Professional Documents
Culture Documents
Primer Parcial Merged
Primer Parcial Merged
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Upon completion of this section, you should be able to:
• Explain zero-day attacks.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Advantages of an IDS:
• Works passively
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
IPS:
• Implemented in an inline mode
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Advantages IDS: Advantages IPS:
• No impact on network • Stops trigger packets
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Cisco IPS AIM and Network
Module Enhanced (IPS NME)
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Factors affecting the IPS sensor selection and deployment:
• Amount of network traffic
• Network topology
• Security budget
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Promiscuous Mode
Inline Mode
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Traffic Sniffing Using
a Hub
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Cisco SPAN Commands:
• Monitor session command – used to associate a source port and a destination
port with a SPAN session.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Upon completion of the section, you should be able to:
• Understand IPS signature characteristics
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
A signature is a set of rules that an IDS and an IPS use to detect typical
intrusion activity.
Signatures have three distinct attributes:
• Type
• Trigger (alarm)
• Action
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Signatures are categorized as either:
• Atomic – this simplest type of signature consists of a single packet, activity, or
event that is examined to determine if it matches a configured signature. If
yes, an alarm is triggered and a signature action is performed.
• Composite – this type of signature identifies a sequence of operations
distributed across multiple hosts over an arbitrary period of time.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
• As new threats are identified, new signatures must be created and
uploaded to an IPS.
• A signature file contains a package of network signatures.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Cisco IOS defines five micro-engines:
• Atomic – Signatures that examine simple packets.
• Service – Signatures that examine the many services that are attacked.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Benefits:
• It uses underlying routing
infrastructure to provide an
additional layer of security.
• It is inline and is supported on a
broad range of routing platforms.
• It provides threat protection at all
entry points to the network when
used in combination with Cisco
IDS, Cisco IOS Firewall, VPN,
and NAC solutions
• The size of the signature
database used by the devices
can be adapted to the amount of
available memory in the router.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Understanding Alarm Types:
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Summary of Action Categories:
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Generating an Alert:
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Logging the Activity:
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Dropping or Preventing the Activity:
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Resetting the Connection and Blocking the Activity:
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
IPS Planning and Monitoring Considerations:
• Management method
• Event correlation
• Security staff
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Goals of global correlation:
• Dealing intelligently with alerts to improve effectiveness
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Network participation gathers the following data:
• Signature ID
• Attacker IP address
• Attacker port
• Victim IP address
• Victim port
• Signature version
• Reputation score
• Risk rating
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Upon completion of this section, you should be able to:
• Understand how to configure Cisco IOS IPS with CLI
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
Step 1. Download the IOS IPS files.
Step 2. Create an IOS IPS configuration directory in Flash.
Step 3. Configure an IOS IPS crypto key.
Step 4. Enable IOS IPS.
Step 5. Load the IOS IPS signature package to the router.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
Retiring an Individual Signature:
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Show commands to verify the IOS IPS configuration:
• show ip ips
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Chapter Objectives:
• Describe IPS technologies and how they are implemented.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Thank you.
• Remember, there are
helpful tutorials and user
guides available via your
NetSpace home page. 1
(https://www.netacad.com) 2
• These resources cover a
variety of topics including
navigation, assessments,
and assignments.
• A screenshot has been
provided here highlighting
the tutorials related to
activating exams, managing
assessments, and creating
quizzes.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Chapter 4:
Implementing Firewall
Technologies
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Upon completion of this section, you should be able to:
• Configure standard and extended IPv4 ACLs using CLI.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Standard Numbered ACL Syntax
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Syntax - Apply an ACL
to an interface
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Syntax - Apply an ACL to the VTY lines
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Existing access list has three entries
Access list has been edited, which adds a new ACE and replaces ACE line
20.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Existing access list has four entries
Access list has been edited, which adds a new ACE that permits a specific IP
address.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Upon completion of this section, you should be able to:
• Explain how firewalls are used to help secure networks.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
All firewalls:
• Are resistant to attack
• Are the only transit point
between networks
because all traffic flows
through the firewall
• Enforce the access
control policy
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Packet Filtering Firewall Application Gateway Firewall
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Stateful Firewalls State Tables
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
• Granular identification, visibility, and control of behaviors within applications
• Restricting web and web application use based on the reputation of the site
• Enforcement of policies based on the user, device, role, application type, and threat profile
• Use of an IPS
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
1. Choose the internal and
external interfaces.
