© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Enterprise Network Security Accessing the WAN – Chapter 4.

Slides:



Advertisements
Similar presentations
/30 Host Name : R1 Serial 0/0/0.1.2 Host Name : R2 Router Lab 3 : 2 - Routers Connection DTE DCE.
Advertisements

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI Using IPv6 with IPv4 BSCI Module 8 – Lesson 5.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 10: DHCP Routing & Switching.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement VTP LAN Switching and Wireless – Chapter 4.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Troubleshooting Working at a Small-to-Medium Business or ISP – Chapter 9.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Lecture14: DHCP Switched Networks Assistant Professor Pongpisit Wuttidittachotti,
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 10: DHCP Routing and Switching Essentials.
CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.
Lecture Week 7 Implementing IP Addressing Services.
Enterprise Network Security Accessing the WAN Lecture week 4.
Andrew Smith 1 NAT and DHCP ( Network Address Translation and Dynamic Host Configuration Protocol )
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Configuring Network Devices Working at a Small-to-Medium Business or.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 LAN Switching and Wireless Implement Inter-VLAN Routing Chapter 6 Modified.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
ICND2 – OSPF – Mark Lab Reset for lab 4 Configure 2 loopback interfaces on both routers –RTR1 – 10.X.X.2/32 and 10.X.X.3/32 (area X) –RTR2 – 10.X.X.4/32.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 Module Summary  Cisco routers operate at Layer 3, and their function is path determination.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Enterprise Network Security Accessing the WAN – Chapter 4.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 4 v3.0 Module 1 Scaling IP Addresses.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implementing IP Addressing Services Accessing the WAN – Chapter 7.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Providing Teleworker Services Accessing the WAN – Chapter 6.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Cisco Certified Network Associate CCNA Access the WAN Asst.Prof. It-arun.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Frame Relay Accessing the WAN – Chapter 3.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 10: DHCP Routing and Switching Essentials.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 10: DHCP Routing & Switching.
/24 Host Name :R1 Model : 1841 WIC-1T Serial 0/0/0 Basic Configuration.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implementing IP Addressing Services Accessing the WAN – Chapter 7.
Implementing IP Addressing Services Accessing the WAN – Chapter 7.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Configure a Switch LAN Switching and Wireless – Chapter 2.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Configuring Network Devices Working at a Small-to-Medium Business or.
Network Address Translations Project no. : 12 Prof. Edmund Gean Presented by DhruvaPatel( ) Sweta Patel( ) Rushika Patel ( ) Guided.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 LAN Switching and Wireless Basic Switch Concepts and Configuration Chapter.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Module 6 1 Basic Switch Concept Prepared by: Akhyari Nasir Resources form Internet.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 LAN Design LAN Switching and Wireless – Chapter 1.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Exploring the Enterprise Network Infrastructure Introducing Routing and Switching.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Enterprise Network Security Accessing the WAN – Chapter 4.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Exploring the Enterprise Network Infrastructure Introducing Routing and Switching.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.
Enterprise Network Security Accessing the WAN – Chapter 4.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 ver.2 Module 8 City College.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 VLANs LAN Switching and Wireless – Chapter 3.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Basic Switch Configurations.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 11: Network Address Translation for IPv4 Routing And Switching.
Chapter 9: Implementing the Cisco Adaptive Security Appliance
Chapter 4: Implementing Firewall Technologies
1 © 2004, Cisco Systems, Inc. All rights reserved. Scaling IP Addresses Network Address Translation(NAT)
Chapter 7 & 8 IOS Images and Router Configuration
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Frame Relay Accessing the WAN – Chapter 3.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Router Initialization steps.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 VLANs LAN Switching and Wireless – Chapter 3.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists.
© 2001, Cisco Systems, Inc. CSPFA 2.0—16-1 Chapter 16 Cisco PIX Device Manager.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implementing IP Addressing Services Accessing the WAN – Chapter 7.
Configuring Network Devices
© 2002, Cisco Systems, Inc. All rights reserved.
Enterprise Network Security
Examcollection VCE Download
Implementing IP Addressing Services
Configuring Network Devices
Enterprise Network Security
Implementing IP Addressing Services
Enterprise Network Security
Presentation transcript:

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Enterprise Network Security Accessing the WAN – Chapter 4

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 2 Objectives  Describe the general methods used to mitigate security threats to Enterprise networks  Configure Basic Router Security  Explain how to disable unused Cisco router network services and interfaces  Explain how to use Cisco SDM  Manage Cisco IOS devices

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 3 Why is network security important We want to live secure We want to have our data secured We want to have our communication secured

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 4 Describe the General Methods used to Mitigate Security Threats to Enterprise Networks  Explain how sophisticated attack tools and open networks have created an increased need for network security and dynamic security policies

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 5 Security policy Risk assessment Security policy Organization of information security Asset management Human resources security Physical and environmental security Communications and operations management

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 6 Security levels NO !

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 7 Number of Attacks

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 8 Describe the General Methods used to Mitigate Security Threats to Enterprise Networks Social engineering?

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 9 Access Attacks

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 10 Denial of Service attacks

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 11 Describe the General Methods used to Mitigate Security Threats to Enterprise Networks  Describe the common mitigation techniques that enterprises use to protect themselves against threats

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 12 Security equipment

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 13 Describe the General Methods used to Mitigate Security Threats to Enterprise Networks  Explain the concept of the Network Security Wheel

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 14 Configure Basic Router Security  Explain why the security of routers and their configuration settings is vital to network operation

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 15 Configure Basic Router Security  Describe the basic security measures needed to secure Cisco routers Router(config)# ip access-list standard SSH-access Router(config-std-nacl)# permit host Router(config-std-nacl)# deny any Router(config)# line vty 0 4 Router(config-line)# ip access-class SSH-access in

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 16 SSH configuration

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 17 Explain How to Disable Unused Cisco Router Network Services and Interfaces  Explain how to secure a router with the command-line interface (CLI) auto secure command

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 18 Explain How to Use Cisco SDM  Provide an overview of Cisco SDM

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 19 Manage Cisco IOS Devices  Describe the file systems used by a Cisco router

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 20 Manage Cisco IOS Devices  Describe how to backup and upgrade a Cisco IOS image

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 21 Manage Cisco IOS Devices  Explain how to back up and upgrade Cisco IOS software images using a network server

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 22 Manage Cisco IOS Devices  Explain how to recover a Cisco IOS software image

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 23 Manage Cisco IOS Devices  Explain how to recover the enable password and the enable secret passwords 1)Ctrl+Break 2)Rommon 1> confreg 0x2142 3)Rommon 2> reset 4)Would you like to enter initial router configuration [Yes/no] 5)Router(config)# config-register 0x2102

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 24 Summary  Security Threats to an Enterprise network include: –Unstructured threats –Structured threats –External threats –Internal threats  Methods to lessen security threats consist of: –Device hardening –Use of antivirus software –Firewalls –Download security updates

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 25 Summary  Basic router security involves the following: –Physical security –Update and backup IOS –Backup configuration files –Password configuration –Logging router activity  Disable unused router interfaces & services to minimize their exploitation by intruders  Cisco SDM –A web based management tool for configuring security measures on Cisco routers

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 26 Summary  Cisco IOS Integrated File System (IFS) –Allows for the creation, navigation & manipulation of directories on a cisco device

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 27 Practise LAB DHCP, NAT Accessing the WAN – Chapter 4

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 28 Practise LAB

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 29 Tasks Basic configuration (example) R-1(config)# interface FastEthernet 0/1 R-1(config-if)# ip address dhcp R-1(config-if)# no shutdown R-1(config)# interface FastEthernet 0/0 R-1(config-if)# no shutdown R-1(config)# interface FastEthernet 0/0.101 R-1(config-subif)# encapsulation dot1q 101 R-1(config-subif)# ip address R-1(config)# interface FastEthernet 0/0.200 R-1(config-subif)# encapsulation dot1q 200 R-1(config-subif)# ip address

