 CH3CCNP ROUTE V7 CH3
CCNP ROUTE V7 CH3
Chaing Ravuth
 
CCNP ROUTE V7 CH2
CCNP ROUTE V7 CH2CCNP ROUTE V7 CH2
CCNP ROUTE V7 CH2
Chaing Ravuth
 
CCNP ROUTE V7 CH1
CCNP ROUTE V7 CH1CCNP ROUTE V7 CH1
CCNP ROUTE V7 CH1
Chaing Ravuth
 
CCNP Switching Chapter 3
CCNP Switching Chapter 3CCNP Switching Chapter 3
CCNP Switching Chapter 3
Chaing Ravuth
 
CCNP Switching Chapter 2
CCNP Switching Chapter 2CCNP Switching Chapter 2
CCNP Switching Chapter 2
Chaing Ravuth
 
CCNP Switching Chapter 9
CCNP Switching Chapter 9CCNP Switching Chapter 9
CCNP Switching Chapter 9
Chaing Ravuth
 
CCNP Switching Chapter 8
CCNP Switching Chapter 8CCNP Switching Chapter 8
CCNP Switching Chapter 8
Chaing Ravuth
 
CCNP Switching Chapter 7
CCNP Switching Chapter 7CCNP Switching Chapter 7
CCNP Switching Chapter 7
Chaing Ravuth
 
CCNP Switching Chapter 6
CCNP Switching Chapter 6CCNP Switching Chapter 6
CCNP Switching Chapter 6
Chaing Ravuth
 
CCNP Switching Chapter 4
CCNP Switching Chapter 4CCNP Switching Chapter 4
CCNP Switching Chapter 4
Chaing Ravuth
 
CCNA4 Verson6 Chapter1
CCNA4 Verson6 Chapter1CCNA4 Verson6 Chapter1
CCNA4 Verson6 Chapter1
Chaing Ravuth
 
CCNA4 Verson6 Chapter7
CCNA4 Verson6 Chapter7CCNA4 Verson6 Chapter7
CCNA4 Verson6 Chapter7
Chaing Ravuth
 
CCNA4 Verson6 Chapter6
CCNA4 Verson6 Chapter6CCNA4 Verson6 Chapter6
CCNA4 Verson6 Chapter6
Chaing Ravuth
 
CCNA4 Verson6 Chapter4
CCNA4 Verson6 Chapter4CCNA4 Verson6 Chapter4
CCNA4 Verson6 Chapter4
Chaing Ravuth
 
CCNA4 Verson6 Chapter3
CCNA4 Verson6 Chapter3CCNA4 Verson6 Chapter3
CCNA4 Verson6 Chapter3
Chaing Ravuth
 

More from Chaing Ravuth (20)

CCNP ROUTE V7 CH8
CCNP ROUTE V7 CH8CCNP ROUTE V7 CH8
CCNP ROUTE V7 CH8
 
CCNP ROUTE V7 CH7
CCNP ROUTE V7 CH7CCNP ROUTE V7 CH7
CCNP ROUTE V7 CH7
 
CCNP ROUTE V7 CH6
CCNP ROUTE V7 CH6CCNP ROUTE V7 CH6
CCNP ROUTE V7 CH6
 
CCNP ROUTE V7 CH5
CCNP ROUTE V7 CH5CCNP ROUTE V7 CH5
CCNP ROUTE V7 CH5
 
CCNP ROUTE V7 CH4
CCNP ROUTE V7 CH4CCNP ROUTE V7 CH4
CCNP ROUTE V7 CH4
 
CCNP ROUTE V7 CH3
CCNP ROUTE V7 CH3CCNP ROUTE V7 CH3
CCNP ROUTE V7 CH3
 
CCNP ROUTE V7 CH2
CCNP ROUTE V7 CH2CCNP ROUTE V7 CH2
CCNP ROUTE V7 CH2
 
CCNP ROUTE V7 CH1
CCNP ROUTE V7 CH1CCNP ROUTE V7 CH1
CCNP ROUTE V7 CH1
 
CCNP Switching Chapter 3
CCNP Switching Chapter 3CCNP Switching Chapter 3
CCNP Switching Chapter 3
 
CCNP Switching Chapter 2
CCNP Switching Chapter 2CCNP Switching Chapter 2
CCNP Switching Chapter 2
 
CCNP Switching Chapter 9
CCNP Switching Chapter 9CCNP Switching Chapter 9
CCNP Switching Chapter 9
 
CCNP Switching Chapter 8
CCNP Switching Chapter 8CCNP Switching Chapter 8
CCNP Switching Chapter 8
 
CCNP Switching Chapter 7
CCNP Switching Chapter 7CCNP Switching Chapter 7
CCNP Switching Chapter 7
 
CCNP Switching Chapter 6
CCNP Switching Chapter 6CCNP Switching Chapter 6
CCNP Switching Chapter 6
 