2. Configure ACLs for each
interface.
Inspection Rules
3. Define inspection rules.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Considerations for network defense:
• Network core security
• Perimeter security
• Endpoint security
• Communications security
• Deny all traffic by default. Permit only services that are needed.
• Remember that firewalls primarily protect from technical attacks originating from the
outside.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Upon completion of this section, you should be able to:
• Explain how Zone-Based Policy Firewalls are used to help secure a network.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
• Not dependent on ACLs
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Common designs include:
• LAN-to-Internet
• Redundant firewalls
• Complex firewalls
Design steps:
1. Determine the zones
2. Establish policies between zones
3. Design the physical infrastructure
4. Identify subsets within zones and merge traffic requirements
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
• Inspect - Configures Cisco IOS stateful packet inspections.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Command Syntax for
class-map
Sub-Configuration
Command Syntax for
class-map
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Example class-map Configuration
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Command Syntax for
policy-map
Example policy-map
Configuration
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Command Syntax for
zone-pair and
service-policy
Example service-policy
Configuration
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
Verification commands:
• show run | begin class-map
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
Chapter Objectives:
• Implement ACLs to filter traffic and mitigate network attacks on a network.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Thank you.
• Remember, there are
helpful tutorials and user
guides available via your
NetSpace home page. 1
(https://www.netacad.com) 2
• These resources cover a
variety of topics including
navigation, assessments,
and assignments.
• A screenshot has been
provided here highlighting
the tutorials related to
activating exams, managing
assessments, and creating
quizzes.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Chapter 3:
Authentication, Authorization,
and Accounting
3.6 Summary
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Upon completion of this section, you should be able to:
• Explain why AAA is critical to network security.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Telnet is Vulnerable to Brute-Force Attacks
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
SSH and Local Database Method
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Local AAA
Authentication
Server-Based
AAA Authentication
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
AAA Authorization
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Types of accounting information:
• Network
• Connection
• Command
• Resource
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Upon completion of this section, you should be able to:
• Configure AAA authentication, using the CLI, to validate users against a local
database.
• Troubleshoot AAA authentication that validates users against a local database.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
1. Add usernames and passwords to the local router database for users that
need administrative access to the router.
2. Enable AAA globally on the router.
3. Configure AAA parameters on the router.
4. Confirm and troubleshoot the AAA configuration.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Example Local AAA Authentication
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Command
Syntax
Display Locked
Out Users
Show Unique ID
of a Session
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Debug Local AAA Authentication
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Understanding Debug Output
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Upon completion of this section, you should be able to:
• Describe the benefits of server-based AAA.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Local authentication:
Server-based authentication:
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
TACACS+ Authentication Process
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
RADIUS Authentication Process
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Cisco Secure ACS
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Upon completion of this section, you should be able to:
• Configure server-based AAA authentication, using the CLI, on Cisco routers.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
1. Enable AAA.
2. Specify the IP address of the ACS server.
3. Configure the secret key.
4. Configure authentication to use either the RADIUS or
TACACS+ server.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Server-Based AAA
Reference Topology
Configure a AAA
TACACS+ Server
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Configure a AAA RADIUS Server
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Command Syntax
Configure Server-Based
AAA Authentication
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Troubleshooting Server-Based AAA Authentication
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Troubleshooting RADIUS
Troubleshooting TACACS+
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
AAA Server-Based
Authentication Success
AAA Server-Based
Authentication Failure
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Upon completion of this section, you should be able to:
• Configure server-based AAA authorization.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Authentication vs. Authorization
• Authentication ensures a device or end-user is legitimate
• Authorization allows or disallows authenticated users access to certain
areas and programs on the network.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Command Syntax
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Command Syntax
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
802.1X Roles
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Command Syntax for dot1x port-control
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Chapter Objectives:
• Explain how AAA is used to secure a network.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Thank you.
