SlideShare a Scribd company logo

보안위협 관리통제

M
Munkyeonggu

The document discusses the configuration of network devices for a network topology. It includes: 1) A list of equipment used including Cisco switches and routers. 2) Diagrams of the Layer 2 and Layer 3 topologies, showing VLANs, routing protocols, and IP addressing. 3) Requirements and configuration sections detailing configurations for routing protocols like BGP, OSPF, EIGRP, services like NTP, and security features like NAT and CBAC. The configurations provided implement an IBGP setup between routers, NTP synchronization, NAT for internal to external addressing, and CBAC to control external access to internal resources. Packet flows and debugging outputs validate the working of these configurations.

1 of 23
Download to read offline
Team 1
01 Introduction of Operator 02 Required Equipment and Cables 03 Topology 04 Requirement and Result 05 Configuration I N D E
02 Required Equipment and Cables SW1-KCC-1 / CISCO Switch Catalyst 2950 SW2-KCC-2/ CISCO Switch Catalyst 2950 R1-KCC-2 / CISCO Router 2600 R1-KCC-3 / CISCO Router 2600 R1-KCC-5 / CISCO Router 3600 R1-KCC-4 / CISCO Switch Catalyst 3550 R1-KCC-1/ CISCO Router 2600
 L2 계층 구성도 03 Topology f0/7-8 SW1-KCC-1 f0/1 f0/2f0/1 f0/2 SW1-KCC-2 R1-KCC-5 R1-KCC-2 R1-KCC-3 VTP Domain : MNY168 VTP Password : MNY160 R1-KCC-4 R1-KCC-1 f0/12
 L3 계층 구성도 03 Topology 172.16.20.4/30 VLAN 128 Area 1 EIGRP 168 OSPF 159 172.16.20.0/30 NATCBAC R1-KCC-1 R1-KCC-3 R1-KCC-4 R1-KCC-5VLAN 55 172.16.20.8/30 172.16.20.16/30 172.16.20.12/30 VLAN 300 VLAN 42 Area 0 R1-KCC-2 Web VLAN 100 Client VLAN 10 172.16.10.10/27 172.16.10.0/27 172.16.10.40/27 172.16.10.32/27 DCE E0/0 11.13.7.0/30 .2 172.16.3.3/24 172.16.5.5/24 172.16.2.2/24 172.16.4.4/24 172.16.1.1/24 BGP AS 130 ISP
 L3 계층 구성도 03 Topology Area 1 EIGRP 168 OSPF 159 NAT R1-KCC-3R1-KCC-5 Area 0 R1-KCC-2 Web Client HANKOOK TIRE Web CBAC SK KCC BGP AS 120BGP AS 100BGP AS 130 WebWeb R1-KCC-1 R1-KCC-4 ISP
 BGP SK와 HANKOOKTIRE와 경로 정보를 원활히 교환 할수있도록 IBGP 환경을 구축하시오. (단, IBGP 연결을 BGP Peer-Group 을 사용하여 BGP 설정 내용을 간결하게 하시오) 04 Requirement & Result • BGP Peer-Gruop 사용 후 R1-KCC-5(config)#router bgp 130 R1-KCC-5(config-router)#bgp router-id 5.5.5.5 R1-KCC-5(config-router)#no synchronization R1-KCC-5(config-router)#no auto-summary R1-KCC-5(config-router)#neighbor RR peer-group R1-KCC-5(config-router)#neighbor RR remote-as 130 R1-KCC-5(config-router)#neighbor RR update-source Loopback0 R1-KCC-5(config-router)#neighbor RR route-reflector-client R1-KCC-5(config-router)#neighbor 172.16.2.2 peer-group RR R1-KCC-5(config-router)#neighbor 172.16.3.3 peer-group RR R1-KCC-5(config-router)#neighbor 172.16.4.4 peer-group RR • BGP Peer-Gruop 사용 전 R1-KCC-5(config)#router bgp 130 R1-KCC-5(config-router)#bgp router-id 5.5.5.5 R1-KCC-5(config-router)#no synchronization R1-KCC-5(config-router)#no auto-summary R1-KCC-5(config-router)#neighbor 172.16.2.2 remote-as 130 R1-KCC-5(config-router)#neighbor 172.16.2.2 update-source Loopback0 R1-KCC-5(config-router)#neighbor 172.16.2.2 route-reflector-client R1-KCC-5(config-router)#neighbor 172.16.3.3 remote-as 130 R1-KCC-5(config-router)#neighbor 172.16.3.3 update-source Loopback0 R1-KCC-5(config-router)#neighbor 172.16.3.3 route-reflector-client R1-KCC-5(config-router)#neighbor 172.16.4.4 remote-as 130 R1-KCC-5(config-router)#neighbor 172.16.4.4 update-source Loopback0 R1-KCC-5(config-router)#neighbor 172.16.4.4 route-reflector-clifent
 BGP 04 Requirement & Result BGP 연결 Fail BGP 연결 Success Neighbor 로부터 5초안 에 Open Message를 수 신하지 못하면 Active로 전환된다. 해당 Neighbor로 부터 전 달받는 경로 정보 갯수를 나타낸다.
 NTP 모든 장비 간 시간 동기화를 하시오. ISP 업체와 R1-KCC-3 Router간 시간을 동기화한 후 IBGP 내의 모든 장비는 KCC-3 Router 로부터 동기화 받으시오. 04 Requirement & Result 11.1.5.1로부터 Clock synchronized가 완료 된것을 알수있다. NTP Master 에서 stratum 값을 3으 로 설정한것을 확인할수 있다.
 NTP 04 Requirement & Result  IBGP 내부의 NTP Master인 KCC-3으로부터 내부의 각 장비들 간 시간을 동기화받으시오. 내부 NTP Master 에서 stratum 값을 4으로 설정한것을 확인할수 있다.
04 Requirement & Result  NAT 내부 IP를 공인IP로 전환하고 내부 사설망이 외부와 원활한 통신이 가능하도록 설정하시오 Debug를 통해 내부의 172.16.10.10 대역이 11.13.20.161 공인ip로 전환되 여 나가는것을 확인할수 있다. 사설 IP공인 IP
 라우터 보안 04 Requirement & Result  Router에 HTTP protocol이 있을 경우 외부에서 웹을 통해 Router의 설정을 조회하거 나 변경할수 있게 되어 보안이 취약해진다. 따라서, 이를 보완할수 있도록 Router의 HTTP server 서비스를 중지하도록 설정하시오. 웹사이트를 통해 172.16.1.1접속 시 Router의 정보가 나타난다. Router에서 “no ip http server” command를 이용하여 HTTP server 중지 웹사이트를 통해 172.16.1.1접속 하여도 Router의 정보가 나타나 지 않는다.
 CBAC 04 Requirement & Result  외부의 ISP업체가 내부 네트워크로 default 경로를 줬을 경우 내부망에 접속 할 수 있어 보안에 큰 위협이 될 수 있다. 이때 CBAC을 구성하여 이를 해결하시오. CBAC이란 특정 인터페이스를 통해 정의된 트래픽이 네트워크 외부로 나가며 허용된 트래픽에 한하여, 그 트래픽에 대한 응답 트래픽이 내부 네트워크로 들어갈 수 있도록 임시 항목을 생성하는 것이다. “ip inspect audit-trail” command 입력시 CBAC이 정상 작동할 경우 다음과 같은 정보가 나타난다.
 CBAC 04 Requirement & Result [CBAC] R1-KCC-5(config)#ip inspect audit-trail R1-KCC-5(config)#ip inspect name KCC http R1-KCC-5(config)#ip inspect name KCC telnet R1-KCC-5(config)#interface Ethernet0/0.55 R1-KCC-5(config-if)#ip access-group OUTBOUND in R1-KCC-5(config)#interface Ethernet0/0.77 R1-KCC-5(config-if)#ip access-group INBOUND in R1-KCC-5(config-if)#ip inspect KCC out R1-KCC-5(config)#interface Ethernet0/0.128 R1-KCC-5(config-if)#ip access-group OUTBOUND in R1-KCC-5(config)#ip access-list extended INBOUND R1-KCC-5(config-)# permit eigrp any any permit icmp any 172.16.20.0 0.0.0.255 echo-reply permit icmp any 172.16.20.0 0.0.0.255 traceroute permit icmp any 172.16.20.0 0.0.0.255 unreachable permit icmp any 172.16.10.0 0.0.0.255 echo-reply permit icmp any 172.16.10.0 0.0.0.255 traceroute permit icmp any 172.16.10.0 0.0.0.255 unreachable R1-KCC-5(config)#ip access-list extended OUTBOUND permit ip 172.16.20.0 0.0.0.255 any permit ip 172.16.10.0 0.0.0.255 any Matches 된것을 확인할 수 있다.  외부의 ISP업체가 내부 네트워크로 default 경로를 줬을 경우 내부망에 접속 할 수 있어 보안에 큰 위협이 될 수 있다. 이때 CBAC을 구성하여 이를 해결하시오. *CBAC이란 어떠한 트래픽을 정의하여 특정 인터페이스를 통해 네트워크 외부로 나가는 경우, 그 트래픽에 대한 응답 트래픽이 내부 네트워크로 들어갈 수 있도록 임시 항목을 생성하는 것이다.
 CBAC 설정 방법 R1-KCC-5(config)#ip inspect audit-trail R1-KCC-5(config)#ip inspect name KCC http R1-KCC-5(config)#ip inspect name KCC telnet 04 Requirement & Result CBAC 내부 Inbound Outbound Deny Internal Traffic(Outbound Traffic) External Traffic(Inbound Traffic) Permit http와 telnet에 대해서 audit-trail 기 능이 설정되어있음을 확인할수있다. access-list 가 Serial0/0에 INBOUND 로 설정되이었임을 확인할수있다.
04 Requirement & Result  외부의 한국 타이어, SK Web Server및 L4의 Web Server에 원활히 접속하도록 하시오. L4 Swtich 의 Web Server 접속 SK Web Server 접속 한국 타이어 Web Server 접속
Packet 의 IO Graphs 를 통한 시각화 결과 추출된 이미지의 결과 04 Requirement & Result  Wireshark 를 통한 Packet 검출
CISCO Switch Catalyst 2950 담당자 : 차민건 [SW1] hostname SW1-KCC-1 ! ip subnet-zero ! no ip domain-lookup ! spanning-tree mode pvst no spanning-tree optimize bpdu transmission spanning-tree extend system-id ! interface Port-channel1 switchport mode trunk flowcontrol send off ! interface FastEthernet0/1 switchport mode trunk ! interface FastEthernet0/2 switchport mode trunk ! interface FastEthernet0/3 switchport access vlan 100 switchport mode access ! interface FastEthernet0/4 switchport access vlan 100 switchport mode access ! interface FastEthernet0/7 switchport mode trunk channel-group 1 mode on ! interface FastEthernet0/8 switchport mode trunk channel-group 1 mode on ! interface FastEthernet0/12 switchport mode trunk ! ip http server ! line con 0 exec-timeout 0 0 logging synchronous line vty 0 4 login line vty 5 15 login ! monitor session 1 source interface Fa0/1 - 3 monitor session 1 destination interface Fa0/4 end [SW2] hostname SW2-KCC-2 ! ip subnet-zero ! no ip domain-lookup ! spanning-tree mode pvst no spanning-tree optimize bpdu transmission spanning-tree extend system-id ! interface Port-channel1 switchport mode trunk flowcontrol send off 05 Router & Switch Configuration ! interface FastEthernet0/1 switchport mode trunk ! interface FastEthernet0/2 switchport mode trunk ! interface FastEthernet0/3 switchport access vlan 10 switchport mode access ! interface FastEthernet0/4 switchport access vlan 10 switchport mode access ! interface FastEthernet0/7 switchport mode trunk channel-group 1 mode on ! interface FastEthernet0/8 switchport mode trunk channel-group 1 mode on ! ip http server ! line con 0 exec-timeout 0 0 logging synchronous line vty 0 4 login line vty 5 15 login ! end