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 30 Tasks DHCP and DHCP relay R-1(config)# ip dhcp pool VLAN101 R-1(config-dhcp)# network /24 R-1(config-dhcp)# default-router R-1(config-dhcp)# dns-server R-1(config)# ip dhcp pool VLAN102 R-1(config-dhcp)# network /24 R-1(config-dhcp)# default-router R-1(config-dhcp)# dns-server R-1(config)# ip dhcp pool VLAN103 R-1(config-dhcp)# network /24 R-1(config-dhcp)# default-router R-1(config-dhcp)# dns-server

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 31 Practise LAB

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 32 Tasks DHCP and DHCP relay R-2(config)# interface FastEthernet 0/0.102 R-2(config-subif)# encapsulation 102 R-2(config-subif)# ip address R-2(config-subif)# ip helper-address R-2(config-subif)# ip nat inside R-2(config)# router ospf 1 R-2(config-router)# network area 0 R-2(config-router)# network area 0 R-1(config)# router ospf 1 R-1(config-router)# default-information originate R-1(config-router)# network area 0 R-1(config-router)# network area 0 R-1(config-router)# network area 0

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 33 Practise LAB HostC and Host H

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 34 Tasks Dynamic NAT and Static NAT R-1(config)# ip route R-1(config)# ip route R-2(config)# ip access-list standard SNAT R-2(config-std-nacl)# permit R-2(config)# ip nat pool POOL_IP R-2(config)# ip nat inside source list SNAT pool POOL_IP R-2(config)# ip nat inside source static R-2(config)# interface FastEthernet0/0.200 R-2(config-subif)# ip nat inside R-2(config)# interface Serial 0/0 R-2(config-subif)# ip nat outside

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 35 Practise LAB PAT(overloading)

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 36 Tasks Port Address Translation (overloading) R-1(config)# interface FastEthernet 0/0.101 R-1(config-subif)# ip nat inside R-1(config)# interface FastEthernet 0/0.200 R-1(config-subif)# ip nat inside R-1(config)# interface Serial 0/0 R-1(config-if)# ip nat inside R-1(config)# interface Serial 0/1 R-1(config-if)# ip nat inside R-1(config)# interface FastEthernet 0/1 R-1(config-if)# ip nat outside

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 37 Tasks Port Address Translation (overloading) R-1(config)# ip access-list-standard natko R-1(config-std-nacl)# permit R-1(config-std-nacl)# permit R-1(config-std-nacl)# permit R-1(config-std-nacl)# permit R-1(config-std-nacl)# permit R-1(config-std-nacl)# permit R-1(config)# ip nat inside source list natko interface FastEthernet 0/1 overload

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 38 Practise LAB IPv6

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 39 Tasks IPv6 addressing R-1(config)# ipv6 unicast-routing R-1(config)# interface FastEthernet 0/0.333 R-1(config-subif)# encapsulation dot1q 333 R-1(config-subif)# ipv6 address 2001:ac1::1/64 R-1(config)# interface Serial 0/0 R-1(config-if)# ip address R-1(config-if)# ipv6 address 3ffe:12::1/64

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 40 Tasks IPv6 routing R-1(config)# interface FastEthernet 0/0.333 R-1(config-subif)# encapsulation dot1q 333 R-1(config-subif)# ipv6 address 2001:ac1::1/64 R-1(config-if)# ipv6 rip ROUTING enable R-1(config)# interface Serial 0/0 R-1(config-if)# ip address R-1(config-if)# ipv6 address 3ffe:12::1/64 R-1(config-if)# ipv6 rip ROUTING enable R-1(config)# ipv6 router rip ROUTING

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 41 Záver prezentácie Thank you for your attention Moderné vzdelávanie pre vedomostnú spoločnosť. Projekt je spolufinancovaný zo zdrojov EÚ.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.