Download Manage Cisco IOS Devices

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
Document related concepts

Cracking of wireless networks wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Computer security wikipedia , lookup

Cisco Systems wikipedia , lookup

Transcript 
Enterprise Network
Security
Accessing the WAN – Chapter 4
ITE I Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
1
Objectives

Describe the general methods used to mitigate
security threats to Enterprise networks

Configure Basic Router Security

Explain how to disable unused Cisco router network
services and interfaces

Explain how to use Cisco SDM

Manage Cisco IOS devices
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
2
Why is network security important
•We want to live secure
•We want to have our data secured
•We want to have our communication secured
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
3
Describe the General Methods used to Mitigate
Security Threats to Enterprise Networks
 Explain how sophisticated attack tools and open
networks have created an increased need for network
security and dynamic security policies
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
4
Security policy
•
•
•
•
•
•
•
ITE 1 Chapter 6
Risk assessment
Security policy
Organization of information security
Asset management
Human resources security
Physical and environmental security
Communications and operations management
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
5
Security levels
NO ! NO !
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
6
Number of Attacks
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
7
Describe the General Methods used to Mitigate
Security Threats to Enterprise Networks
Social engineering?
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
8
Access Attacks
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
9
Denial of Service attacks
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
10
Describe the General Methods used to Mitigate
Security Threats to Enterprise Networks
 Describe the common mitigation techniques that
enterprises use to protect themselves against threats
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
11
Security equipment
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
12
Describe the General Methods used to Mitigate
Security Threats to Enterprise Networks
 Explain the concept of the Network Security Wheel
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
13
Configure Basic Router Security
 Explain why the security of routers and their
configuration settings is vital to network operation
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
14
Configure Basic Router Security
 Describe the basic security measures needed to secure
Cisco routers
Router(config)# ip access-list standard SSH-access
Router(config-std-nacl)# permit host 147.232.22.1
Router(config-std-nacl)# deny any
Router(config)# line vty 0 4
Router(config-line)# ip access-class SSH-access in
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
15
SSH configuration
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
16
Explain How to Disable Unused Cisco
Router Network Services and Interfaces
 Explain how to secure a router with the command-line
interface (CLI) auto secure command
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
17
Explain How to Use Cisco SDM
 Provide an overview of Cisco SDM
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
18
Manage Cisco IOS Devices
 Describe the file systems used by a Cisco router
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
19
Manage Cisco IOS Devices
 Describe how to backup and upgrade a Cisco IOS
image
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
20
Manage Cisco IOS Devices
 Explain how to back up and upgrade Cisco IOS
software images using a network server
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
21
Manage Cisco IOS Devices
 Explain how to recover a Cisco IOS software image
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
22
Manage Cisco IOS Devices
 Explain how to recover the enable password and the
enable secret passwords
1) Ctrl+Break
2) Rommon 1> confreg 0x2142
3) Rommon 2> reset
4) Would you like to enter initial router configuration [Yes/no]
5) Router(config)# config-register 0x2102
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
23
Summary
 Security Threats to an Enterprise network include:
–Unstructured threats
–Structured threats
–External threats
–Internal threats
 Methods to lessen security threats consist of:
–Device hardening
–Use of antivirus software
–Firewalls
–Download security updates
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
24
Summary
 Basic router security involves the following:
–Physical security
–Update and backup IOS
–Backup configuration files
–Password configuration
–Logging router activity
 Disable unused router interfaces & services to minimize
their exploitation by intruders
 Cisco SDM
–A web based management tool for configuring security
measures on Cisco routers
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
25
Summary
 Cisco IOS Integrated File System (IFS)
–Allows for the creation, navigation & manipulation of
directories on a cisco device
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
26
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
27
Practise LAB
DHCP, NAT
Accessing the WAN – Chapter 4
ITE I Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