CISCO Switch Catalyst 3550 담당자 : 김현승 ! hostname R1-KCC-4 ! ! username MNY privilege 15 password 0 MNY ip subnet-zero ip routing ! no ip domain-lookup ! interface Loopback0 ip address 172.16.4.4 255.255.255.0 ip ospf network point-to-point ! interface FastEthernet0/3 switchport trunk encapsulation dot1q switchport mode dynamic desirable ! interface Vlan42 ip address 172.16.20.14 255.255.255.252 ! interface Vlan55 ip address 172.16.20.9 255.255.255.252 ! router ospf 159 router-id 172.16.4.4 log-adjacency-changes passive-interface Loopback0 network 172.16.4.4 0.0.0.0 area 0 network 172.16.20.9 0.0.0.0 area 1 network 172.16.20.14 0.0.0.0 area 0 ! router bgp 130 no synchronization bgp router-id 4.4.4.4 bgp log-neighbor-changes neighbor 172.16.1.1 remote-as 130 neighbor 172.16.1.1 update-source Loopback0 neighbor 172.16.5.5 remote-as 130 no auto-summary ! ip classless no ip http server ! line con 0 exec-timeout 0 0 logging synchronous line vty 0 4 login local line vty 5 15 login ! ntp clock-period 17179865 ntp server 172.16.3.3 ! end 05 Router & Switch Configuration
CISCO Router 2600 담당자 : 안용석 hostname R1-KCC-2 ! no ip domain lookup ! ip cef ! username MNY privilege 15 password 0 MNY ! interface Loopback0 ip address 172.16.2.2 255.255.255.0 ip ospf network point-to-point ! interface Loopback1 ip address 11.13.20.194 255.255.255.224 secondary ip address 11.13.20.195 255.255.255.224 secondary ip address 11.13.20.196 255.255.255.224 secondary ip address 11.13.20.197 255.255.255.224 secondary ip address 11.13.20.198 255.255.255.224 secondary ip address 11.13.20.199 255.255.255.224 secondary ip address 11.13.20.193 255.255.255.224 ! interface Ethernet0/0 no ip address half-duplex ! interface Ethernet0/0.10 encapsulation dot1Q 10 ip address 172.16.10.33 255.255.255.224 no snmp trap link-status ! interface Ethernet0/0.20 encapsulation dot1Q 20 no snmp trap link-status ! interface Ethernet0/0.128 encapsulation dot1Q 128 ip address 172.16.20.5 255.255.255.252 no snmp trap link-status ! interface Ethernet0/0.300 encapsulation dot1Q 300 ip address 172.16.20.18 255.255.255.252 no snmp trap link-status ! router ospf 159 router-id 172.16.2.2 log-adjacency-changes passive-interface Loopback0 network 172.16.2.2 0.0.0.0 area 0 network 172.16.10.33 0.0.0.0 area 1 network 172.16.20.5 0.0.0.0 area 1 network 172.16.20.18 0.0.0.0 area 0 ! router bgp 130 no synchronization bgp router-id 2.2.2.2 bgp log-neighbor-changes neighbor 172.16.1.1 remote-as 130 neighbor 172.16.1.1 update-source Loopback0 neighbor 172.16.5.5 remote-as 130 neighbor 172.16.5.5 update-source Loopback0 no auto-summary ! ip http server ip classless ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 login local ! end 05 Router & Switch Configuration
CISCO Router 3600 담당자 : 반현수 ! hostname R1-KCC-5 ! ip inspect audit-trail ip inspect name KCC http ip inspect name KCC telnet ! username MNY privilege 15 password 0 MNY ! interface Loopback0 ip address 172.16.5.5 255.255.255.0 ip ospf network point-to-point ! interface Ethernet0/0 no ip address half-duplex ! interface Ethernet0/0.55 encapsulation dot1Q 55 ip address 172.16.20.10 255.255.255.252 ip access-group OUTBOUND in ! interface Ethernet0/0.128 encapsulation dot1Q 128 ip address 172.16.20.6 255.255.255.252 ip access-group OUTBOUND in ! interface Serial0/0 ip address 172.16.20.1 255.255.255.252 ip access-group INBOUND in ip inspect KCC out clock rate 64000 no fair-queue ! 05 Router & Switch Configuration router eigrp 168 redistribute ospf 159 metric 10000 100 255 1 1500 passive-interface Loopback0 network 172.16.20.1 0.0.0.0 no auto-summary ! router ospf 159 router-id 172.16.5.5 log-adjacency-changes redistribute eigrp 168 subnets passive-interface Loopback0 network 172.16.5.5 0.0.0.0 area 1 network 172.16.20.6 0.0.0.0 area 1 network 172.16.20.10 0.0.0.0 area 1 default-information originate ! router bgp 130 no synchronization bgp router-id 5.5.5.5 bgp log-neighbor-changes neighbor RR peer-group neighbor RR remote-as 130 neighbor RR update-source Loopback0 neighbor RR route-reflector-client neighbor 172.16.2.2 peer-group RR neighbor 172.16.3.3 peer-group RR neighbor 172.16.4.4 peer-group RR no auto-summary ip access-list extended INBOUND permit eigrp any any permit icmp any 172.16.20.0 0.0.0.255 echo-reply permit icmp any 172.16.20.0 0.0.0.255 traceroute permit icmp any 172.16.20.0 0.0.0.255 unreachable permit icmp any 172.16.10.0 0.0.0.255 echo-reply permit icmp any 172.16.10.0 0.0.0.255 traceroute ! permit icmp any 172.16.10.0 0.0.0.255 unreachable permit tcp any any eq bgp permit tcp any host 172.16.10.10 eq www permit udp any any eq ntp ip access-list extended OUTBOUND permit ip 172.16.20.0 0.0.0.255 any permit ip 172.16.10.0 0.0.0.255 any permit tcp any any eq bgp permit ip host 172.16.1.1 any permit ip host 172.16.2.2 any permit ip host 172.16.3.3 any permit ip host 172.16.4.4 any ! line con 0 exec-timeout 0 0 logging synchronous line vty 0 4 login local ! ntp clock-period 17179864 ntp server 172.16.3.3 ! end
CISCO Router 2600 담당자 : 윤영욱 hostname R1-KCC-1 ! no ip domain lookup ! ip cef ! username MNY privilege 15 password 0 MNY ! interface Loopback0 ip address 172.16.1.1 255.255.255.0 ip ospf network point-to-point ! interface Loopback1 ip address 11.13.20.226 255.255.255.224 secondary ip address 11.13.20.227 255.255.255.224 secondary ip address 11.13.20.228 255.255.255.224 secondary ip address 11.13.20.229 255.255.255.224 secondary ip address 11.13.20.230 255.255.255.224 secondary ip address 11.13.20.231 255.255.255.224 secondary ip address 11.13.20.225 255.255.255.224 ! interface Ethernet0/0 no ip address half-duplex ! interface Ethernet0/0.42 encapsulation dot1Q 42 ip address 172.16.20.13 255.255.255.252 no snmp trap link-status ! interface Ethernet0/0.100 encapsulation dot1Q 100 ip address 172.16.10.1 255.255.255.224 no snmp trap link-status ! interface Ethernet0/0.300 encapsulation dot1Q 300 ip address 172.16.20.17 255.255.255.252 no snmp trap link-status ! router ospf 159 router-id 172.16.1.1 log-adjacency-changes passive-interface Loopback0 network 172.16.1.1 0.0.0.0 area 0 network 172.16.10.1 0.0.0.0 area 0 network 172.16.20.13 0.0.0.0 area 0 network 172.16.20.17 0.0.0.0 area 0 ! router bgp 130 no synchronization bgp router-id 1.1.1.1 bgp log-neighbor-changes network 11.13.20.224 mask 255.255.255.224 neighbor 172.16.2.2 remote-as 130 neighbor 172.16.2.2 update-source Loopback0 neighbor 172.16.4.4 remote-as 130 neighbor 172.16.4.4 update-source Loopback0 no auto-summary ! no ip http server ip classless ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 login local ! end 05 Router & Switch Configuration
CISCO Router 2600 담당자 : 맹나연 hostname R1-KCC-3 ! no aaa new-model ip subnet-zero ! no ip domain lookup ! ip cef ! username MNY privilege 15 password 0 MNY ! interface Loopback0 ip address 172.16.3.3 255.255.255.0 ! interface Ethernet0/0 ip address 11.13.7.2 255.255.255.252 ip nat outside half-duplex ! interface Serial0/0 ip address 172.16.20.2 255.255.255.252 ip nat inside ip summary-address eigrp 168 0.0.0.0 0.0.0.0 5 no fair-queue ! router eigrp 168 passive-interface Loopback0 network 172.16.3.3 0.0.0.0 network 172.16.20.2 0.0.0.0 no auto-summary ! 05 Router & Switch Configuration router bgp 130 no synchronization bgp router-id 3.3.3.3 bgp log-neighbor-changes neighbor 11.13.7.1 remote-as 100 neighbor 172.16.5.5 remote-as 130 neighbor 172.16.5.5 update-source Loopback0 neighbor 172.16.5.5 next-hop-self no auto-summary ! ip nat pool PUBLICIP 11.13.20.1 11.13.20.127 netmask 255.255.255.128 ip nat inside source list NAT pool PUBLICIP ip nat inside source static 172.16.10.10 11.13.20.161 no ip http server ip classless ip route 0.0.0.0 0.0.0.0 Ethernet0/0 11.13.7.1 ! ip access-list standard NAT permit 172.16.3.3 permit 172.16.20.0 0.0.0.255 permit 172.16.10.0 0.0.0.255 ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 login local ! ntp clock-period 17208079 ntp source Loopback0 ntp master 4 ntp server 11.1.5.1 ! end

Recommended

Icnd210 s05l02
Icnd210 s05l02Icnd210 s05l02
Icnd210 s05l02
computerlenguyen
 
Icnd210 s06l02
Icnd210 s06l02Icnd210 s06l02
Icnd210 s06l02
computerlenguyen
 
Icnd210 s08l02
Icnd210 s08l02Icnd210 s08l02
Icnd210 s08l02
computerlenguyen
 
Icnd210 s06l03
Icnd210 s06l03Icnd210 s06l03
Icnd210 s06l03
computerlenguyen
 
Icnd210 s08l03
Icnd210 s08l03Icnd210 s08l03
Icnd210 s08l03
computerlenguyen
 
Basic BGP Configuration
Basic BGP ConfigurationBasic BGP Configuration
Basic BGP Configuration
NetProtocol Xpert
 
Icnd210 s04l01
Icnd210 s04l01Icnd210 s04l01
Icnd210 s04l01
computerlenguyen
 
Icnd210 s04l02
Icnd210 s04l02Icnd210 s04l02
Icnd210 s04l02
computerlenguyen
 

Recommended

Icnd210 s05l02
Icnd210 s05l02Icnd210 s05l02
Icnd210 s05l02
computerlenguyen
 
Icnd210 s06l02
Icnd210 s06l02Icnd210 s06l02
Icnd210 s06l02
computerlenguyen
 
Icnd210 s08l02
Icnd210 s08l02Icnd210 s08l02
Icnd210 s08l02
computerlenguyen
 
Icnd210 s06l03
Icnd210 s06l03Icnd210 s06l03
Icnd210 s06l03
computerlenguyen
 
Icnd210 s08l03
Icnd210 s08l03Icnd210 s08l03
Icnd210 s08l03
computerlenguyen
 
Basic BGP Configuration
Basic BGP ConfigurationBasic BGP Configuration
Basic BGP Configuration
NetProtocol Xpert
 
