Presentation is loading. Please wait.

Presentation is loading. Please wait.

Verify that management VLAN has been reassigned. Verify that operational VLANs do not have access to the management VLAN. Verify that the ports in the.

Published byRandell Mitchell Burke Modified over 9 years ago

Similar presentations

Presentation on theme: "Verify that management VLAN has been reassigned. Verify that operational VLANs do not have access to the management VLAN. Verify that the ports in the."— Presentation transcript:

1 Verify that management VLAN has been reassigned. Verify that operational VLANs do not have access to the management VLAN. Verify that the ports in the management VLAN are not configured as trunks.

2 A trunk is a point-to-point link between two network devices that carries traffic for more than one VLAN. A trunk allows you to extend the VLANs across an entire network. A trunk does not belong to a specific VLAN, rather it is a conduit for VLANs between switches and routers.

3 DTP is implemented by default on Cisco switches. DTP automatically negotiates how the port will operate, trunk or access mode. By default, a Cisco Ethernet port's default DTP mode is "dynamic desirable”, which enables a port to go to trunk mode automatically. Review the switch configuration to verify that DTP is disabled.

4  VTP is a Cisco-proprietary messaging protocol used to distribute VLAN configuration information over trunks.  A switch may be in one of three VTP modes: server, transparent and client.  In server mode administrators can create, modify and delete VLANs for the entire VTP management domain.  By default, VTP – no authentication and the switch is in VTP Server mode.

5 If VTP is necessary, verify the following: VTP management domain is established. A strong password is assigned to the VTP management domain. Non-management switches are configured in client mode.

6 By auditing device for these basic hardening steps, overall security of the network can be improved. However, in all cases, a comprehensive review should be performed. Reference the works cited page for links to documented security configuration benchmarks and checklists.

7 Mark Krawczyk mwkrawczyk@charter.net

8 Router Security Guidance Activity of the System and Network Attack Center (SNAC), 2005 http://www.nsa.gov/ia/_files/routers/C4-040R-02.pdf Cisco IOS Switch Security Configuration Guide, http://www.nsa.gov/ia/http://www.nsa.gov/ia/ Center for Internet Security, http://benchmarks.cisecurity.org/downloads/audit-tools/http://benchmarks.cisecurity.org/downloads/audit-tools/ US-Cert, https://www.us-cert.gov/security-publicationshttps://www.us-cert.gov/security-publications Information Assurance Support Environment, http://iase.disa.mil/stigs/http://iase.disa.mil/stigs/ SANS Institute InfoSec Reading Room - Cisco Router Hardening Step-by-Step www.sans.org www.sans.org Cisco Checklist - www.sans.orgwww.sans.org Configuring a Cisco Router with TACACS+ Authentication. http://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller- access-control-system-tacacs-/13865-tacplus.html http://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller- access-control-system-tacacs-/13865-tacplus.html Cisco Guide to Harden Cisco IOS Devices, Document ID: 13608 http://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html http://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html Various Articles related to Cisco device security, http://www.ciscopress.com/articles/http://www.ciscopress.com/articles/ NIST – National Vulnerability Database http://web.nvd.nist.gov/http://web.nvd.nist.gov/ ISACA – www.isaca.orgwww.isaca.org

Download ppt "Verify that management VLAN has been reassigned. Verify that operational VLANs do not have access to the management VLAN. Verify that the ports in the."

Similar presentations

Virtual Trunk Protocol

Virtual Trunk Protocol
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implement VTP LAN Switching and Wireless – Chapter 4.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implement VTP LAN Switching and Wireless – Chapter 4.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.
Virtual LANs.

Virtual LANs.
VLANs Module 2. 2 VLANs  VLANs  Trunking  VLAN Trunking Protocol (VTP)

VLANs Module 2. 2 VLANs  VLANs  Trunking  VLAN Trunking Protocol (VTP)
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 VLANs LAN Switching and Wireless – Chapter 3.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 VLANs LAN Switching and Wireless – Chapter 3.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implement VTP LAN Switching and Wireless – Chapter 4.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implement VTP LAN Switching and Wireless – Chapter 4.
© Wiley Inc. 2006. All Rights Reserved. CCNA: Cisco Certified Network Associate Study Guide CHAPTER 8: Virtual LANs (VLANs)

© Wiley Inc All Rights Reserved. CCNA: Cisco Certified Network Associate Study Guide CHAPTER 8: Virtual LANs (VLANs)
Sybex CCNA 640-802 Chapter 9: VLAN’s Instructor & Todd Lammle.

Sybex CCNA Chapter 9: VLAN’s Instructor & Todd Lammle.
VLAN Trunking Protocol (VTP) W.lilakiatsakun. VLAN Management Challenge (1) It is not difficult to add new VLAN for a small network.

VLAN Trunking Protocol (VTP) W.lilakiatsakun. VLAN Management Challenge (1) It is not difficult to add new VLAN for a small network.
Ethernet Errors and Problems

Ethernet Errors and Problems
VTP VLAN Trunking Protocol

VTP VLAN Trunking Protocol
TCP/SYN Attack – use ACL to allow traffic from TCP connections that were established from the internal network and block packets from an external network.

TCP/SYN Attack – use ACL to allow traffic from TCP connections that were established from the internal network and block packets from an external network.
VLAN Trunking Protocol

VLAN Trunking Protocol
CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VLANs.

CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VLANs.
VLAN Trunking Protocol (VTP)

VLAN Trunking Protocol (VTP)
Building Cisco Multilayer Switched Networks (BCMSN)

Building Cisco Multilayer Switched Networks (BCMSN)
VLAN Trunking Protocol (VTP)

VLAN Trunking Protocol (VTP)
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBCMSN 2 - 5 1 BCMSN v3.0—2-1 Correcting Common VLAN Configuration Errors BSMSN Module.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBCMSN BCMSN v3.0—2-1 Correcting Common VLAN Configuration Errors BSMSN Module.

Similar presentations

Ads by Google