© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-1 Ethernet LANs Understanding Switch Security.

Slides:



Advertisements
Similar presentations
Configuring a Router Harold Hernandez, MS, CCNI. 3.1 Configuring a Router Name a router Set passwords Examine show commands Configure a serial interface.
Advertisements

Cisco Device Hardening Disabling Unused Cisco Router Network Services and Interfaces.
Mitigating Layer 2 Attacks
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Common Layer 2 Attacks and Countermeasures.
CCNA2-1 Chapter 1 Introduction to Routing and Packet Forwarding CLI Configuration and Addressing.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 2: Introduction to Switched Networks Routing and Switching.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-1 Ethernet LANs Starting a Switch.
Ch. 6 – Switch Configuration CCNA 3 version Overview Identify the major components of a Catalyst switch Monitor switch activity and status using.
1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.1 Module 6 Switch Configuration.
Sybex CCENT Chapter 10: Layer 2 Switching Instructor & Todd Lammle.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-1 Ethernet LANs Operating Cisco IOS Software.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Ch. 7 – Switch Configuration
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Understanding Switch Security Issues.
Securing the Local Area Network
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-1 Module Summary  Ethernet cables and segments can span only a limited physical distance,
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Configuring VLANs.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Securing Network Services.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Initial Switch Configuration Internetworking Fundamentals Instructor: Abdirahman I. Abdi.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—1-1 Configuring Catalyst Switch Operations Configuring a Catalyst Switch.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 Module Summary  Cisco routers operate at Layer 3, and their function is path determination.
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—1-1 Small Network Implementation Introducing the Review Lab.
Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.
Module 6 – Switch Configuration CCNA 3 Cabrillo College.
© 2006 Cisco Systems, Inc. All rights reserved.1 Microsoft Network Load Balancing Support Vivek V
Building Cisco Multilayer Switched Networks (BCMSN)
Cisco Router & Switch Configuration 1. Configuration modes:  Global configuration mode –SwitchX#configure terminal –SwitchX(config)#  Interface configuration.
Operating Cisco IOS Software
LAN Switching and Wireless – Chapter 2
Ch. 6 – Switch Configuration
Network Security1 – Chapter 5 – Secure LAN Switching Layer 2 security –Port security –IP permit lists –Protocol filtering –Controlling LAN floods (using.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Configure a Switch LAN Switching and Wireless – Chapter 2.
Saeed Darvish Pazoki – MCSE, CCNA Abstracted From: Cisco Press – ICND 1 – Chapter 9 Ethernet Switch Configuration 1.
© 2015 Mohamed Samir YouTube channel All rights reserved. Samir CCNP-SWITCHING Mohamed Samir YouTube channel Double.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 LAN Switching and Wireless Basic Switch Concepts and Configuration Chapter.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Module 6 1 Basic Switch Concept Prepared by: Akhyari Nasir Resources form Internet.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 LAN Design LAN Switching and Wireless – Chapter 1.
Basic Router Configuration 1.1 Global configuration Cisco allows us to configure the router to support various protocols and interfaces. The router stores.
User Access to Router Securing Access.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Configure a Switch LAN Switching and Wireless – Chapter 2.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Scaling Networks Scaling Networks.
Enabling Port Security
Module 3 Configuring a Router.
NetPro-ITI Ethernet LANs
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 ver.2 Module 8 City College.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Basic Switch Configurations.
Jose Luis Flores / Amel Walkinshaw
Switching Basics and Intermediate Routing CCNA 3 Chapter 6.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 LAN Connections Understanding Cisco Router Security.
Chapter 2: Configure a Network Operating System
 Router Configurations part1 2 nd semester
Configure and verify operation status of a device interface.
© 2003, Cisco Systems, Inc. All rights reserved. 2-1 Understanding Switch Security.
Cisco LAN Switches.
LAN Switching and Wireless – Chapter 2
Chapter Six Securing the Local Area Network
Layer 2 Attacks and Security
Understanding Switch Security
– Chapter 5 – Secure LAN Switching
Chapter 5: Switch Configuration
Chapter 2: Basic Switching Concepts and Configuration
Switch Concepts and Configuration Part II
Understanding Switch Security
Chapter 5: Switch Configuration
Net 412 (Practical Part) LAB 5-port security
Understanding Cisco Router Security
LAN Switching and Wireless – Chapter 2
Chapter 5: Switch Configuration
5 – Switch Configuration
LAN Switching and Wireless – Chapter 2
Presentation transcript:

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-1 Ethernet LANs Understanding Switch Security

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-2 Common Threats to Physical Installations  Hardware threats  Environmental threats  Electrical threats  Maintenance threats

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-3 Configuring a Switch Password

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-4 Configuring the Login Banner  Defines and enables a customized banner to be displayed before the username and password login prompts. SwitchX# banner login " Access for authorized users only. Please enter your username and password. "

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-5 Telnet vs. SSH Access  Telnet –Most common access method –Insecure  SSH-encrypted !– The username command create the username and password for the SSH session Username cisco password cisco ip domain-name mydomain.com crypto key generate rsa ip ssh version 2 line vty 0 4 login local transport input ssh

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-6 Cisco Catalyst 2960 Series SwitchX(config-if)#switchport port-security [ mac-address mac-address | mac-address sticky [mac-address] | maximum value | violation {restrict | shutdown}] SwitchX(config)#interface fa0/5 SwitchX(config-if)#switchport mode access SwitchX(config-if)#switchport port-security SwitchX(config-if)#switchport port-security maximum 1 SwitchX(config-if)#switchport port-security mac-address sticky SwitchX(config-if)#switchport port-security violation shutdown Configuring Port Security

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-7 SwitchX#show port-security [interface interface-id] [address] [ | {begin | exclude | include} expression] SwitchX#show port-security interface fastethernet 0/5 Port Security : Enabled Port Status : Secure-up Violation Mode : Shutdown Aging Time : 20 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 0 Sticky MAC Addresses : 0 Last Source Address : Security Violation Count : 0 Verifying Port Security on the Catalyst 2960 Series

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-8 SwitchX#sh port-security Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count) Fa0/ Shutdown Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 1024 SwitchX#sh port-security address Secure Mac Address Table Vlan Mac Address Type Ports Remaining Age (mins) dddd.eeee SecureConfigured Fa0/ Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 1024 Verifying Port Security on the Catalyst 2960 Series (Cont.)

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-9 Securing Unused Ports  Unsecured ports can create a security hole.  A switch plugged into an unused port will be added to the network.  Secure unused ports by disabling interfaces (ports).

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-10 Disabling an Interface (Port) shutdown SwitchX(config-int)#  To disable an interface, use the shutdown command in interface configuration mode.  To restart a disabled interface, use the no form of this command.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-11 Summary  The first level of security is physical.  Passwords can be used to limit access to users that have been given the password.  The login banner can be used to display a message before the user is prompted for a username.  Telnet sends session traffic in cleartext; SSH encrypts the session traffic.  Port security can be used to limit MAC addresses to a port.  Unused ports should be shut down.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-12

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.