1. Enterprise Network Security
Accessing the WAN – Chapter 4

2. Objectives
Describe the general methods used to mitigate security threats to Enterprise networks
Configure Basic Router Security
Explain how to disable unused Cisco router network services and interfaces
Explain how to use Cisco SDM
Manage Cisco IOS devices

3. Security Threats
White hat-An individual who looks for vulnerabilities in systems or networks and then reports these vulnerabilities to the owners of the system so that they can be fixed. They are ethically opposed to the abuse of computer systems. A white hat generally focuses on securing IT systems, whereas a black hat (the opposite) would like to break into them.
Hacker-A general term that has historically been used to describe a computer programming expert. More recently, this term is often used in a negative way to describe an individual that attempts to gain unauthorized access to network resources with malicious intent.

4. Security Threats Continued
Black hat - Another term for individuals who use their knowledge of computer systems to break into systems or networks that they are not authorized to use, usually for personal or financial gain. A cracker is an example of a black hat.
Cracker - A more accurate term to describe someone who tries to gain unauthorized access to network resources with malicious intent.
Phreaker - An individual who manipulates the phone network to cause it to perform a function that is not allowed. A common goal of phreaking is breaking into the phone network, usually through a payphone, to make free long distance calls.

5. Security Threats Continued
Phreaker - An individual who manipulates the phone network to cause it to perform a function that is not allowed. A common goal of phreaking is breaking into the phone network, usually through a payphone, to make free long distance calls.
Spammer - An individual who sends large quantities of unsolicited messages. Spammers often use viruses to take control of home computers and use them to send out their bulk messages.
Phisher - Uses or other means to trick others into providing sensitive information, such as credit card numbers or passwords. A phisher masquerades as a trusted party that would have a legitimate need for the sensitive information.

6. Describe the General Methods used to Mitigate Security Threats to Enterprise Networks
Explain how sophisticated attack tools and open networks have created an increased need for network security and dynamic security policies
Graphic (moving the icon show start and end)
Graphic (if space is an issue then just show open & closed)

7. Security Policy
RFC2196 states that a "security policy is a formal statement of the rules by which people who are given access to an organization's technology and information assets must abide.“
The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) have published a security standard document called ISO/IEC This document refers specifically to information technology and outlines a code of practice for information security management.

8. ISO/IEC 27002 - 12 Sections Risk assessment Security policy
Organization of information security
Asset management
Human resources security
Physical and environmental security
Communications and operations management
Access control
Information systems acquisition, development, and maintenance
Information security incident management
Business continuity management
Compliance

9. Security Policy Function
Protects people and information
Sets the rules for expected behavior by users, system administrators, management, and security personnel
Authorizes security personnel to monitor, probe, and investigate
Defines and authorizes the consequences of violations

11. Physical Security Threats

12. Describe the General Methods used to Mitigate Security Threats to Enterprise Networks
Describe the most common security threats and how they impact enterprises
Graphic

13. Describe the General Methods used to Mitigate Security Threats to Enterprise Networks
Describe the most common types of network attacks and how they impact enterprises
Graphic

14. Reconnaissance
Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities. It is also known as information gathering and, in most cases, it precedes another type of attack. Reconnaissance is similar to a thief casing a neighborhood for vulnerable homes to break into, such as an unoccupied residence, easy-to-open doors, or open windows.
Internet information queries
Ping sweeps
Port scans
Packet sniffers

15. System Access
System access is the ability for an intruder to gain access to a device for which the intruder does not have an account or a password. Entering or accessing systems usually involves running a hack, script, or tool that exploits a known vulnerability of the system or application being attacked.

16. Denial of Service
Denial of service (DoS) is when an attacker disables or corrupts networks, systems, or services with the intent to deny services to intended users. DoS attacks involve either crashing the system or slowing it down to the point that it is unusable.
DoS can also be as simple as deleting or corrupting information.
In most cases, performing the attack involves simply running a hack or script. For these reasons, DoS attacks are the most feared.