CCNP Switching Chapter 4
CCNP Switching Chapter 4CCNP Switching Chapter 4
CCNP Switching Chapter 4
 
CCNA4 Verson6 Chapter1
CCNA4 Verson6 Chapter1CCNA4 Verson6 Chapter1
CCNA4 Verson6 Chapter1
 
CCNA4 Verson6 Chapter7
CCNA4 Verson6 Chapter7CCNA4 Verson6 Chapter7
CCNA4 Verson6 Chapter7
 
CCNA4 Verson6 Chapter6
CCNA4 Verson6 Chapter6CCNA4 Verson6 Chapter6
CCNA4 Verson6 Chapter6
 
CCNA4 Verson6 Chapter4
CCNA4 Verson6 Chapter4CCNA4 Verson6 Chapter4
CCNA4 Verson6 Chapter4
 
CCNA4 Verson6 Chapter3
CCNA4 Verson6 Chapter3CCNA4 Verson6 Chapter3
CCNA4 Verson6 Chapter3
 

Recently uploaded

Types of Herbal Cosmetics its standardization.
Types of Herbal Cosmetics its standardization.Types of Herbal Cosmetics its standardization.
Types of Herbal Cosmetics its standardization.
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
David Douglas School District
 
Top five deadliest dog breeds in America
Top five deadliest dog breeds in AmericaTop five deadliest dog breeds in America
Top five deadliest dog breeds in America
Bisnar Chase Personal Injury Attorneys
 
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
Priyankaranawat4
 
MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE”           .MARY JANE WILSON, A “BOA MÃE”           .
MARY JANE WILSON, A “BOA MÃE” .
Colégio Santa Teresinha
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
Academy of Science of South Africa
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
Nguyen Thanh Tu Collection
 
Advanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docxAdvanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docx
adhitya5119
 
DRUGS AND ITS classification slide share
DRUGS AND ITS classification slide shareDRUGS AND ITS classification slide share
DRUGS AND ITS classification slide share
taiba qazi
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
thanhdowork
 
The Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collectionThe Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collection
Israel Genealogy Research Association
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
Jean Carlos Nunes Paixão
 
Digital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental DesignDigital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental Design
amberjdewit93
 
Digital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments UnitDigital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments Unit
chanes7
 
How to Fix the Import Error in the Odoo 17
How to Fix the Import Error in the Odoo 17How to Fix the Import Error in the Odoo 17
How to Fix the Import Error in the Odoo 17
Celine George
 
Smart-Money for SMC traders good time and ICT
Smart-Money for SMC traders good time and ICTSmart-Money for SMC traders good time and ICT
Smart-Money for SMC traders good time and ICT
simonomuemu
 
writing about opinions about Australia the movie
writing about opinions about Australia the moviewriting about opinions about Australia the movie
writing about opinions about Australia the movie
Nicholas Montgomery
 
How to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRMHow to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRM
Celine George
 
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptxC1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
mulvey2
 
A Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdfA Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdf
Jean Carlos Nunes Paixão
 

Recently uploaded (20)

Types of Herbal Cosmetics its standardization.
Types of Herbal Cosmetics its standardization.Types of Herbal Cosmetics its standardization.
Types of Herbal Cosmetics its standardization.
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
 
Top five deadliest dog breeds in America
Top five deadliest dog breeds in AmericaTop five deadliest dog breeds in America
Top five deadliest dog breeds in America
 
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
 
MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE”           .MARY JANE WILSON, A “BOA MÃE”           .
MARY JANE WILSON, A “BOA MÃE” .
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
 
Advanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docxAdvanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docx
 
DRUGS AND ITS classification slide share
DRUGS AND ITS classification slide shareDRUGS AND ITS classification slide share
DRUGS AND ITS classification slide share
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
 
The Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collectionThe Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collection
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
 
Digital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental DesignDigital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental Design
 
Digital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments UnitDigital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments Unit
 
How to Fix the Import Error in the Odoo 17
How to Fix the Import Error in the Odoo 17How to Fix the Import Error in the Odoo 17
How to Fix the Import Error in the Odoo 17
 
Smart-Money for SMC traders good time and ICT
Smart-Money for SMC traders good time and ICTSmart-Money for SMC traders good time and ICT
Smart-Money for SMC traders good time and ICT
 
writing about opinions about Australia the movie
writing about opinions about Australia the moviewriting about opinions about Australia the movie
writing about opinions about Australia the movie
 
How to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRMHow to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRM
 
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptxC1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
 
A Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdfA Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdf
 