• Remember, there are
helpful tutorials and user
guides available via your
NetSpace home page. 1
(https://www.netacad.com) 2
• These resources cover a
variety of topics including
navigation, assessments,
and assignments.
• A screenshot has been
provided here highlighting
the tutorials related to
activating exams, managing
assessments, and creating
quizzes.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
Chapter 2:
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Upon completion of this section, you should be able to:
• Explain how to secure a network perimeter.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Single Router Approach
DMZ Approach
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Tasks:
• Restrict device accessibility
• Authenticate access
• Authorize actions
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Local Access Remote Access Using Telnet
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Dedicated Management Network
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Guidelines:
• Use a password length of 10 or more characters.
• Include a mix of uppercase and lowercase letters, numbers, symbols, and spaces.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Guidelines:
• Configure all secret passwords using type 8 or type 9 passwords
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Virtual login security enhancements:
• Implement delays between
successive login attempts
• Enable login shutdown if DoS
attacks are suspected
• Generate system-logging
messages for login detection
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Command Syntax: login block-for
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Generate Login Syslog Messages
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Example SSH Configuration
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Two ways to connect:
• Enable SSH and use a Cisco router as an SSH server or SSH client.
As a server, the router can accept SSH client connections
As a client, the router can connect via SSH to another SSH-enabled router
• Use an SSH client running on a host, such as PuTTY, OpenSSH, or TeraTerm.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Upon completion of this section, you should be able to:
• Configure administrative privilege levels to control command availability.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Privilege levels: Levels of access commands:
• Level 0: Predefined for user-level access privileges. • User EXEC mode (privilege level 1)
Lowest EXEC mode user privileges
• Level 1: Default level for login with the router prompt.
Only user-level command available at the router> prompt
• Level 2-14: May be customized for user-level privileges.
• Privileged EXEC mode (privilege level 15)
• Level 15: Reserved for the enable mode privileges.
All enable-level commands at the router# prompt
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
• No access control to specific interfaces, ports, logical interfaces, and
slots on a router
• Commands available at lower privilege levels are always executable at
higher privilege levels
• Commands specifically set at higher privilege levels are not available
for lower privilege users
• Assigning a command with multiple keywords allows access to all
commands that use those
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
For example:
• Security operator privileges
Configure AAA
Issue show commands
Configure firewall
Configure IDS/IPS
Configure NetFlow
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Step 1
Step 2
Step 3
Step 4
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Step 1
Step 2
Step 3
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Enable Root View and Verify All Views
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Upon completion of this section, you should be able to:
• Use the Cisco IOS resilient configuration feature to secure the Cisco IOS
image and configuration files.
• Compare in-band and out-of band management access.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Configure the router for server-side SCP with local AAA:
1. Configure SSH
3. Enable AAA
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
1. Connect to the console port.
5. Change the default configuration register with the confreg 0x2142 command.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Disable Password Recovery
Password Recovery
Functionality is Disabled
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
In-Band Management:
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Security Levels
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Step 1
Step 2 (optional)
Step 3
Step 4
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
Cisco MIB
Hierarchy
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Message integrity & authentication
Encryption
Access control
• Agent may enforce access control to restrict each principal to certain actions on specific
portions of data.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
Sample NTP Topology
Sample NTP
Configuration on R1
Sample NTP
Configuration on R2
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
Upon completion of this section, you should be able to:
• Use security audit tools to determine IOS-based router vulnerabilities.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
There is a detailed list of security settings for protocols and services
provided in Figure 2 of this page in the course.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
1. The auto secure command is entered
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
Upon completion of this section, you should be able to:
• Configure a routing protocol authentication.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
Consequences of protocol spoofing:
• Redirect traffic to create routing loops.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
Chapter Objectives:
• Configure secure administrative access.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
Thank you.
• Remember, there are
helpful tutorials and user
guides available via your
NetSpace home page. 1
(https://www.netacad.com) 2
• These resources cover a
variety of topics including
navigation, assessments,
and assignments.
• A screenshot has been
provided here highlighting
the tutorials related to
activating exams, managing
assessments, and creating
quizzes.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
Chapter 1:
Modern Network Security Threats
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Upon completion of this section, you should be able to:
• Describe the current network security landscape.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Common network security terms:
• Threat
• Vulnerability
• Mitigation
Cisco Security Intelligence Operations
• Risk
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Vectors of data loss:
• Email/Webmail
• Unencrypted Devices
• Removable Media
• Hard Copy
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Outside perimeter security:
• On-premise security officers
• Security traps
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
VM-specific threats: Components of a secure data center:
• Hyperjacking • Secure segmentation
• PIN enforcement
• Data wipe
• Jailbreak/root detection
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Upon completion of the section, you should be able to:
• Describe the evolution of network security.
• Describe malware.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Modern hacking titles:
• Script Kiddies
• Vulnerability Brokers
• Hacktivists
• Cyber Criminals
• State-Sponsored
Hackers
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Penetration testing tools:
• Password crackers • Forensic
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Network hacking attacks:
• Eavesdropping
• Data modification
• IP address spoofing
• Password-based
• Denial-of-service
• Man-in-the-middle
• Compromised-key
• Sniffer
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Classifications:
• Security software disabler
• Remote-access
• Data-sending
• Destructive
• Proxy
• FTP
• DoS
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Initial Code Red Worm Infection
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Components:
1.
Propagate
• Enabling vulnerability for 19 days
• Propagation mechanism
• Payload
4.
Code Red 2.
Launch DoS
Repeat the
cycle
Worm attack for
next 7 days
Propagation
3.
Stop and go
dormant for
a few days
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Ransomware Scareware
Spyware Phishing
Adware Rootkits
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Data
Modification
Syn Flood
Smurf
Attack
Reconnaissance
Access
DoS
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
• Initial query of a target
• Vulnerability scanners
• Exploitation tools
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
A few reasons why hackers use access attacks:
• To retrieve data
• To gain access
• Trust exploitation
• Port redirection
• Man-in-the-middle
• Buffer overflow
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
• Pretexting
• Phishing
• Spearphishing
• Spam
• Tailgating
• Baiting
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
1. Hacker builds a network of infected machines
• A network of infected hosts is called a botnet.
• The compromised computers are called zombies.
• Zombies are controlled by handler systems.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Upon completion of this section, you should be able to::
• Describe methods and resources to protect the networks.
• Explain how to secure the three functional areas of Cisco routers and switches.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Confidentiality:
Uses encryption to
encrypt and hide
data.
Components
of
Cryptography
Availability:
Integrity:
Assures data is
Uses hashing
accessible.
algorithms to
Guaranteed by
ensure data is
network hardening
unaltered during
mechanisms and
operation.
backup systems.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
• Risk assessment
• Security policy
• Asset management
• Access control
• Compliance
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
Server Edge
and Branch
SecureX
Secure Secure
Access Mobility
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Cisco SecureX Architecture:
• Scanning engines
• Delivery mechanisms
• Next-generation endpoint
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Defines security policies based on five parameters:
• Type of device being used for access
• Person’s identity
• Application in use
• Location
• Time of access
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
Best practices:
• Develop a written security policy.
• Educate employees about the risks of social engineering, and develop strategies to
validate identities over the phone, via email, or in person.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Containment
Inoculation Quarantine
Treatment
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Chapter Objectives:
• Explain network security.
• Explain tools and procedures to mitigate the effects of malware and common
network attacks.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
Thank you.
• Remember, there are
helpful tutorials and user
guides available via your
NetSpace home page. 1
(https://www.netacad.com) 2
• These resources cover a
variety of topics including
navigation, assessments,
and assignments.
• A screenshot has been
provided here highlighting
the tutorials related to
activating exams, managing
assessments, and creating
quizzes.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 67