17. Denial of Service

18. TCP SYN Flood Attack
A flood of TCP SYN packets is sent, often with a forged sender address.
Each packet is handled like a connection request, causing the server to spawn a half-open connection by sending back a TCP SYN-ACK packet and waiting for a packet in response from the sender address.
The response never comes.
These half-open connections saturate the number of available connections the server is able to make, keeping it from responding to legitimate requests until after the attack ends.

19. Worms, Viruses and Trojan Horses
Malicious software can be inserted onto a host to damage or corrupt a system, replicate itself, or deny access to networks, systems, or services. Common names for this type of software are worms, viruses, and Trojan horses.

20. Describe the General Methods used to Mitigate Security Threats to Enterprise Networks
Describe the common mitigation techniques that enterprises use to protect themselves against threats
Graphics &
Personal firewall
Antivirus
OS patches

21. Describe the General Methods used to Mitigate Security Threats to Enterprise Networks
Explain the concept of the Network Security Wheel
Graphic

22. The Security Wheel Continuous process Develop security policy
Secure the network
Monitor Security
Test
Improve

23. The Role of Routers in Network Security
Advertise networks and filter who can use them.
Provide access to network segments and subnetworks.

24. Routers are Targets - Router Security
Physical security
Regular router IOS upgrades
Router configuration and IOS backups
Port Security
Disable unused services

25. Configure Basic Router Security
Graphic

27. Encrypt Passwords

28. Passwords
Always use the <enable secret> password command

29. Minimum Length

30. Securing Remote Access

31. Preventing Logins on Unused Lines

32. Control Incoming VTY Access

33. Remote Access with SSH
SSH uses port 22

34. SSH Configurations Step 1: configure router hostname
Step 2: set the domain name
Step 3: generate asymmetric keys
Step 4: configure local authentication and VTY protocol
Step 5: configure ssh timeouts
Step 6: use ssh

35. Sample SSH Configuration
username student password 0 cisco ! ip ssh version 1 ip ssh time-out 15 ip ssh authentication-retries 2 ip domain-name cisco.com line vty 0 5 login local transport input ssh

36. Verifying SSH
r1#sho ip ssh SSH Enabled - version 1 Authentication timeout: 120 secs; Authentication retries: 3
More SSH Information in the Network Security course

37. Show crypto key

38. Logging Router Activity
Logs allow you to verify that a router is working properly or to determine whether the router has been compromised. In some cases, a log can show what types of probes or attacks are being attempted against the router or the protected network.
Configuring logging (syslog) on the router should be done carefully.
Send the router logs to a designated log host. The log host should be connected to a trusted or protected network or an isolated and dedicated router interface.
Harden the log host by removing all unnecessary services and accounts.

39. Explain How to Disable Unused Cisco Router Network Services and Interfaces
Describe the router services and interfaces that are vulnerable to network attack
Graphic

40. Disable Unused Services

41. Explain How to Disable Unused Cisco Router Network Services and Interfaces
Explain the vulnerabilities posed by commonly configured management services
Graphic
Covered in CCNP Course

42. Securing Routing Protocols
Falsified routing information may generally be used to cause systems to misinform (lie to) each other, cause a DoS, or cause traffic to follow a path it would not normally follow. The consequences of falsifying routing information are as follows:
1. Redirect traffic to create routing loops as shown in the figure
2. Redirect traffic so it can be monitored on an insecure link
3. Redirect traffic to discard it

43. Routing Protocol Authentication

44. Routing Updates Authentication

45. Verify RIP

46. OSPF Authentication

47. EIGRP Authentication

48. Auto Secure
Cisco AutoSecure uses a single command to disable non-essential system processes and services, eliminating potential security threats. You can configure AutoSecure in privileged EXEC mode using the auto secure command in one of these two modes:
Interactive mode - This mode prompts you with options to enable and disable services and other security features. This is the default mode.
Non-interactive mode - This mode automatically executes the auto secure command with the recommended Cisco default settings. This mode is enabled with the no-interact command option.

49. Securing the Router with AutoSecure

50. Security Device Manager (SDM)
The Cisco Router and Security Device Manager (SDM) is an easy-to-use, web-based device-management tool designed for configuring LAN, WAN, and security features on Cisco IOS software-based routers.
The SDM files can be installed on the router, a PC, or on both. An advantage of installing SDM on the PC is that it saves router memory, and allows you to use SDM to manage other routers on the network. If Cisco SDM is pre-installed on the router, Cisco recommends using Cisco SDM to perform the initial configuration.

