Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

The Internet and Its Uses

Enterprise Network
Security
Accessing the WAN – Chapter 4
ITE I Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
1
Objectives

Describe the general methods used to mitigate
security threats to Enterprise networks

Configure Basic Router Security

Explain how to disable unused Cisco router network
services and interfaces

Explain how to use Cisco SDM

Manage Cisco IOS devices
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
2
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
3
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
4
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
5
Reconnaissance (also scouting) is a military and medical
term denoting exploration conducted to gain information
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
.
6
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
7
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
8
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
9
What is a Security Policy?
 A statement of rules by which people are given access
to an organization’s technology and information assets
to which they must abide
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
10
Functions of a Security Policy
 Protects people and information
 Sets rules for specific behavior by users, system
administrators, management and security personnel
 Authorizes security personnel to monitor, probe and
investigate
 Defines and authorizes the consequences of violators
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
11
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
12
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
13
Applying Cisco IOS Security Features to
Routers
1. Manager router security
2. Secure remote administrative access to routers
3. Logging router activity
4. Secure venerable router services and interfaces
5. Secure router protocols
6. Control and filter network traffic
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
14
Passphrase Examples
“All people seem to need data processing”
Apstndp
“My favourite spy is James Bond 007”
Mfsijb007
“It was the best of time, it was the worst of times”
iwtbotiwtwot
“Fly me to the moon and let me play among the start”
fmttmalmpats
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
15
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
16
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
17
Venerable Router Services
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
18
Venerable Router Services
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
19
Venerable Router Services
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
20
Venerable Router Services
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
21
Venerable Router Services
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
22
Venerable Router Services
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
23
Venerable Router Services
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
24
Venerable Router Services
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
25
Venerable Router Services
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
26
Venerable Router Services
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
27
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
28
SNMP, NTP, and DNS Vulnerabilities
Protocol
Vulnerability
 SNMP
Versions 1 & 2 pass management information &
community strings (passwords) in clear text
 NTP
Leaves listening ports open and vulnerable
 DNS
Can help attackers connect IP addresses to
domain names
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
29
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
30
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
31
Security Device Manager (SDM)
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
32
Cisco SDM Features
 Imbedded web-based management tools
 Intelligent wizards
 Tools for more advanced users
ACL
VPN Crypto map editor
Cisco IOS CLI preview
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
33
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
34
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
35
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
36
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
37
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
38
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
39
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
40
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
41
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
42
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
43
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
44
Cisco IOS Troubleshooting Commands
ITE 1 Chapter 6
SHOW
DBUG
Processing Characteristic
Static
Dynamic
Processing load
Low overhead
High overhead
Primary use
Gather facts
Observe Processes
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
45
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
46
Summary
 Security Threats to an Enterprise network include:
–Unstructured threats
–Structured threats
–External threats
–Internal threats
 Methods to lessen security threats consist of:
–Device hardening
–Use of antivirus software
–Firewalls
–Download security updates
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
47
Summary
 Basic router security involves the following:
–Physical security
–Update and backup IOS
–Backup configuration files
–Password configuration
–Logging router activity
 Disable unused router interfaces & services to minimize
their exploitation by intruders
 Cisco SDM
–A web based management tool for configuring security
measures on Cisco routers
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
48
Summary
 Cisco IOS Integrated File System (IFS)
–Allows for the creation, navigation & manipulation of
directories on a cisco device
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
49
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
50
Related documents
WWW+Internet+networking - Edulink
WWW+Internet+networking - Edulink
10_2_1_2 Worksheet - Answer Security Policy Questions
10_2_1_2 Worksheet - Answer Security Policy Questions
DOCX - Christopher Polanish
DOCX - Christopher Polanish
Cisco 2611 Router
Cisco 2611 Router
Download