intTypePromotion=1
zunia.vn Tuyển sinh 2024 dành cho Gen-Z zunia.vn zunia.vn
ADSENSE
 » 
 » 

Lecture CCNA Security - Chapter 2: Securing Network Devices

Chia sẻ: You Can | Ngày: | Loại File: PDF | Số trang:175

Thêm vào BST
Báo xấu
52
lượt xem 6
download
 
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

Learning objectives of this chapter include: Secure the physical installation of and the administrative access to Cisco routers based on different network requirements using the CLI and CCP; configure administrative roles using privilege levels and role-based CLI; Implement the management and reporting features of syslog, SNMP, SSH, and NTP;...

Chủ đề:

Bình luận(0) Đăng nhập để gửi bình luận!

Lưu

Nội dung Text: Lecture CCNA Security - Chapter 2: Securing Network Devices

  1. Chapter 2 – Securing Network Devices CCNA Security
  2. Objectives • Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  3. Securing Device Access Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  4. Securing the Edge Router • Securing the network infrastructure is critical to overall network security: routers, switches, servers, endpoints, and other devices. • The edge router is the last router between the internal network and an untrusted network such as the Internet. • If an attacker gains access to a router, the security and management of the entire network can be compromised, leaving servers and endpoints at risk Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  5. Securing the Edge Router • The edge router implementation varies depending on the size of the organization and the complexity of the required network design. • Single Router Approach – In the single router approach, a single router connects the protected network, or internal LAN, to the Internet. – This is more commonly deployed in smaller site implementations such as branch and SOHO sites. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  6. Securing the Edge Router • Defense-in-Depth Approach – In this approach, the edge router acts as the first line of defense and is known as a screening router. – It passes all connections that are intended for the internal LAN to the firewall. – The second line of defense is the firewall, they typically picks up where the edge router leaves off and performs additional filtering. – It provides additional access control by tracking the state of the connections and acts as a checkpoint device. authentication proxy ? Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  7. Securing the Edge Router • DMZ Approach – A variation of the defense-in-depth approach is to offer an intermediate area, often called the demilitarized zone (DMZ) – The DMZ can be used for servers that must be accessible from the Internet or some other external network. – The DMZ can be set up between two routers, with an internal router connecting to the protected network and an external router connecting to the unprotected network, or simply be an additional port off of a single router Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  8. Securing the Edge Router • Three areas of router security must be maintained. – Physical Security – Operating System Security – Router Hardening Refer to 2.1.1.3 Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  9. Securing the Edge Router Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  10. Securing the Edge Router • There are 2 ways to access a device for administrative purposes, locally and remotely. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  11. Securing the Edge Router Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  12. Configuring Secure Administrative Access • Attackers deploy various methods of discovering administrative passwords. – They can shoulder surf, attempt to guess passwords based on the user's personal information, or sniff TFTP packets containing plaintext configuration files. – Attackers can also use tools such as L0phtCrack and Cain & Abel to attempt brute force attacks and guess passwords. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  13. Configuring Secure Administrative Access • These guidelines to make password: 1. Use a password length of 10 or more characters. The longer, the better. 2. Make passwords complex. Include a mix of uppercase and lowercase letters, numbers, symbols, and spaces. 3. Avoid passwords based on repetition, dictionary words, letter or number sequences, usernames, relative or pet names, biographical information, such as birthdates, ID numbers, ancestor names, or other easily identifiable pieces of information.. 4. Deliberately misspell a password. For example, Smith = Smyth = 5mYth or Security = 5ecur1ty. 5. Change passwords often. If a password is unknowingly compromised, the window of opportunity for the attacker to use the password is limited. 6. Do not write passwords down and leave them in obvious places such as on the desk or monitor. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  14. Configuring Secure Administrative Access • Configure password: pass phrase ? Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  15. Configuring Secure Administrative Access • To increase the security of passwords, the following should be configured: – Enforce minimum password lengths. – Disable unattended connections. – Encrypt all passwords in the configuration file. 1. Minimum password lengths Beginning with the Cisco IOS Release 12.3(1) and later, administrators can set the minimum character length for all router passwords from 0 to 16 characters using the global configuration command security passwords min-length length. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  16. Configuring Secure Administrative Access 2. Disable Unattended Connections – By default, an administrative interface stays active and logged in for 10 minutes after the last session activity. – After that, the interface times out and logs out of the session. – These timers can be adjusted using the exec-timeout command in line configuration mode for each of the line types that are used. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  17. Configuring Secure Administrative Access Example: line vty 0 exec-timeout 0 10 password cisco T1 T1+10” Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  18. Configuring Secure Administrative Access 3. Encryption Passwords Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  19. Configuring Secure Administrative Access • Another available security feature is authentication. • Cisco routers can maintain a list of usernames and passwords in a local database on the router for performing local login authentication. • There are two methods of configuring local username accounts. 1. username name password password 2. username name secret password Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  20. Configuring Secure Administrative Access Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
ADSENSE

CÓ THỂ BẠN MUỐN DOWNLOAD

THÔNG TIN
TRỢ GIÚP
HỖ TRỢ KHÁCH HÀNG
Theo dõi chúng tôi

Chịu trách nhiệm nội dung:

Nguyễn Công Hà - Giám đốc Công ty TNHH TÀI LIỆU TRỰC TUYẾN VI NA

LIÊN HỆ

Địa chỉ: P402, 54A Nơ Trang Long, Phường 14, Q.Bình Thạnh, TP.HCM

Hotline: 093 303 0098

Email: support@tailieu.vn

Giấy phép Mạng Xã Hội số: 670/GP-BTTTT cấp ngày 30/11/2015 Copyright © 2022-2032 TaiLieu.VN. All rights reserved.

 

Đồng bộ tài khoản
2=>2