Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Enterprise Network Security Accessing the WAN – Chapter 4.

Published byOphelia Mathews Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Enterprise Network Security Accessing the WAN – Chapter 4."— Presentation transcript:

1 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Enterprise Network Security Accessing the WAN – Chapter 4

2 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 2 Objectives  Describe the general methods used to mitigate security threats to Enterprise networks  Configure Basic Router Security  Explain how to disable unused Cisco router network services and interfaces  Explain how to use Cisco SDM  Manage Cisco IOS devices

3 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 3 Why is network security important We want to live secure We want to have our data secured We want to have our communication secured

4 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 4 Describe the General Methods used to Mitigate Security Threats to Enterprise Networks  Explain how sophisticated attack tools and open networks have created an increased need for network security and dynamic security policies

5 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 5 Security policy Risk assessment Security policy Organization of information security Asset management Human resources security Physical and environmental security Communications and operations management

6 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 6 Security levels NO !

7 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 7 Number of Attacks

8 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 8 Describe the General Methods used to Mitigate Security Threats to Enterprise Networks Social engineering?

9 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 9 Access Attacks

10 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 10 Denial of Service attacks

11 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 11 Describe the General Methods used to Mitigate Security Threats to Enterprise Networks  Describe the common mitigation techniques that enterprises use to protect themselves against threats

12 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 12 Security equipment

13 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 13 Describe the General Methods used to Mitigate Security Threats to Enterprise Networks  Explain the concept of the Network Security Wheel

14 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 14 Configure Basic Router Security  Explain why the security of routers and their configuration settings is vital to network operation

15 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 15 Configure Basic Router Security  Describe the basic security measures needed to secure Cisco routers Router(config)# ip access-list standard SSH-access Router(config-std-nacl)# permit host 147.232.22.1 Router(config-std-nacl)# deny any Router(config)# line vty 0 4 Router(config-line)# ip access-class SSH-access in

16 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 16 SSH configuration

17 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 17 Explain How to Disable Unused Cisco Router Network Services and Interfaces  Explain how to secure a router with the command-line interface (CLI) auto secure command

18 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 18 Explain How to Use Cisco SDM  Provide an overview of Cisco SDM

19 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 19 Manage Cisco IOS Devices  Describe the file systems used by a Cisco router

20 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 20 Manage Cisco IOS Devices  Describe how to backup and upgrade a Cisco IOS image

21 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 21 Manage Cisco IOS Devices  Explain how to back up and upgrade Cisco IOS software images using a network server

22 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 22 Manage Cisco IOS Devices  Explain how to recover a Cisco IOS software image

23 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 23 Manage Cisco IOS Devices  Explain how to recover the enable password and the enable secret passwords 1)Ctrl+Break 2)Rommon 1> confreg 0x2142 3)Rommon 2> reset 4)Would you like to enter initial router configuration [Yes/no] 5)Router(config)# config-register 0x2102

24 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 24 Summary  Security Threats to an Enterprise network include: –Unstructured threats –Structured threats –External threats –Internal threats  Methods to lessen security threats consist of: –Device hardening –Use of antivirus software –Firewalls –Download security updates

25 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 25 Summary  Basic router security involves the following: –Physical security –Update and backup IOS –Backup configuration files –Password configuration –Logging router activity  Disable unused router interfaces & services to minimize their exploitation by intruders  Cisco SDM –A web based management tool for configuring security measures on Cisco routers

26 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 26 Summary  Cisco IOS Integrated File System (IFS) –Allows for the creation, navigation & manipulation of directories on a cisco device

27 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 27 Practise LAB DHCP, NAT Accessing the WAN – Chapter 4

28 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 28 Practise LAB

29 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 29 Tasks Basic configuration (example) R-1(config)# interface FastEthernet 0/1 R-1(config-if)# ip address dhcp R-1(config-if)# no shutdown R-1(config)# interface FastEthernet 0/0 R-1(config-if)# no shutdown R-1(config)# interface FastEthernet 0/0.101 R-1(config-subif)# encapsulation dot1q 101 R-1(config-subif)# ip address 192.168.101.1 255.255.255.0 R-1(config)# interface FastEthernet 0/0.200 R-1(config-subif)# encapsulation dot1q 200 R-1(config-subif)# ip address 10.10.10.1 255.255.255.0