Icnd210 s04l01
Icnd210 s04l01Icnd210 s04l01
Icnd210 s04l01
computerlenguyen
 
Icnd210 s04l02
Icnd210 s04l02Icnd210 s04l02
Icnd210 s04l02
computerlenguyen
 
Icnd210 s07l01
Icnd210 s07l01Icnd210 s07l01
Icnd210 s07l01
computerlenguyen
 
Icnd210 s08l01
Icnd210 s08l01Icnd210 s08l01
Icnd210 s08l01
computerlenguyen
 
Icnd210 s06l01
Icnd210 s06l01Icnd210 s06l01
Icnd210 s06l01
computerlenguyen
 
Icnd210 s07l02
Icnd210 s07l02Icnd210 s07l02
Icnd210 s07l02
computerlenguyen
 
Icnd210 s03l02
Icnd210 s03l02Icnd210 s03l02
Icnd210 s03l02
computerlenguyen
 
Icnd210 s08l04
Icnd210 s08l04Icnd210 s08l04
Icnd210 s08l04
computerlenguyen
 
Eigrp authentication
Eigrp authenticationEigrp authentication
Eigrp authentication
computerlenguyen
 
Icnd210 s02l04
Icnd210 s02l04Icnd210 s02l04
Icnd210 s02l04
computerlenguyen
 
Icnd210 s02l02
Icnd210 s02l02Icnd210 s02l02
Icnd210 s02l02
computerlenguyen
 
11.6.1
11.6.111.6.1
11.6.1
UNAD
 
Practice exam #2
Practice exam #2Practice exam #2
Practice exam #2
Kris Mofu
 
Algosec how to avoid business outages from misconfigured devices final
Algosec how to avoid business outages from misconfigured devices finalAlgosec how to avoid business outages from misconfigured devices final
Algosec how to avoid business outages from misconfigured devices final
Maytal Levi
 
Cisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookCisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBook
RHC Technologies
 
Icnd210 cag
Icnd210 cagIcnd210 cag
Icnd210 cag
computerlenguyen
 
Lab 9 instructions
Lab 9 instructionsLab 9 instructions
Lab 9 instructions
trayyoo
 
CCNA Icnd110 s06l02
CCNA Icnd110 s06l02CCNA Icnd110 s06l02
CCNA Icnd110 s06l02
computerlenguyen
 
Deploy Failover/High Availability in ASA Firewall
Deploy Failover/High Availability in ASA FirewallDeploy Failover/High Availability in ASA Firewall
Deploy Failover/High Availability in ASA Firewall
KHNOG
 
Cisco discovery drs ent module 8 - v.4 in english.
Cisco discovery drs ent module 8 - v.4 in english.Cisco discovery drs ent module 8 - v.4 in english.
Cisco discovery drs ent module 8 - v.4 in english.
igede tirtanata
 
MC-1610MR 16-Slot Managed Media Converter Chassis with Redundant Power Supply...
MC-1610MR 16-Slot Managed Media Converter Chassis with Redundant Power Supply...MC-1610MR 16-Slot Managed Media Converter Chassis with Redundant Power Supply...
MC-1610MR 16-Slot Managed Media Converter Chassis with Redundant Power Supply...
BluBoxx Communication Pvt. ltd
 
Day 11 eigrp
Day 11 eigrpDay 11 eigrp
Day 11 eigrp
CYBERINTELLIGENTS
 
EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)
Aruba, a Hewlett Packard Enterprise company
 
BACIK CISCO SKILLS
BACIK CISCO SKILLSBACIK CISCO SKILLS
BACIK CISCO SKILLS
Peťko Z Chochoľova
 

More Related Content

What's hot

Icnd210 s07l01
Icnd210 s07l01Icnd210 s07l01
Icnd210 s07l01
computerlenguyen
 
Icnd210 s08l01
Icnd210 s08l01Icnd210 s08l01
Icnd210 s08l01
computerlenguyen
 
Icnd210 s06l01
Icnd210 s06l01Icnd210 s06l01
Icnd210 s06l01
computerlenguyen
 
Icnd210 s07l02
Icnd210 s07l02Icnd210 s07l02
Icnd210 s07l02
computerlenguyen
 
Icnd210 s03l02
Icnd210 s03l02Icnd210 s03l02
Icnd210 s03l02
computerlenguyen
 
Icnd210 s08l04
Icnd210 s08l04Icnd210 s08l04
Icnd210 s08l04
computerlenguyen
 
Eigrp authentication
Eigrp authenticationEigrp authentication
Eigrp authentication
computerlenguyen
 
Icnd210 s02l04
Icnd210 s02l04Icnd210 s02l04
Icnd210 s02l04
computerlenguyen
 
Icnd210 s02l02
Icnd210 s02l02Icnd210 s02l02
Icnd210 s02l02
computerlenguyen
 
11.6.1
11.6.111.6.1
11.6.1
UNAD
 
Practice exam #2
Practice exam #2Practice exam #2
Practice exam #2
Kris Mofu
 
Algosec how to avoid business outages from misconfigured devices final
Algosec how to avoid business outages from misconfigured devices finalAlgosec how to avoid business outages from misconfigured devices final
Algosec how to avoid business outages from misconfigured devices final
Maytal Levi
 
Cisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookCisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBook
RHC Technologies
 
Icnd210 cag
Icnd210 cagIcnd210 cag
Icnd210 cag
computerlenguyen
 
Lab 9 instructions
Lab 9 instructionsLab 9 instructions
Lab 9 instructions
trayyoo
 
CCNA Icnd110 s06l02
CCNA Icnd110 s06l02CCNA Icnd110 s06l02
CCNA Icnd110 s06l02
computerlenguyen
 
Deploy Failover/High Availability in ASA Firewall
Deploy Failover/High Availability in ASA FirewallDeploy Failover/High Availability in ASA Firewall
Deploy Failover/High Availability in ASA Firewall
KHNOG
 
Cisco discovery drs ent module 8 - v.4 in english.
Cisco discovery drs ent module 8 - v.4 in english.Cisco discovery drs ent module 8 - v.4 in english.
Cisco discovery drs ent module 8 - v.4 in english.
igede tirtanata
 
MC-1610MR 16-Slot Managed Media Converter Chassis with Redundant Power Supply...
MC-1610MR 16-Slot Managed Media Converter Chassis with Redundant Power Supply...MC-1610MR 16-Slot Managed Media Converter Chassis with Redundant Power Supply...
MC-1610MR 16-Slot Managed Media Converter Chassis with Redundant Power Supply...
BluBoxx Communication Pvt. ltd
 
Day 11 eigrp
Day 11 eigrpDay 11 eigrp
Day 11 eigrp
CYBERINTELLIGENTS
 

What's hot (20)

Icnd210 s07l01
Icnd210 s07l01Icnd210 s07l01
Icnd210 s07l01
 
Icnd210 s08l01
Icnd210 s08l01Icnd210 s08l01
Icnd210 s08l01
 
Icnd210 s06l01
Icnd210 s06l01Icnd210 s06l01
Icnd210 s06l01
 
Icnd210 s07l02
Icnd210 s07l02Icnd210 s07l02
Icnd210 s07l02
 
Icnd210 s03l02
Icnd210 s03l02Icnd210 s03l02
Icnd210 s03l02
 
Icnd210 s08l04
Icnd210 s08l04Icnd210 s08l04
Icnd210 s08l04
 
Eigrp authentication
Eigrp authenticationEigrp authentication
Eigrp authentication
 
Icnd210 s02l04
Icnd210 s02l04Icnd210 s02l04
Icnd210 s02l04
 
Icnd210 s02l02
Icnd210 s02l02Icnd210 s02l02
Icnd210 s02l02
 
11.6.1
11.6.111.6.1
11.6.1
 
Practice exam #2
Practice exam #2Practice exam #2
Practice exam #2
 
Algosec how to avoid business outages from misconfigured devices final
Algosec how to avoid business outages from misconfigured devices finalAlgosec how to avoid business outages from misconfigured devices final
Algosec how to avoid business outages from misconfigured devices final
 
Cisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookCisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBook
 
Icnd210 cag
Icnd210 cagIcnd210 cag
Icnd210 cag
 
Lab 9 instructions
Lab 9 instructionsLab 9 instructions
Lab 9 instructions
 
CCNA Icnd110 s06l02
CCNA Icnd110 s06l02CCNA Icnd110 s06l02
CCNA Icnd110 s06l02
 
Deploy Failover/High Availability in ASA Firewall
Deploy Failover/High Availability in ASA FirewallDeploy Failover/High Availability in ASA Firewall
Deploy Failover/High Availability in ASA Firewall
 
Cisco discovery drs ent module 8 - v.4 in english.
Cisco discovery drs ent module 8 - v.4 in english.Cisco discovery drs ent module 8 - v.4 in english.
Cisco discovery drs ent module 8 - v.4 in english.
 
