Carlos Armas Roundtrip Networks Hervey Allen NSRC.

Slides:



Advertisements
Similar presentations
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 8 – PIX Security Appliance Contexts, Failover, and Management.
Advertisements

Cisco Device Hardening Disabling Unused Cisco Router Network Services and Interfaces.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Securing the Router Chris Cunningham.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Common Layer 2 Attacks and Countermeasures.
1 Passwords and Banners Cisco Devices Packet Tracer.
Implementing a Highly Available Network
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 ver.2 Module 5 City College.
1 CCNA 2 v3.1 Module 4. 2 CCNA 2 Module 4 Learning about Devices.
Introduction to the Cisco IOS
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod5_L8 1 Implementing Secure Converged Wide Area Networks (ISCW)
Chapter 13 Chapter 13: Managing Internet and Network Interoperability.
© 2015 Mohamed Samir YouTube channel All rights reserved. Samir CCNP-SWITCHING Mohamed Samir YouTube channel Double.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Securing Network Services.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.
Sybex CCNA Chapter 7: Managing a Cisco Internetwork Instructor & Todd Lammle.
Router Hardening Nancy Grover, CISSP ISC2/ISSA Security Conference November 2004.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
NMS Labs Mikko Suomi LAB1 Choose SNMP device managment software Features: –Gives Nice overview of network –Bandwith monitoring –Multible.
2010 Cisco Configuration Elements APRICOT 2010 Kuala Lumpur, Malaysia.
CLI modes Accessing the configuration Basic configuration (hostname and DNS) Authentication and authorization (AAA) Log collection Time Synchronization.
CLI modes Accessing the configuration Basic configuration (hostname and DNS) Authentication and authorization (AAA) Log collection Time Synchronization.
© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public TSHOOT v6 Chapter 1 1 Chapter 1: Planning Maintenance for Complex Networks CCNP TSHOOT:
Chapter 2: Securing Network Devices
System logging and monitoring
Network Management Tool Amy Auburger. 2 Product Overview Made by Ipswitch Affordable alternative to expensive & complicated Network Management Systems.
1 © 2007 Cisco Systems, Inc. All rights reserved.Cisco Public Remote access typically involves allowing telnet, SSH connections to the router Remote requires.
These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (
Saeed Darvish Pazoki – MCSE, CCNA Abstracted From: Cisco Press – ICND 1 – Chapter 9 Ethernet Switch Configuration 1.
© 2015 Mohamed Samir YouTube channel All rights reserved. Samir CCNP-SWITCHING Mohamed Samir YouTube channel Double.
CIS 290 LINUX Security Tripwire file integrity and change management tool and log monitoring.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Module 6 1 Basic Switch Concept Prepared by: Akhyari Nasir Resources form Internet.
APRICOT 2008 Network Management Taipei, Taiwan February 20-24, 2008 Cisco configuration elelements.
Cisco Configuration Elements Network Monitoring and Management Tutorial.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 5 – Configure Site-to-Site VPNs Using Digital Certificates.
User Access to Router Securing Access.
Slide 1 SNMPv3, SSH & Cisco Matthew G. Marsh Chief Scientist of the NEbraskaCERT.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Network Security 2 Module 7 – Secure Network Architecture and Management.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.
Verify that timestamps for debugging and logging messages has been enabled. Verify the severity level of events that are being captured. Verify that the.
NetPro-ITI Ethernet LANs
These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (
Chapter 5 Managing a Cisco Internetwork
Jose Luis Flores / Amel Walkinshaw
Configuring AAA requires four basic steps: 1.Enable AAA (new-model). 2.Configure security server network parameters. 3.Define one or more method lists.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-1 Ethernet LANs Understanding Switch Security.
Lesson 3a © 2005 Cisco Systems, Inc. All rights reserved. CSPFA v4.0—19-1 System Management and Maintenance.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 LAN Connections Understanding Cisco Router Security.
 Router Configurations part1 2 nd semester
LAN Switching Virtual LANs. Virtual LAN Concepts A LAN includes all devices in the same broadcast domain. A broadcast domain includes the set of all LAN-connected.
Cisco LAN Switches.
CISCO CONFIGURATION ELEMENTS 1. Overview Basic things that we need to make sure are configured on a Cisco router (and switch) to do proper network management.
Cisco configuration elelements
Module 4: Configuring Site to Site VPN with Pre-shared keys
Working at a Small-to-Medium Business or ISP – Chapter 8
Understanding Switch Security
CCNA Routing and Switching Routing and Switching Essentials v6.0
Chapter 10: Device Discovery, Management, and Maintenance
Cisco configuration elements
CCNA Routing and Switching Routing and Switching Essentials v6.0
IST 202 Chapter 4.
Chapter 2: Basic Switching Concepts and Configuration
Understanding Switch Security
– Chapter 3 – Device Security (B)
Chapter 10: Device Discovery, Management, and Maintenance
Understanding Cisco Router Security
Chapter 8: Monitoring the Network
– Chapter 3 – Device Security (B)
Presentation transcript:

Carlos Armas Roundtrip Networks Hervey Allen NSRC

Basic configuration (hostname and DNS) Authentication and authorization (AAA) Log collection Synchronization (date/hora/timezone) SNMP configuration Cisco Discovery Protocol (CDP)

Basic configuration (hostname and DNS) Assign a name rtr(config)# hostname pcx-pc1-rtr.noc.com Assign a domain rtr(config)# ip domain-name noc.com Assign a DNS server rtr(config)# ip name-server

 Configure passwords in the most secure manner. ◦ Use the improved method in place of the traditional ◦ Improved method uses hash function ◦ Traditional: enable password 7 wer56$21 user admin password 7 sdf!231 ◦ Improved enable secret 7 wer56$21 user admin secret 7 sdf!231

 Utilize SSH, disable telnet (only use telnet if no other option)  Configuring with a 2048 byte key: ◦ aaa new-model ◦ ip domain name domain.name ◦ crypto key generate rsa modulus 2048 label rtr.domain.name  Verify key creation: ◦ show crypto key mypubkey rsa  Assign the key that SSH is going to use: ◦ ip ssh rsa keypair-name rtr.domain.name  Restrict to only use SSH version 2. Optionally register events: ◦ ip ssh logging events ◦ ip ssh version 2

 Send logs to the syslog server: logging  Identify what channel will be used (local0 to local7):  logging facility local5  Up to what priority level do you wish to record?:  logging trap  Logging severity level  alerts Immediate action needed (severity=1)  critical Critical conditions (severity=2)  debugging Debugging messages (severity=7)  emergencies System is unusable (severity=0)  errors Error conditions (severity=3)  informational Informational messages (severity=6)  notifications Normal but significant conditions (severity=5)  warnings Warning conditions (severity=4)

It is essential that all parts of our network are time-synchronized In config mode: ntp server pool.ntp.org clock timezone Leon -6 If your site observes daylight savings time you can do: clock summer-time recurring last Sun Mar 2:00 last Sun Oct 3:00 Verify show clock 11:20: CMT Tue Aug s how ntp status Clock is synchronized, stratum 3, reference is nominal freq is Hz, actual freq is Hz, precision is 2**18 reference time is D002CE85.D35E87B9 (11:21: CMT Tue Aug ) clock offset is msec, root delay is msec root dispersion is msec, peer dispersion is 2.20 msec

We recommend utilizing SNMP version 3: ◦ Same facilities as version 2 ◦ But, with access protection and encryption  Configuring SNMP v3: ◦ snmp-server view included ◦ snmp-server group v3 auth read ◦ snmp-server user v3 auth [ priv des56 ] ◦ Example: Configure a user with complete access to the SNMP tree, read only. Password is hashed via MD5 (Auth) and without encrypting the SNMP response: snmp-server view vista-ro internet included snmp-server group ReadGroup v3 auth read vista-ro snmp-server user admin ReadGroup v3 auth md5 xk122r56

Enabled by default in most modern routers Use this only if you must enable CDP: cdp enable Or cdp run in older CISCO IOS versions Tools to visualize/view CDP announcements: tcpdump cdpr Wireshark To see CDP announcements in IOS: show cdp neighbors

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.