30 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 30 Tasks DHCP and DHCP relay R-1(config)# ip dhcp pool VLAN101 R-1(config-dhcp)# network 192.168.101.0 /24 R-1(config-dhcp)# default-router 192.168.101.1 R-1(config-dhcp)# dns-server 147.232.22.1 R-1(config)# ip dhcp pool VLAN102 R-1(config-dhcp)# network 192.168.102.0 /24 R-1(config-dhcp)# default-router 192.168.102.1 R-1(config-dhcp)# dns-server 147.232.22.1 R-1(config)# ip dhcp pool VLAN103 R-1(config-dhcp)# network 192.168.103.0 /24 R-1(config-dhcp)# default-router 192.168.103.1 R-1(config-dhcp)# dns-server 147.232.22.1

31 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 31 Practise LAB

32 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 32 Tasks DHCP and DHCP relay R-2(config)# interface FastEthernet 0/0.102 R-2(config-subif)# encapsulation 102 R-2(config-subif)# ip address 192.168.102.1 255.255.255.0 R-2(config-subif)# ip helper-address 192.168.1.2 R-2(config-subif)# ip nat inside R-2(config)# router ospf 1 R-2(config-router)# network 192.168.1.0 0.0.0.3 area 0 R-2(config-router)# network 192.168.102.0 0.0.0.3 area 0 R-1(config)# router ospf 1 R-1(config-router)# default-information originate R-1(config-router)# network 192.168.1.0 0.0.0.3 area 0 R-1(config-router)# network 192.168.2.0 0.0.0.3 area 0 R-1(config-router)# network 192.168.101.0 0.0.0.255 area 0

33 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 33 Practise LAB HostC and Host H

34 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 34 Tasks Dynamic NAT and Static NAT R-1(config)# ip route 10.10.12.0 255.255.255.0 192.168.1.2 R-1(config)# ip route 10.10.13.0 255.255.255.0 192.168.2.2 R-2(config)# ip access-list standard SNAT R-2(config-std-nacl)# permit 10.10.10.0 0.0.0.255 R-2(config)# ip nat pool POOL_IP 10.10.12.2 10.10.12.255 R-2(config)# ip nat inside source list SNAT pool POOL_IP R-2(config)# ip nat inside source static 10.10.10.100 10.10.12.1 R-2(config)# interface FastEthernet0/0.200 R-2(config-subif)# ip nat inside R-2(config)# interface Serial 0/0 R-2(config-subif)# ip nat outside

35 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 35 Practise LAB PAT(overloading)

36 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 36 Tasks Port Address Translation (overloading) R-1(config)# interface FastEthernet 0/0.101 R-1(config-subif)# ip nat inside R-1(config)# interface FastEthernet 0/0.200 R-1(config-subif)# ip nat inside R-1(config)# interface Serial 0/0 R-1(config-if)# ip nat inside R-1(config)# interface Serial 0/1 R-1(config-if)# ip nat inside R-1(config)# interface FastEthernet 0/1 R-1(config-if)# ip nat outside

37 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 37 Tasks Port Address Translation (overloading) R-1(config)# ip access-list-standard natko R-1(config-std-nacl)# permit 192.168.101.0 0.0.0.255 R-1(config-std-nacl)# permit 192.168.102.0 0.0.0.255 R-1(config-std-nacl)# permit 192.168.103.0 0.0.0.255 R-1(config-std-nacl)# permit 10.10.10.0 0.0.0.255 R-1(config-std-nacl)# permit 10.10.12.0 0.0.0.255 R-1(config-std-nacl)# permit 10.10.13.0 0.0.0.255 R-1(config)# ip nat inside source list natko interface FastEthernet 0/1 overload