MC-1610MR 16-Slot Managed Media Converter Chassis with Redundant Power Supply...
MC-1610MR 16-Slot Managed Media Converter Chassis with Redundant Power Supply...MC-1610MR 16-Slot Managed Media Converter Chassis with Redundant Power Supply...
MC-1610MR 16-Slot Managed Media Converter Chassis with Redundant Power Supply...
 
Day 11 eigrp
Day 11 eigrpDay 11 eigrp
Day 11 eigrp
 

Similar to 보안위협 관리통제

EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)
Aruba, a Hewlett Packard Enterprise company
 
BACIK CISCO SKILLS
BACIK CISCO SKILLSBACIK CISCO SKILLS
BACIK CISCO SKILLS
Peťko Z Chochoľova
 
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docxCCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
keturahhazelhurst
 
Ccna 1 chapter 11 v4.0 answers 2011
Ccna 1 chapter 11 v4.0 answers 2011Ccna 1 chapter 11 v4.0 answers 2011
Ccna 1 chapter 11 v4.0 answers 2011
Dân Chơi
 
PFRv3 – новое поколение технологии Performance Routing для интеллектуального ...
PFRv3 – новое поколение технологии Performance Routing для интеллектуального ...PFRv3 – новое поколение технологии Performance Routing для интеллектуального ...
PFRv3 – новое поколение технологии Performance Routing для интеллектуального ...
Cisco Russia
 
Ccna 3 Final V4.0 Answers
Ccna 3 Final V4.0 AnswersCcna 3 Final V4.0 Answers
Ccna 3 Final V4.0 Answers
ccna4discovery
 
Ccna 4 chapter 3 v4.0 answers 2011
Ccna 4 chapter 3 v4.0 answers 2011Ccna 4 chapter 3 v4.0 answers 2011
Ccna 4 chapter 3 v4.0 answers 2011
Dân Chơi
 
cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdf
cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdfcisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdf
cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdf
AsgarAlam6
 
Detailed explanation of Basic router configuration
Detailed explanation of Basic router configurationDetailed explanation of Basic router configuration
Detailed explanation of Basic router configuration
samreenghauri786
 
Ccna 2 Final V4 1
Ccna 2 Final V4 1Ccna 2 Final V4 1
Ccna 2 Final V4 1
stigerj
 
Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140) Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140)
Bangladesh Network Operators Group
 
Chapter14ccna
Chapter14ccnaChapter14ccna
Chapter14ccna
ernestlithur
 
Chapter14ccna
Chapter14ccnaChapter14ccna
Chapter14ccna
robertoxe
 
Samplab19
Samplab19Samplab19
Samplab19
Noman Ashraf (CCNA, MCTS)
 
Configuring Ip Sec Between A Router And A Pix
Configuring Ip Sec Between A Router And A PixConfiguring Ip Sec Between A Router And A Pix
Configuring Ip Sec Between A Router And A Pix
angelitoh11
 
Chapter14ccna
Chapter14ccnaChapter14ccna
Chapter14ccna
Lakshan Perera
 
18763980 ccna-lab-manual-640802-ii-2009-ii
18763980 ccna-lab-manual-640802-ii-2009-ii18763980 ccna-lab-manual-640802-ii-2009-ii
18763980 ccna-lab-manual-640802-ii-2009-ii
Helder B. Martínez Peña
 
18763980 ccna-lab-manual-640802-ii-2009-ii
18763980 ccna-lab-manual-640802-ii-2009-ii18763980 ccna-lab-manual-640802-ii-2009-ii
18763980 ccna-lab-manual-640802-ii-2009-ii
Helder B. Martínez Peña
 
18763980 ccna-lab-manual-640802-ii-2009-ii
18763980 ccna-lab-manual-640802-ii-2009-ii18763980 ccna-lab-manual-640802-ii-2009-ii
18763980 ccna-lab-manual-640802-ii-2009-ii
Helder B. Martínez Peña
 
corporate network
corporate networkcorporate network
corporate network
Kaushal Kishore
 

Similar to 보안위협 관리통제 (20)

EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)
 
BACIK CISCO SKILLS
BACIK CISCO SKILLSBACIK CISCO SKILLS
BACIK CISCO SKILLS
 
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docxCCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
 
Ccna 1 chapter 11 v4.0 answers 2011
Ccna 1 chapter 11 v4.0 answers 2011Ccna 1 chapter 11 v4.0 answers 2011
Ccna 1 chapter 11 v4.0 answers 2011
 
PFRv3 – новое поколение технологии Performance Routing для интеллектуального ...
PFRv3 – новое поколение технологии Performance Routing для интеллектуального ...PFRv3 – новое поколение технологии Performance Routing для интеллектуального ...
PFRv3 – новое поколение технологии Performance Routing для интеллектуального ...
 
Ccna 3 Final V4.0 Answers
Ccna 3 Final V4.0 AnswersCcna 3 Final V4.0 Answers
Ccna 3 Final V4.0 Answers
 
Ccna 4 chapter 3 v4.0 answers 2011
Ccna 4 chapter 3 v4.0 answers 2011Ccna 4 chapter 3 v4.0 answers 2011
Ccna 4 chapter 3 v4.0 answers 2011
 
cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdf
cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdfcisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdf
cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdf
 
Detailed explanation of Basic router configuration
Detailed explanation of Basic router configurationDetailed explanation of Basic router configuration
Detailed explanation of Basic router configuration
 
Ccna 2 Final V4 1
Ccna 2 Final V4 1Ccna 2 Final V4 1
Ccna 2 Final V4 1
 
Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140) Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140)
 
Chapter14ccna
Chapter14ccnaChapter14ccna
Chapter14ccna
 
Chapter14ccna
Chapter14ccnaChapter14ccna
Chapter14ccna
 
Samplab19
Samplab19Samplab19
Samplab19
 
Configuring Ip Sec Between A Router And A Pix
Configuring Ip Sec Between A Router And A PixConfiguring Ip Sec Between A Router And A Pix
Configuring Ip Sec Between A Router And A Pix
 
Chapter14ccna
Chapter14ccnaChapter14ccna
Chapter14ccna
 
18763980 ccna-lab-manual-640802-ii-2009-ii
18763980 ccna-lab-manual-640802-ii-2009-ii18763980 ccna-lab-manual-640802-ii-2009-ii
18763980 ccna-lab-manual-640802-ii-2009-ii
 
18763980 ccna-lab-manual-640802-ii-2009-ii
18763980 ccna-lab-manual-640802-ii-2009-ii18763980 ccna-lab-manual-640802-ii-2009-ii
18763980 ccna-lab-manual-640802-ii-2009-ii
 
18763980 ccna-lab-manual-640802-ii-2009-ii
18763980 ccna-lab-manual-640802-ii-2009-ii18763980 ccna-lab-manual-640802-ii-2009-ii
18763980 ccna-lab-manual-640802-ii-2009-ii
 
corporate network
corporate networkcorporate network
corporate network
 

Recently uploaded

IGCSE Biology Chapter 14- Reproduction in Plants.pdf
IGCSE Biology Chapter 14- Reproduction in Plants.pdfIGCSE Biology Chapter 14- Reproduction in Plants.pdf
IGCSE Biology Chapter 14- Reproduction in Plants.pdf
Amin Marwan
 
math operations ued in python and all used
math operations ued in python and all usedmath operations ued in python and all used
math operations ued in python and all used
ssuser13ffe4
 
Main Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docxMain Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docx
adhitya5119
 
Advanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docxAdvanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docx
adhitya5119
 
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
imrankhan141184
 
clinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdfclinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdf
Priyankaranawat4
 
