Download Router/Switch Security

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
Document related concepts

Wake-on-LAN wikipedia , lookup

Extensible Authentication Protocol wikipedia , lookup

Network tap wikipedia , lookup

Distributed firewall wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Power over Ethernet wikipedia , lookup

Computer security wikipedia , lookup

Wireless security wikipedia , lookup

Nonblocking minimal spanning switch wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Spanning Tree Protocol wikipedia , lookup

Cisco Systems wikipedia , lookup

Hypertext Transfer Protocol wikipedia , lookup

Virtual LAN wikipedia , lookup

Transcript 
•
Verify that management VLAN has been
reassigned.
•
Verify that operational VLANs do not have
access to the management VLAN.
•
Verify that the ports in the management VLAN
are not configured as trunks.
•
•
•
A trunk is a point-to-point link between two
network devices that carries traffic for more than
one VLAN.
A trunk allows you to extend the VLANs across
an entire network.
A trunk does not belong to a specific VLAN,
rather it is a conduit for VLANs between switches
and routers.
•
•
•
•
DTP is implemented by default on Cisco switches .
DTP automatically negotiates how the port will
operate, trunk or access mode.
By default, a Cisco Ethernet port's default DTP
mode is "dynamic desirable”, which enables a port
to go to trunk mode automatically.
Review the switch configuration to verify that DTP is
disabled.




VTP is a Cisco-proprietary messaging protocol used
to distribute VLAN configuration information over
trunks.
A switch may be in one of three VTP modes: server,
transparent and client.
In server mode administrators can create, modify and
delete VLANs for the entire VTP management
domain.
By default, VTP – no authentication and the switch is
in VTP Server mode.
•
If VTP is necessary, verify the following:
• VTP management domain is established.
• A strong password is assigned to the VTP
management domain.
• Non-management switches are configured in
client mode.
•
•
•
By auditing device for these basic hardening steps,
overall security of the network can be improved.
However, in all cases, a comprehensive review
should be performed.
Reference the works cited page for links to
documented security configuration benchmarks
and checklists.
Mark Krawczyk
[email protected]
Router Security Guidance Activity of the System and Network Attack Center (SNAC),
2005
http://www.nsa.gov/ia/_files/routers/C4-040R-02.pdf
Cisco IOS Switch Security Configuration Guide, http://www.nsa.gov/ia/
Center for Internet Security, http://benchmarks.cisecurity.org/downloads/audit-tools/
US-Cert, https://www.us-cert.gov/security-publications
Information Assurance Support Environment, http://iase.disa.mil/stigs/
SANS Institute InfoSec Reading Room - Cisco Router Hardening Step-by-Step
www.sans.org
Cisco Checklist - www.sans.org
Configuring a Cisco Router with TACACS+ Authentication.
http://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controlleraccess-control-system-tacacs-/13865-tacplus.html
Cisco Guide to Harden Cisco IOS Devices, Document ID: 13608
http://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html
Various Articles related to Cisco device security, http://www.ciscopress.com/articles/
NIST – National Vulnerability Database http://web.nvd.nist.gov/
ISACA – www.isaca.org
Related documents
Cisco on Cisco Chevron Presentation
Cisco on Cisco Chevron Presentation
Research Scientist – Prague, Czech Republic Cisco Systems
Research Scientist – Prague, Czech Republic Cisco Systems
Career Highlights - University of the Pacific
Career Highlights - University of the Pacific
Course Overview
Course Overview
cisco systems
cisco systems
Review Questions of Switching Networks
Review Questions of Switching Networks
Alexander-Ereweles-CV
Alexander-Ereweles-CV
Learning Services
Learning Services
PPT-2 - Convergence Technology Center
PPT-2 - Convergence Technology Center
Network Addressing
Network Addressing
CCNP – Cisco Certified Network Professional -Routing and
CCNP – Cisco Certified Network Professional -Routing and
Computer Networks [Opens in New Window]
Computer Networks [Opens in New Window]
Технология на програмирането
Технология на програмирането
CCNA 3 Module 3 Single-Area OSPF
CCNA 3 Module 3 Single-Area OSPF
Job Opportunity: Tier2 Support Technician
Job Opportunity: Tier2 Support Technician
Class Power Points for Chapter #9
Class Power Points for Chapter #9
ppt in chapter 14
ppt in chapter 14
CCNA 2.0TM 1.800.865.0165
CCNA 2.0TM 1.800.865.0165
CCNA 3 Module 2 Introduction to Classless Routing
CCNA 3 Module 2 Introduction to Classless Routing
Slide 1 - ECE Users Pages
Slide 1 - ECE Users Pages
Before You Begin: Assign Information Classification
Before You Begin: Assign Information Classification
Describe and Configure VLANs on a Cisco Switch
Describe and Configure VLANs on a Cisco Switch