51. SDM Features

52. Configuring a Router to Support SDM
Privilege level 15 = enable privileges

53. Explain How to Use Cisco SDM
Provide an overview of Cisco SDM
Graphics &

54. Explain How to Use Cisco SDM
Explain the steps to configure a router to use Cisco SDM
Graphic

55. Explain How to Use Cisco SDM
Explain the steps you follow to start SDM
Graphic

56. Explain How to Use Cisco SDM
Describe the Cisco SDM Interface
Graphic (if possible try to make it so that the graphic is more clear - it looks slightly blurry to me) It might also be helpful if the blue tabs could be moved to the right so that things like the IOS version can be observed.

57. Explain How to Use Cisco SDM
Describe the commonly used Cisco SDM wizards
Graphic

58. Explain How to Use Cisco SDM
Explain how to use Cisco SDM for locking down your router
Graphic

59. SDM - End of Life Cisco announced the end of life for SDM
SDM will is replaced by Cisco Configuration Professional (CCP)
Latest release 2.5
Download at Cisco.com

60. Manage Cisco IOS Devices
Graphic
Not on Packet Tracer

61. Flash

62. NVRAM
Not on PacketTracer

63. Managing Configuration Files
Graphic

64. Cisco File Naming Convention

65. TFTP Servers

66. Manage Cisco IOS Devices
Explain how to back up and upgrade Cisco IOS software images using a network server
Graphics &

67. Upgrading the IOS - Step 1

68. Upgrading the IOS - Step 2

69. Upgrading the IOS - Step 3

70. Restoring IOS Images
Graphic &

71. Connect to TFTP Server

72. Prepare the Router Make sure you have the correct file name
Show version

73. Download the file
You can also copy the file from a “healthy” router

74. Manage Cisco IOS Devices
Compare the use of the show and debug commands when troubleshooting Cisco router configurations
Graphic

75. Troubleshooting Commands
Show commands
Debug commands

76. Debug Command Considerations
The debug commands may generate too much data that is of little use for a specific problem.
Normally, knowledge of the protocol or protocols being debugged is required to properly interpret the debug outputs.
When using debug troubleshooting tools, output formats vary with each protocol.
Some generate a single line of output per packet, others generate multiple lines of output per packet. Some debug commands generate large amounts of output; others generate only occasional output. Some generate lines of text, and others generate information in field format.
Plan its use carefully – debug is cpu intensive

77. Commands Related to Debug

78. Router Password Recovery
Graphic

79. Configuration Register
The configuration register is similar to your PC BIOS settings, which control the bootup process.
Among other things, the BIOS tells the PC from which hard disk to boot.
In a router, a configuration register, represented by a single hexadecimal value, tells the router what specific steps to take when powered on. Configuration registers have many uses, and password recovery is probably the most used.

80. Router Password Recovery Procedure
4.5.7 – Good explanation!

81. Show version
If you require further assistance please contact us by sending to Cisco 1841 (revision 5.0) with K/16384K bytes of memory. Processor board ID FTX0947Z18E M860 processor: part number 0, mask 49 2 FastEthernet/IEEE interface(s) 191K bytes of NVRAM K bytes of ATA CompactFlash (Read/Write) Configuration register is 0x2102

82. Summary Security Threats to an Enterprise network include:
Unstructured threats
Structured threats
External threats
Internal threats
Methods to lessen security threats consist of:
Device hardening
Use of antivirus software
Firewalls
Download security updates
For the graphic , shouldn’t the title be written in past tense? It looks like the same graphic used in the introduction.

83. Summary Basic router security involves the following:
Physical security
Update and backup IOS
Backup configuration files
Password configuration
Logging router activity
Disable unused router interfaces & services to minimize their exploitation by intruders
Cisco SDM
A web based management tool for configuring security measures on Cisco routers

84. Summary Cisco IOS Integrated File System (IFS)
Allows for the creation, navigation & manipulation of directories on a cisco device