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
Priyankaranawat4
 
spot a liar (Haiqa 146).pptx Technical writhing and presentation skills
spot a liar (Haiqa 146).pptx Technical writhing and presentation skillsspot a liar (Haiqa 146).pptx Technical writhing and presentation skills
spot a liar (Haiqa 146).pptx Technical writhing and presentation skills
haiqairshad
 
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
Nguyen Thanh Tu Collection
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
Nguyen Thanh Tu Collection
 
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptxPrésentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
siemaillard
 
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective UpskillingYour Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Excellence Foundation for South Sudan
 
Liberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdfLiberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdf
WaniBasim
 
The basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptxThe basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptx
heathfieldcps1
 
คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1
คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1
คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1
สมใจ จันสุกสี
 
How to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint Presentations.pptxHow to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint Presentations.pptx
HajraNaeem15
 
Wound healing PPT
Wound healing PPTWound healing PPT
Wound healing PPT
Jyoti Chand
 
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptxNEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
iammrhaywood
 
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdfবাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
eBook.com.bd (প্রয়োজনীয় বাংলা বই)
 
writing about opinions about Australia the movie
writing about opinions about Australia the moviewriting about opinions about Australia the movie
writing about opinions about Australia the movie
Nicholas Montgomery
 

Recently uploaded (20)

IGCSE Biology Chapter 14- Reproduction in Plants.pdf
IGCSE Biology Chapter 14- Reproduction in Plants.pdfIGCSE Biology Chapter 14- Reproduction in Plants.pdf
IGCSE Biology Chapter 14- Reproduction in Plants.pdf
 
math operations ued in python and all used
math operations ued in python and all usedmath operations ued in python and all used
math operations ued in python and all used
 
Main Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docxMain Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docx
 
Advanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docxAdvanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docx
 
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
 
clinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdfclinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdf
 
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
 
spot a liar (Haiqa 146).pptx Technical writhing and presentation skills
spot a liar (Haiqa 146).pptx Technical writhing and presentation skillsspot a liar (Haiqa 146).pptx Technical writhing and presentation skills
spot a liar (Haiqa 146).pptx Technical writhing and presentation skills
 
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
 
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptxPrésentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
 
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective UpskillingYour Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective Upskilling
 
Liberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdfLiberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdf
 
The basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptxThe basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptx
 
คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1
คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1
คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1
 
How to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint Presentations.pptxHow to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint Presentations.pptx
 
Wound healing PPT
Wound healing PPTWound healing PPT
Wound healing PPT
 
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptxNEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
 
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdfবাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
 
writing about opinions about Australia the movie
writing about opinions about Australia the moviewriting about opinions about Australia the movie
writing about opinions about Australia the movie
 