38 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 38 Practise LAB IPv6

39 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 39 Tasks IPv6 addressing R-1(config)# ipv6 unicast-routing R-1(config)# interface FastEthernet 0/0.333 R-1(config-subif)# encapsulation dot1q 333 R-1(config-subif)# ipv6 address 2001:ac1::1/64 R-1(config)# interface Serial 0/0 R-1(config-if)# ip address 192.168.1.1 255.255.255.252 R-1(config-if)# ipv6 address 3ffe:12::1/64

40 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 40 Tasks IPv6 routing R-1(config)# interface FastEthernet 0/0.333 R-1(config-subif)# encapsulation dot1q 333 R-1(config-subif)# ipv6 address 2001:ac1::1/64 R-1(config-if)# ipv6 rip ROUTING enable R-1(config)# interface Serial 0/0 R-1(config-if)# ip address 192.168.1.1 255.255.255.252 R-1(config-if)# ipv6 address 3ffe:12::1/64 R-1(config-if)# ipv6 rip ROUTING enable R-1(config)# ipv6 router rip ROUTING

41 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 41 Záver prezentácie Thank you for your attention Moderné vzdelávanie pre vedomostnú spoločnosť. Projekt je spolufinancovaný zo zdrojov EÚ.

Download ppt "© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Enterprise Network Security Accessing the WAN – Chapter 4."

Similar presentations

192.168.0.0/30 Host Name : R1 Serial 0/0/0.1.2 Host Name : R2 Router Lab 3 : 2 - Routers Connection DTE DCE.

/30 Host Name : R1 Serial 0/0/0.1.2 Host Name : R2 Router Lab 3 : 2 - Routers Connection DTE DCE.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 8 - 5 1 Using IPv6 with IPv4 BSCI Module 8 – Lesson 5.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI Using IPv6 with IPv4 BSCI Module 8 – Lesson 5.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 10: DHCP Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 10: DHCP Routing & Switching.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement VTP LAN Switching and Wireless – Chapter 4.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement VTP LAN Switching and Wireless – Chapter 4.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Troubleshooting Working at a Small-to-Medium Business or ISP – Chapter 9.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Troubleshooting Working at a Small-to-Medium Business or ISP – Chapter 9.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Lecture14: DHCP Switched Networks Assistant Professor Pongpisit Wuttidittachotti,

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Lecture14: DHCP Switched Networks Assistant Professor Pongpisit Wuttidittachotti,
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 10: DHCP Routing and Switching Essentials.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 10: DHCP Routing and Switching Essentials.
CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.

CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.
Lecture Week 7 Implementing IP Addressing Services.

Lecture Week 7 Implementing IP Addressing Services.
Enterprise Network Security Accessing the WAN Lecture week 4.

Enterprise Network Security Accessing the WAN Lecture week 4.
Andrew Smith 1 NAT and DHCP ( Network Address Translation and Dynamic Host Configuration Protocol )

Andrew Smith 1 NAT and DHCP ( Network Address Translation and Dynamic Host Configuration Protocol )
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Configuring Network Devices Working at a Small-to-Medium Business or.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Configuring Network Devices Working at a Small-to-Medium Business or.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 LAN Switching and Wireless Implement Inter-VLAN Routing Chapter 6 Modified.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 LAN Switching and Wireless Implement Inter-VLAN Routing Chapter 6 Modified.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
ICND2 – OSPF – Mark Lab Reset for lab 4 Configure 2 loopback interfaces on both routers –RTR1 – 10.X.X.2/32 and 10.X.X.3/32 (area X) –RTR2 – 10.X.X.4/32.

ICND2 – OSPF – Mark Lab Reset for lab 4 Configure 2 loopback interfaces on both routers –RTR1 – 10.X.X.2/32 and 10.X.X.3/32 (area X) –RTR2 – 10.X.X.4/32.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 Module Summary  Cisco routers operate at Layer 3, and their function is path determination.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 Module Summary  Cisco routers operate at Layer 3, and their function is path determination.

Similar presentations

Ads by Google