© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Securing Network Services.

Slides:



Advertisements
Similar presentations
Learning about Neighboring and Remote Devices PJC CCNA Semester 2 Ver. 3.0 by William Kelly.
Advertisements

Chapter 1: Introduction to Scaling Networks
Cisco Device Hardening Disabling Unused Cisco Router Network Services and Interfaces.
Securing the Router Chris Cunningham.
CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.
1 Semester 2 Module 4 Learning about Other Devices Yuda college of business James Chen
Implementing a Highly Available Network
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—6-1 Implementing Layer 3 High Availability Configuring Layer 3 Redundancy with HSRP.
1 CCNA 2 v3.1 Module 4. 2 CCNA 2 Module 4 Learning about Devices.
1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 4 Learning About Other Devices.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Understanding Switch Security Issues.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—-6-1 Network Environment Management Discovering Neighbors on the Network.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-1 Implementing VLANs in Campus Networks Applying Best Practices for VLAN Topologies.
Router Hardening Nancy Grover, CISSP ISC2/ISSA Security Conference November 2004.
Module 4 – Learning about other Devices Testing network connections.
1 © 2004, Cisco Systems, Inc. All rights reserved. Chapter 6 Configuring a Router/ Learning About Other Devices/ Managing Cisco IOS Software.
CLI modes Accessing the configuration Basic configuration (hostname and DNS) Authentication and authorization (AAA) Log collection Time Synchronization.
Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 2 v3.0 Module 4 Learning About Other Devices.
© 1999, Cisco Systems, Inc Chapter 10 Controlling Campus Device Access Chapter 11 Controlling Access to the Campus Network © 1999, Cisco Systems,
CLI modes Accessing the configuration Basic configuration (hostname and DNS) Authentication and authorization (AAA) Log collection Time Synchronization.
CIS 187 Multilayer Switched Networks CCNP Rick Graziani Spring 2011
Cisco 2 - Routers Perrine. J Page 110/5/2015 Chapter 4 Cisco Discovery Protocol (CDP) CDP is a layer 2 protocol. CDP is used to: obtain information about.
1 Cisco Discovery Protocol A proprietary utility that gives you a summary of directly connected switches, routers, and other Cisco devices CDP discovers.
1 © 2007 Cisco Systems, Inc. All rights reserved.Cisco Public Remote access typically involves allowing telnet, SSH connections to the router Remote requires.
Cisco S2 C4 Router Components. Configure a Router You can configure a router from –from the console terminal (a computer connected to the router –through.
Saeed Darvish Pazoki – MCSE, CCNA Abstracted From: Cisco Press – ICND 1 – Chapter 9 Ethernet Switch Configuration 1.
© 2015 Mohamed Samir YouTube channel All rights reserved. Samir CCNP-SWITCHING Mohamed Samir YouTube channel Double.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Module 6 1 Basic Switch Concept Prepared by: Akhyari Nasir Resources form Internet.
Cisco Configuration Elements Network Monitoring and Management Tutorial.
User Access to Router Securing Access.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Network Security 2 Module 7 – Secure Network Architecture and Management.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Cisco Discovery Protocol. CDP and Router Boot Up When a Cisco device boots up, CDP starts up automatically and allows the device to detect neighbor devices.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 6 City College.
NetPro-ITI Ethernet LANs
These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (
Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.
Managing Networks and Network Devices
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Basic Switch Configurations.
Jose Luis Flores / Amel Walkinshaw
Configuring AAA requires four basic steps: 1.Enable AAA (new-model). 2.Configure security server network parameters. 3.Define one or more method lists.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Protecting Against VLAN Attacks.
Carlos Armas Roundtrip Networks Hervey Allen NSRC.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-1 Ethernet LANs Understanding Switch Security.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 2 Module 4 Learning About Other Devices.
Copyright Introduction to Computer Networking Learning About Other Devices.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 LAN Connections Understanding Cisco Router Security.
Cisco Networking Academy at WVTHS..... The Cisco Discovery Protocol..... CCNA Discovery 2 Chapter No. 5 Section
© 2002, Cisco Systems, Inc. All rights reserved..
Chapter 6.  Upon completion of this chapter, you should be able to:  Configure switches  Configure VLANs  Verify configuration settings  Troubleshoot.
Cisco LAN Switches.
Instructor Materials Chapter 5: Network Security and Monitoring
Managing Your Network Environment
Understanding Switch Security
Network Environment Management
Module 4 – Learning about other Devices
Chapter 5: Switch Configuration
IST 202 Chapter 4.
© 2002, Cisco Systems, Inc. All rights reserved.
Switch Concepts and Configuration Part II
Chapter 5: Network Security and Monitoring
Network Environment Management
Understanding Switch Security
DHCP.
Understanding Cisco Router Security
Presentation transcript:

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Securing Network Services

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-2 Discovering Neighbors with Cisco Discovery Protocol  Cisco Discovery Protocol runs on Cisco IOS devices.  Summary information includes: –Device identifiers –Address list –Port identifier –Capabilities list –Platform

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-3 Neighbor Discovery Protocols  Cisco Discovery Protocol –Cisco Layer 2 protocol –Has additional capabilities (VLAN or PoE negotiation) –Enabled by default  LLDP –Standard-based Layer 2 protocol –Disabled by default  Provides a summary of directly connected switches, routers, and other Cisco devices  Discovers neighbor devices regardless of which protocol suite they are running

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-4 Cisco Discovery Protocol Configuration switch(config)# [no] cdp run switch(config-if)# [no] cdp enable switch# show cdp neighbor [detail] switch# show cdp neighbor Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone, D - Remote, C - CVTA, M - Two-port Mac Relay Device ID Local Intrfce Holdtme Capability Platform Port ID c Fas 0/8 168 S I WS-C2960- Fas 0/8

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-5 LLDP Configuration switch(config)# [no] lldp run switch(config-if)# [no] lldp enable switch# show lldp neighbor [detail] switch# show lldp neighbor Capability codes: (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other Device ID Local Intf Hold-time Capability Port ID c Fa0/8 120 B Fa0/8 Total entries displayed: 1

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-6 Vulnerabilities of Discovery Protocols

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-7 Vulnerabilities of the Telnet Protocol The Telnet connection sends text unencrypted and potentially readable.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-8 About SSH SSH replaces the Telnet session with an encrypted connection.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-9 Configuration of SSH  Configure username and password.  Configure domain name.  Generate RSA keys. –SSH process is automatically started.  Allow SSH protocol on vty lines. switch(config)# username xyz password abc123 switch(config)# ip domain-name xyz.com switch(config)# crypto key generate rsa switch(config)# ip ssh version 2 switch(config)# line vty 0 15 switch(config-line)# login local switch(config-line)# transport input ssh

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-10 Configuration of vty ACLs  Create standard or extended IP ACL.  Configure access-class on line vty.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-11 Configuration of an HTTP Server  Configure username and password.  Configure domain name.  Generate RSA keys.  Enable HTTPS (SSL) server.  Configure HTTP authentication.  Configure an access list to limit access. sw(config)# access-list 100 permit ip any sw(config)# username xyz password abc123 sw(config)# ip domain-name xyz.com sw(config)# crypto key generate rsa sw(config)# no ip http server sw(config)# ip http secure-server sw(config)# http access-class 100 in sw(config)# http authentication local

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-12 Switch Security Recommendations Secure switch access  Configure system passwords.  Authenticate admin access via TACACS+ server.  Configure encrypted or hashed passwords.  Secure physical access to the console.  Secure Telnet access with ACL.  Use SSH when possible.  Use HTTPS (SSL) when possible.  Configure system-warning banners.  Use syslog to log system messages.  Disable unused services.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-13 Switch Security Recommendations (Cont.) Secure switch protocols  Trim Cisco Discovery Protocol and LLDP and use only as needed.  Secure spanning tree. Mitigate compromises through a switch  Take precautions for trunk links.  Minimize physical port access.  Establish standard access port configuration for both unused and used ports.  Shut down unused ports.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-14 Summary  Cisco Discovery Protocol / LLDP packets can expose some network information.  Authentication information and data carried in Telnet sessions is vulnerable.  SSH provides a more secure option for Telnet.  vty ACLs should be used to limit Telnet access to switch devices.  Web service should be secured by using HTTPS and limiting who should access the web server and from where.  Sound security measures and trimming of unused applications are recommended.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-15

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.