보안위협 관리통제

  • 2. 01 Introduction of Operator 02 Required Equipment and Cables 03 Topology 04 Requirement and Result 05 Configuration I N D E
  • 3. 02 Required Equipment and Cables SW1-KCC-1 / CISCO Switch Catalyst 2950 SW2-KCC-2/ CISCO Switch Catalyst 2950 R1-KCC-2 / CISCO Router 2600 R1-KCC-3 / CISCO Router 2600 R1-KCC-5 / CISCO Router 3600 R1-KCC-4 / CISCO Switch Catalyst 3550 R1-KCC-1/ CISCO Router 2600
  • 4.  L2 계층 구성도 03 Topology f0/7-8 SW1-KCC-1 f0/1 f0/2f0/1 f0/2 SW1-KCC-2 R1-KCC-5 R1-KCC-2 R1-KCC-3 VTP Domain : MNY168 VTP Password : MNY160 R1-KCC-4 R1-KCC-1 f0/12
  • 5.  L3 계층 구성도 03 Topology 172.16.20.4/30 VLAN 128 Area 1 EIGRP 168 OSPF 159 172.16.20.0/30 NATCBAC R1-KCC-1 R1-KCC-3 R1-KCC-4 R1-KCC-5VLAN 55 172.16.20.8/30 172.16.20.16/30 172.16.20.12/30 VLAN 300 VLAN 42 Area 0 R1-KCC-2 Web VLAN 100 Client VLAN 10 172.16.10.10/27 172.16.10.0/27 172.16.10.40/27 172.16.10.32/27 DCE E0/0 11.13.7.0/30 .2 172.16.3.3/24 172.16.5.5/24 172.16.2.2/24 172.16.4.4/24 172.16.1.1/24 BGP AS 130 ISP
  • 6.  L3 계층 구성도 03 Topology Area 1 EIGRP 168 OSPF 159 NAT R1-KCC-3R1-KCC-5 Area 0 R1-KCC-2 Web Client HANKOOK TIRE Web CBAC SK KCC BGP AS 120BGP AS 100BGP AS 130 WebWeb R1-KCC-1 R1-KCC-4 ISP
  • 7.  BGP SK와 HANKOOKTIRE와 경로 정보를 원활히 교환 할수있도록 IBGP 환경을 구축하시오. (단, IBGP 연결을 BGP Peer-Group 을 사용하여 BGP 설정 내용을 간결하게 하시오) 04 Requirement & Result • BGP Peer-Gruop 사용 후 R1-KCC-5(config)#router bgp 130 R1-KCC-5(config-router)#bgp router-id 5.5.5.5 R1-KCC-5(config-router)#no synchronization R1-KCC-5(config-router)#no auto-summary R1-KCC-5(config-router)#neighbor RR peer-group R1-KCC-5(config-router)#neighbor RR remote-as 130 R1-KCC-5(config-router)#neighbor RR update-source Loopback0 R1-KCC-5(config-router)#neighbor RR route-reflector-client R1-KCC-5(config-router)#neighbor 172.16.2.2 peer-group RR R1-KCC-5(config-router)#neighbor 172.16.3.3 peer-group RR R1-KCC-5(config-router)#neighbor 172.16.4.4 peer-group RR • BGP Peer-Gruop 사용 전 R1-KCC-5(config)#router bgp 130 R1-KCC-5(config-router)#bgp router-id 5.5.5.5 R1-KCC-5(config-router)#no synchronization R1-KCC-5(config-router)#no auto-summary R1-KCC-5(config-router)#neighbor 172.16.2.2 remote-as 130 R1-KCC-5(config-router)#neighbor 172.16.2.2 update-source Loopback0 R1-KCC-5(config-router)#neighbor 172.16.2.2 route-reflector-client R1-KCC-5(config-router)#neighbor 172.16.3.3 remote-as 130 R1-KCC-5(config-router)#neighbor 172.16.3.3 update-source Loopback0 R1-KCC-5(config-router)#neighbor 172.16.3.3 route-reflector-client R1-KCC-5(config-router)#neighbor 172.16.4.4 remote-as 130 R1-KCC-5(config-router)#neighbor 172.16.4.4 update-source Loopback0 R1-KCC-5(config-router)#neighbor 172.16.4.4 route-reflector-clifent
  • 8.  BGP 04 Requirement & Result BGP 연결 Fail BGP 연결 Success Neighbor 로부터 5초안 에 Open Message를 수 신하지 못하면 Active로 전환된다. 해당 Neighbor로 부터 전 달받는 경로 정보 갯수를 나타낸다.
  • 9.  NTP 모든 장비 간 시간 동기화를 하시오. ISP 업체와 R1-KCC-3 Router간 시간을 동기화한 후 IBGP 내의 모든 장비는 KCC-3 Router 로부터 동기화 받으시오. 04 Requirement & Result 11.1.5.1로부터 Clock synchronized가 완료 된것을 알수있다. NTP Master 에서 stratum 값을 3으 로 설정한것을 확인할수 있다.
  • 10.  NTP 04 Requirement & Result  IBGP 내부의 NTP Master인 KCC-3으로부터 내부의 각 장비들 간 시간을 동기화받으시오. 내부 NTP Master 에서 stratum 값을 4으로 설정한것을 확인할수 있다.
  • 11. 04 Requirement & Result  NAT 내부 IP를 공인IP로 전환하고 내부 사설망이 외부와 원활한 통신이 가능하도록 설정하시오 Debug를 통해 내부의 172.16.10.10 대역이 11.13.20.161 공인ip로 전환되 여 나가는것을 확인할수 있다. 사설 IP공인 IP
  • 12.  라우터 보안 04 Requirement & Result  Router에 HTTP protocol이 있을 경우 외부에서 웹을 통해 Router의 설정을 조회하거 나 변경할수 있게 되어 보안이 취약해진다. 따라서, 이를 보완할수 있도록 Router의 HTTP server 서비스를 중지하도록 설정하시오. 웹사이트를 통해 172.16.1.1접속 시 Router의 정보가 나타난다. Router에서 “no ip http server” command를 이용하여 HTTP server 중지 웹사이트를 통해 172.16.1.1접속 하여도 Router의 정보가 나타나 지 않는다.
  • 13.  CBAC 04 Requirement & Result  외부의 ISP업체가 내부 네트워크로 default 경로를 줬을 경우 내부망에 접속 할 수 있어 보안에 큰 위협이 될 수 있다. 이때 CBAC을 구성하여 이를 해결하시오. CBAC이란 특정 인터페이스를 통해 정의된 트래픽이 네트워크 외부로 나가며 허용된 트래픽에 한하여, 그 트래픽에 대한 응답 트래픽이 내부 네트워크로 들어갈 수 있도록 임시 항목을 생성하는 것이다. “ip inspect audit-trail” command 입력시 CBAC이 정상 작동할 경우 다음과 같은 정보가 나타난다.
  • 14.  CBAC 04 Requirement & Result [CBAC] R1-KCC-5(config)#ip inspect audit-trail R1-KCC-5(config)#ip inspect name KCC http R1-KCC-5(config)#ip inspect name KCC telnet R1-KCC-5(config)#interface Ethernet0/0.55 R1-KCC-5(config-if)#ip access-group OUTBOUND in R1-KCC-5(config)#interface Ethernet0/0.77 R1-KCC-5(config-if)#ip access-group INBOUND in R1-KCC-5(config-if)#ip inspect KCC out R1-KCC-5(config)#interface Ethernet0/0.128 R1-KCC-5(config-if)#ip access-group OUTBOUND in R1-KCC-5(config)#ip access-list extended INBOUND R1-KCC-5(config-)# permit eigrp any any permit icmp any 172.16.20.0 0.0.0.255 echo-reply permit icmp any 172.16.20.0 0.0.0.255 traceroute permit icmp any 172.16.20.0 0.0.0.255 unreachable permit icmp any 172.16.10.0 0.0.0.255 echo-reply permit icmp any 172.16.10.0 0.0.0.255 traceroute permit icmp any 172.16.10.0 0.0.0.255 unreachable R1-KCC-5(config)#ip access-list extended OUTBOUND permit ip 172.16.20.0 0.0.0.255 any permit ip 172.16.10.0 0.0.0.255 any Matches 된것을 확인할 수 있다.  외부의 ISP업체가 내부 네트워크로 default 경로를 줬을 경우 내부망에 접속 할 수 있어 보안에 큰 위협이 될 수 있다. 이때 CBAC을 구성하여 이를 해결하시오. *CBAC이란 어떠한 트래픽을 정의하여 특정 인터페이스를 통해 네트워크 외부로 나가는 경우, 그 트래픽에 대한 응답 트래픽이 내부 네트워크로 들어갈 수 있도록 임시 항목을 생성하는 것이다.
  • 15.  CBAC 설정 방법 R1-KCC-5(config)#ip inspect audit-trail R1-KCC-5(config)#ip inspect name KCC http R1-KCC-5(config)#ip inspect name KCC telnet 04 Requirement & Result CBAC 내부 Inbound Outbound Deny Internal Traffic(Outbound Traffic) External Traffic(Inbound Traffic) Permit http와 telnet에 대해서 audit-trail 기 능이 설정되어있음을 확인할수있다. access-list 가 Serial0/0에 INBOUND 로 설정되이었임을 확인할수있다.
  • 16. 04 Requirement & Result  외부의 한국 타이어, SK Web Server및 L4의 Web Server에 원활히 접속하도록 하시오. L4 Swtich 의 Web Server 접속 SK Web Server 접속 한국 타이어 Web Server 접속
  • 17. Packet 의 IO Graphs 를 통한 시각화 결과 추출된 이미지의 결과 04 Requirement & Result  Wireshark 를 통한 Packet 검출
  • 18. CISCO Switch Catalyst 2950 담당자 : 차민건 [SW1] hostname SW1-KCC-1 ! ip subnet-zero ! no ip domain-lookup ! spanning-tree mode pvst no spanning-tree optimize bpdu transmission spanning-tree extend system-id ! interface Port-channel1 switchport mode trunk flowcontrol send off ! interface FastEthernet0/1 switchport mode trunk ! interface FastEthernet0/2 switchport mode trunk ! interface FastEthernet0/3 switchport access vlan 100 switchport mode access ! interface FastEthernet0/4 switchport access vlan 100 switchport mode access ! interface FastEthernet0/7 switchport mode trunk channel-group 1 mode on ! interface FastEthernet0/8 switchport mode trunk channel-group 1 mode on ! interface FastEthernet0/12 switchport mode trunk ! ip http server ! line con 0 exec-timeout 0 0 logging synchronous line vty 0 4 login line vty 5 15 login ! monitor session 1 source interface Fa0/1 - 3 monitor session 1 destination interface Fa0/4 end [SW2] hostname SW2-KCC-2 ! ip subnet-zero ! no ip domain-lookup ! spanning-tree mode pvst no spanning-tree optimize bpdu transmission spanning-tree extend system-id ! interface Port-channel1 switchport mode trunk flowcontrol send off 05 Router & Switch Configuration ! interface FastEthernet0/1 switchport mode trunk ! interface FastEthernet0/2 switchport mode trunk ! interface FastEthernet0/3 switchport access vlan 10 switchport mode access ! interface FastEthernet0/4 switchport access vlan 10 switchport mode access ! interface FastEthernet0/7 switchport mode trunk channel-group 1 mode on ! interface FastEthernet0/8 switchport mode trunk channel-group 1 mode on ! ip http server ! line con 0 exec-timeout 0 0 logging synchronous line vty 0 4 login line vty 5 15 login ! end