CCNA4 Verson6 Chapter5

  • 1. © 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1 Instructor Materials Chapter 5: Network Security and Monitoring CCNA Routing and Switching Connecting Networks
  • 2. Presentation_ID 6© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Chapter 5: Best Practices Prior to teaching Chapter 5, the instructor should:  Complete Chapter 5 Assessment.  Ensure all activities are completed. This is a very important concept and hands-on time is vital.  Provide the students many network security and network monitoring activities.  Encourage students to login with their cisco.com login and download http://docwiki.cisco.com/wiki/Internetworking_Technology_H andbook • Review the Security Technologies and the Network Management chapters.
  • 3. © 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 9 Chapter 5: Network Security and Monitoring Connecting Networks
  • 4. Presentation_ID 10© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Chapter 5 - Sections & Objectives  5.1 LAN Security • Explain how to mitigate common LAN security.  5.2 SNMP • Configure SNMP to monitor network operations in a small to medium- sized business network.  5.3 Cisco Switch Port Analyzer (SPAN) • Troubleshoot a network problem using SPAN.
  • 5. © 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 11 5.1 LAN Security
  • 6. Presentation_ID 12© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential LAN Security LAN Security Attacks  Common attacks against the Layer 2 LAN infrastructure include: • CDP Reconnaissance Attacks • Telnet Attacks • MAC Address Table Flooding Attacks • VLAN Attacks • DHCP Attacks
  • 7. Presentation_ID 13© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential  This topic covers several Layer 2 security solutions: • Mitigating MAC address table flooding attacks using port security • Mitigating VLAN attacks • Mitigating DHCP attacks using DHCP snooping • Securing administrative access using AAA • Securing device access using 802.1X port authentication LAN Security LAN Security Best Practices
  • 8. Presentation_ID 14© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential  There are several strategies to help secure Layer 2 of a network: • Always use secure variants of these protocols such as SSH, SCP, SSL, SNMPv3, and SFTP. • Always use strong passwords and change them often. • Enable CDP on select ports only. • Secure Telnet access. • Use a dedicated management VLAN where nothing but management traffic resides. • Use ACLs to filter unwanted access. LAN Security LAN Security Best Practices
  • 9. © 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 15 5.2 SNMP
  • 10. Presentation_ID 16© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential SNMP SNMP Operation  SNMP allows administrators to manage and monitor devices on an IP network.  SNMP Elements • SNMP Manager • SNMP Agent • MIB  SNMP Operation • Trap • Get • Set
  • 11. Presentation_ID 17© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential SNMP SNMP Operation  SNMP Security Model and Levels
  • 12. Presentation_ID 18© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential SNMP Configuring SNMP  Configuration steps • Configure community string • Document location of device • Document system contact • Restrict SNMP Access • Specify recipient of SNMP Traps • Enable traps on SNMP agent
  • 13. Presentation_ID 19© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential SNMP Configuring SNMP  Securing SNMPv3
  • 14. © 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 20 5.3 Cisco Switch Port Analyzer (SPAN)
  • 15. Presentation_ID 21© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Cisco Switch Port Analyzer SPAN Overview  Port mirroring • The port mirroring feature allows a switch to copy and send Ethernet frames from specific ports to the destination port connected to a packet analyzer. The original frame is still forwarded in the usual manner.
  • 16. Presentation_ID 22© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Cisco Switch Port Analyzer SPAN Overview  SPAN terminology
  • 17. Presentation_ID 23© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Cisco Switch Port Analyzer SPAN Overview  RSPAN terminology
  • 18. Presentation_ID 24© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Cisco Switch Port Analyzer SPAN Configuration  Use monitor session global configuration command
  • 19. Presentation_ID 25© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Cisco Switch Port Analyzer SPAN as a Troubleshooting Tool  SPAN allows administrators to troubleshoot network issues  Administrator can use SPAN to duplicate and redirect traffic to a packet analyzer  Administrator can analyze traffic from all devices to troubleshoot sub-optimal operation of network applications
  • 20. © 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 26 5.4 Chapter Summary
  • 21. Presentation_ID 27© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Chapter Summary Summary  At Layer 2, a number of vulnerabilities exist that require specialized mitigation techniques: • MAC address table flooding attacks are addressed with port security. • VLAN attacks are controlled by disabling DTP and following basic guidelines for configuring trunk ports. • DHCP attacks are addressed with DHCP snooping.  The SNMP protocol has three elements: the Manager, the Agent, and the MIB. The SNMP manager resides on the NMS, while the Agent and the MIB are on the client devices. • The SNMP Manager can poll the client devices for information, or it can use a TRAP message that tells a client to report immediately if the client reaches a particular threshold. SNMP can also be used to change the configuration of a device.
  • 22. Presentation_ID 28© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Summary Continued  SNMPv3 is the recommended version because it provides security.  SNMP is a comprehensive and powerful remote management tool. Nearly every item available in a show command is available through SNMP.  Switched Port Analyzer (SPAN) is used to mirror the traffic going to and/or coming from the host. It is commonly implemented to support traffic analyzers or IPS devices.
  • 23. Presentation_ID 29© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
  • 24. Presentation_ID 30© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential