Download Router/Switch Security

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
Document related concepts

Authentication wikipedia , lookup

Computer security wikipedia , lookup

Carrier IQ wikipedia , lookup

Distributed firewall wikipedia , lookup

Wireless security wikipedia , lookup

Access control wikipedia , lookup

Stingray phone tracker wikipedia , lookup

Network tap wikipedia , lookup

Security-focused operating system wikipedia , lookup

Mobile security wikipedia , lookup

Mobile device forensics wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Unix security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Transcript 
Configuring AAA requires four basic steps:
1. Enable AAA (new-model).
2. Configure security server network parameters.
3. Define one or more method lists for AAA
authentication.
4. Apply the method lists to a particular interface or line.
•
•
•
•
•
Verify that SSH access is configured.
Verify that HTTP access is disabled
Verify that explicitly defined protocols allowed for
incoming and outgoing sessions.
Verify that access-class ACLs are used to control
the sources from which sessions are going to be
permitted.
Verify idle session timeout
•
As a security best practice, any unnecessary
service must be disabled.
•
By default, TCP and UDP small services are
disabled in IOS software releases 12.0 and later.
•
See reference material for full listing service that
should be disabled.
•
Review configuration files to verify that
unnecessary services have been disabled.
•
The commands tcp−keepalives−in and
tcp−keepalives−out enable a device to
send/receive TCP keep alives for TCP sessions.
•
This ensures that the device on the remote end
of the connection is still accessible and that
half−open or orphaned connections are removed
from the local Cisco device.
•
Review the config file to verify that keepalives
have been configured.
•
If NTP is used, it is important to explicitly configure
a trusted time source.
•
Accurate and reliable time is required for syslog
purposes, such as during forensic investigations of
potential attacks.
•
Review the configuration to verify the following:
• Router has been configured to be a NTP client
• The NTP source interface has been configured
• One or more NTP servers have been configured.
• ACL has been established to permit NTP to device.
•
SNMP provides information on that status or
condition of network devices.
•
SNMPv3 provides secure access to devices by
authenticating and optionally encrypting packets
over the network.
•
Community strings are passwords that are applied
to an IOS device to restrict access.
• Default community string for read−only “public”
• Default community string for read-write “private”
•
Community strings should be treated like a
password, chose carefully and change at regular
intervals.
•
An ACL can be applied that further restricts SNMP
access to a select group of source IP addresses
•
Verify that SNMPv3 is implemented with
encryption.
•
Verify that ACLs are used to restrict access
•
Event logging provides visibility into the operation
of a Cisco IOS device and the network into which it
is deployed.
•
Each log message generated by Cisco device is
assigned a severity level, 0 (emergency) –
7(debug).
Related documents
File - LSL Math Weebly
File - LSL Math Weebly
Grade 8 Unit 6.1 Extra Practice
Grade 8 Unit 6.1 Extra Practice
TCP/IP Configuration
TCP/IP Configuration
CLIENT SERVER ARCHITECTURE
CLIENT SERVER ARCHITECTURE
View File - UET Taxila
View File - UET Taxila
+ Blog - woodyshandsonart6
+ Blog - woodyshandsonart6
3.2 to 3.4 Classwork Booklet
3.2 to 3.4 Classwork Booklet
presentation
presentation
Computer Networks [Opens in New Window]
Computer Networks [Opens in New Window]
Databases and data security
Databases and data security
NPOS Check List and Troubleshooting
NPOS Check List and Troubleshooting
Generator Guide Scheduling of the generator must be initiated 1
Generator Guide Scheduling of the generator must be initiated 1