  • 19. CISCO Switch Catalyst 3550 담당자 : 김현승 ! hostname R1-KCC-4 ! ! username MNY privilege 15 password 0 MNY ip subnet-zero ip routing ! no ip domain-lookup ! interface Loopback0 ip address 172.16.4.4 255.255.255.0 ip ospf network point-to-point ! interface FastEthernet0/3 switchport trunk encapsulation dot1q switchport mode dynamic desirable ! interface Vlan42 ip address 172.16.20.14 255.255.255.252 ! interface Vlan55 ip address 172.16.20.9 255.255.255.252 ! router ospf 159 router-id 172.16.4.4 log-adjacency-changes passive-interface Loopback0 network 172.16.4.4 0.0.0.0 area 0 network 172.16.20.9 0.0.0.0 area 1 network 172.16.20.14 0.0.0.0 area 0 ! router bgp 130 no synchronization bgp router-id 4.4.4.4 bgp log-neighbor-changes neighbor 172.16.1.1 remote-as 130 neighbor 172.16.1.1 update-source Loopback0 neighbor 172.16.5.5 remote-as 130 no auto-summary ! ip classless no ip http server ! line con 0 exec-timeout 0 0 logging synchronous line vty 0 4 login local line vty 5 15 login ! ntp clock-period 17179865 ntp server 172.16.3.3 ! end 05 Router & Switch Configuration
  • 20. CISCO Router 2600 담당자 : 안용석 hostname R1-KCC-2 ! no ip domain lookup ! ip cef ! username MNY privilege 15 password 0 MNY ! interface Loopback0 ip address 172.16.2.2 255.255.255.0 ip ospf network point-to-point ! interface Loopback1 ip address 11.13.20.194 255.255.255.224 secondary ip address 11.13.20.195 255.255.255.224 secondary ip address 11.13.20.196 255.255.255.224 secondary ip address 11.13.20.197 255.255.255.224 secondary ip address 11.13.20.198 255.255.255.224 secondary ip address 11.13.20.199 255.255.255.224 secondary ip address 11.13.20.193 255.255.255.224 ! interface Ethernet0/0 no ip address half-duplex ! interface Ethernet0/0.10 encapsulation dot1Q 10 ip address 172.16.10.33 255.255.255.224 no snmp trap link-status ! interface Ethernet0/0.20 encapsulation dot1Q 20 no snmp trap link-status ! interface Ethernet0/0.128 encapsulation dot1Q 128 ip address 172.16.20.5 255.255.255.252 no snmp trap link-status ! interface Ethernet0/0.300 encapsulation dot1Q 300 ip address 172.16.20.18 255.255.255.252 no snmp trap link-status ! router ospf 159 router-id 172.16.2.2 log-adjacency-changes passive-interface Loopback0 network 172.16.2.2 0.0.0.0 area 0 network 172.16.10.33 0.0.0.0 area 1 network 172.16.20.5 0.0.0.0 area 1 network 172.16.20.18 0.0.0.0 area 0 ! router bgp 130 no synchronization bgp router-id 2.2.2.2 bgp log-neighbor-changes neighbor 172.16.1.1 remote-as 130 neighbor 172.16.1.1 update-source Loopback0 neighbor 172.16.5.5 remote-as 130 neighbor 172.16.5.5 update-source Loopback0 no auto-summary ! ip http server ip classless ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 login local ! end 05 Router & Switch Configuration
  • 21. CISCO Router 3600 담당자 : 반현수 ! hostname R1-KCC-5 ! ip inspect audit-trail ip inspect name KCC http ip inspect name KCC telnet ! username MNY privilege 15 password 0 MNY ! interface Loopback0 ip address 172.16.5.5 255.255.255.0 ip ospf network point-to-point ! interface Ethernet0/0 no ip address half-duplex ! interface Ethernet0/0.55 encapsulation dot1Q 55 ip address 172.16.20.10 255.255.255.252 ip access-group OUTBOUND in ! interface Ethernet0/0.128 encapsulation dot1Q 128 ip address 172.16.20.6 255.255.255.252 ip access-group OUTBOUND in ! interface Serial0/0 ip address 172.16.20.1 255.255.255.252 ip access-group INBOUND in ip inspect KCC out clock rate 64000 no fair-queue ! 05 Router & Switch Configuration router eigrp 168 redistribute ospf 159 metric 10000 100 255 1 1500 passive-interface Loopback0 network 172.16.20.1 0.0.0.0 no auto-summary ! router ospf 159 router-id 172.16.5.5 log-adjacency-changes redistribute eigrp 168 subnets passive-interface Loopback0 network 172.16.5.5 0.0.0.0 area 1 network 172.16.20.6 0.0.0.0 area 1 network 172.16.20.10 0.0.0.0 area 1 default-information originate ! router bgp 130 no synchronization bgp router-id 5.5.5.5 bgp log-neighbor-changes neighbor RR peer-group neighbor RR remote-as 130 neighbor RR update-source Loopback0 neighbor RR route-reflector-client neighbor 172.16.2.2 peer-group RR neighbor 172.16.3.3 peer-group RR neighbor 172.16.4.4 peer-group RR no auto-summary ip access-list extended INBOUND permit eigrp any any permit icmp any 172.16.20.0 0.0.0.255 echo-reply permit icmp any 172.16.20.0 0.0.0.255 traceroute permit icmp any 172.16.20.0 0.0.0.255 unreachable permit icmp any 172.16.10.0 0.0.0.255 echo-reply permit icmp any 172.16.10.0 0.0.0.255 traceroute ! permit icmp any 172.16.10.0 0.0.0.255 unreachable permit tcp any any eq bgp permit tcp any host 172.16.10.10 eq www permit udp any any eq ntp ip access-list extended OUTBOUND permit ip 172.16.20.0 0.0.0.255 any permit ip 172.16.10.0 0.0.0.255 any permit tcp any any eq bgp permit ip host 172.16.1.1 any permit ip host 172.16.2.2 any permit ip host 172.16.3.3 any permit ip host 172.16.4.4 any ! line con 0 exec-timeout 0 0 logging synchronous line vty 0 4 login local ! ntp clock-period 17179864 ntp server 172.16.3.3 ! end
  • 22. CISCO Router 2600 담당자 : 윤영욱 hostname R1-KCC-1 ! no ip domain lookup ! ip cef ! username MNY privilege 15 password 0 MNY ! interface Loopback0 ip address 172.16.1.1 255.255.255.0 ip ospf network point-to-point ! interface Loopback1 ip address 11.13.20.226 255.255.255.224 secondary ip address 11.13.20.227 255.255.255.224 secondary ip address 11.13.20.228 255.255.255.224 secondary ip address 11.13.20.229 255.255.255.224 secondary ip address 11.13.20.230 255.255.255.224 secondary ip address 11.13.20.231 255.255.255.224 secondary ip address 11.13.20.225 255.255.255.224 ! interface Ethernet0/0 no ip address half-duplex ! interface Ethernet0/0.42 encapsulation dot1Q 42 ip address 172.16.20.13 255.255.255.252 no snmp trap link-status ! interface Ethernet0/0.100 encapsulation dot1Q 100 ip address 172.16.10.1 255.255.255.224 no snmp trap link-status ! interface Ethernet0/0.300 encapsulation dot1Q 300 ip address 172.16.20.17 255.255.255.252 no snmp trap link-status ! router ospf 159 router-id 172.16.1.1 log-adjacency-changes passive-interface Loopback0 network 172.16.1.1 0.0.0.0 area 0 network 172.16.10.1 0.0.0.0 area 0 network 172.16.20.13 0.0.0.0 area 0 network 172.16.20.17 0.0.0.0 area 0 ! router bgp 130 no synchronization bgp router-id 1.1.1.1 bgp log-neighbor-changes network 11.13.20.224 mask 255.255.255.224 neighbor 172.16.2.2 remote-as 130 neighbor 172.16.2.2 update-source Loopback0 neighbor 172.16.4.4 remote-as 130 neighbor 172.16.4.4 update-source Loopback0 no auto-summary ! no ip http server ip classless ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 login local ! end 05 Router & Switch Configuration
  • 23. CISCO Router 2600 담당자 : 맹나연 hostname R1-KCC-3 ! no aaa new-model ip subnet-zero ! no ip domain lookup ! ip cef ! username MNY privilege 15 password 0 MNY ! interface Loopback0 ip address 172.16.3.3 255.255.255.0 ! interface Ethernet0/0 ip address 11.13.7.2 255.255.255.252 ip nat outside half-duplex ! interface Serial0/0 ip address 172.16.20.2 255.255.255.252 ip nat inside ip summary-address eigrp 168 0.0.0.0 0.0.0.0 5 no fair-queue ! router eigrp 168 passive-interface Loopback0 network 172.16.3.3 0.0.0.0 network 172.16.20.2 0.0.0.0 no auto-summary ! 05 Router & Switch Configuration router bgp 130 no synchronization bgp router-id 3.3.3.3 bgp log-neighbor-changes neighbor 11.13.7.1 remote-as 100 neighbor 172.16.5.5 remote-as 130 neighbor 172.16.5.5 update-source Loopback0 neighbor 172.16.5.5 next-hop-self no auto-summary ! ip nat pool PUBLICIP 11.13.20.1 11.13.20.127 netmask 255.255.255.128 ip nat inside source list NAT pool PUBLICIP ip nat inside source static 172.16.10.10 11.13.20.161 no ip http server ip classless ip route 0.0.0.0 0.0.0.0 Ethernet0/0 11.13.7.1 ! ip access-list standard NAT permit 172.16.3.3 permit 172.16.20.0 0.0.0.255 permit 172.16.10.0 0.0.0.255 ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 login local ! ntp clock-period 17208079 ntp source Loopback0 ntp master 4 ntp server 11.1.5.1 ! end