28
Practise LAB
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
29
Tasks
• Basic configuration (example)
R-1(config)# interface FastEthernet 0/1
R-1(config-if)# ip address dhcp
R-1(config-if)# no shutdown
R-1(config)# interface FastEthernet 0/0
R-1(config-if)# no shutdown
R-1(config)# interface FastEthernet 0/0.101
R-1(config-subif)# encapsulation dot1q 101
R-1(config-subif)# ip address 192.168.101.1 255.255.255.0
R-1(config)# interface FastEthernet 0/0.200
R-1(config-subif)# encapsulation dot1q 200
R-1(config-subif)# ip address 10.10.10.1 255.255.255.0
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
30
Tasks
• DHCP and DHCP relay
R-1(config)# ip dhcp pool VLAN101
R-1(config-dhcp)# network 192.168.101.0 /24
R-1(config-dhcp)# default-router 192.168.101.1
R-1(config-dhcp)# dns-server 147.232.22.1
R-1(config)# ip dhcp pool VLAN102
R-1(config-dhcp)# network 192.168.102.0 /24
R-1(config-dhcp)# default-router 192.168.102.1
R-1(config-dhcp)# dns-server 147.232.22.1
R-1(config)# ip dhcp pool VLAN103
R-1(config-dhcp)# network 192.168.103.0 /24
R-1(config-dhcp)# default-router 192.168.103.1
R-1(config-dhcp)# dns-server 147.232.22.1
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
31
Practise LAB
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
32
Tasks
• DHCP and DHCP relay
R-2(config)# interface FastEthernet 0/0.102
R-2(config-subif)# encapsulation 102
R-2(config-subif)# ip address 192.168.102.1 255.255.255.0
R-2(config-subif)# ip helper-address 192.168.1.2
R-2(config-subif)# ip nat inside
R-2(config)# router ospf 1
R-2(config-router)# network 192.168.1.0 0.0.0.3 area 0
R-2(config-router)# network 192.168.102.0 0.0.0.3 area 0
R-1(config)# router ospf 1
R-1(config-router)# default-information originate
R-1(config-router)# network 192.168.1.0 0.0.0.3 area 0
R-1(config-router)# network 192.168.2.0 0.0.0.3 area 0
R-1(config-router)# network 192.168.101.0 0.0.0.255 area 0
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
33
HostC and Host H
Practise LAB
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
34
Tasks
• Dynamic NAT and Static NAT
R-1(config)# ip route 10.10.12.0 255.255.255.0 192.168.1.2
R-1(config)# ip route 10.10.13.0 255.255.255.0 192.168.2.2
R-2(config)# ip access-list standard SNAT
R-2(config-std-nacl)# permit 10.10.10.0 0.0.0.255
R-2(config)# ip nat pool POOL_IP 10.10.12.2 10.10.12.255
R-2(config)# ip nat inside source list SNAT pool POOL_IP
R-2(config)# ip nat inside source static 10.10.10.100 10.10.12.1
R-2(config)# interface FastEthernet0/0.200
R-2(config-subif)# ip nat inside
R-2(config)# interface Serial 0/0
R-2(config-subif)# ip nat outside
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
35
PAT(overloading)
Practise LAB
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
36
Tasks
• Port Address Translation (overloading)
R-1(config)# interface FastEthernet 0/0.101
R-1(config-subif)# ip nat inside
R-1(config)# interface FastEthernet 0/0.200
R-1(config-subif)# ip nat inside
R-1(config)# interface Serial 0/0
R-1(config-if)# ip nat inside
R-1(config)# interface Serial 0/1
R-1(config-if)# ip nat inside
R-1(config)# interface FastEthernet 0/1
R-1(config-if)# ip nat outside
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
37
Tasks
• Port Address Translation (overloading)
R-1(config)# ip access-list-standard natko
R-1(config-std-nacl)# permit 192.168.101.0 0.0.0.255
R-1(config-std-nacl)# permit 192.168.102.0 0.0.0.255
R-1(config-std-nacl)# permit 192.168.103.0 0.0.0.255
R-1(config-std-nacl)# permit 10.10.10.0 0.0.0.255
R-1(config-std-nacl)# permit 10.10.12.0 0.0.0.255
R-1(config-std-nacl)# permit 10.10.13.0 0.0.0.255
R-1(config)# ip nat inside source list natko interface
FastEthernet 0/1 overload
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
38
IPv6
Practise LAB
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
39
Tasks
• IPv6 addressing
R-1(config)# ipv6 unicast-routing
R-1(config)# interface FastEthernet 0/0.333
R-1(config-subif)# encapsulation dot1q 333
R-1(config-subif)# ipv6 address 2001:ac1::1/64
R-1(config)# interface Serial 0/0
R-1(config-if)# ip address 192.168.1.1 255.255.255.252
R-1(config-if)# ipv6 address 3ffe:12::1/64
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
40
Tasks
• IPv6 routing
R-1(config)# ipv6 router rip ROUTING
R-1(config)# interface FastEthernet 0/0.333
R-1(config-subif)# encapsulation dot1q 333
R-1(config-subif)# ipv6 address 2001:ac1::1/64
R-1(config-if)# ipv6 rip ROUTING enable
R-1(config)# interface Serial 0/0
R-1(config-if)# ip address 192.168.1.1 255.255.255.252
R-1(config-if)# ipv6 address 3ffe:12::1/64
R-1(config-if)# ipv6 rip ROUTING enable
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
41
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
42
Related documents
If your staff need to upgrade or re
If your staff need to upgrade or re
Cisco on Cisco Chevron Presentation
Cisco on Cisco Chevron Presentation
JOB DESCRIPTION NETWORK ADMINISTRATOR
JOB DESCRIPTION NETWORK ADMINISTRATOR
Research Scientist – Prague, Czech Republic Cisco Systems
Research Scientist – Prague, Czech Republic Cisco Systems
Cisco PWR-C45-1000AC= power supply unit (PWR
Cisco PWR-C45-1000AC= power supply unit (PWR
Career Highlights - University of the Pacific
Career Highlights - University of the Pacific
Course Overview
Course Overview
Alexander-Ereweles-CV
Alexander-Ereweles-CV
Learning Services
Learning Services
Rex Spell - rabidcat.org
Rex Spell - rabidcat.org