© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v3.08-1 Minimizing Service Loss and Data Theft in a Campus Network Securing Network Switches.

Презентация:



Advertisements
Похожие презентации
© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Minimizing Service Loss and Data Theft in a Campus Network Protecting Against Spoof Attacks.
Advertisements

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Minimizing Service Loss and Data Theft in a Campus Network Understanding Switch Security.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v Managing IP Traffic with ACLs Configuring IP ACLs.
© 2006 Cisco Systems, Inc. All rights reserved. SND v Securing LAN and WLAN Devices Applying Security Policies to Network Switches.
© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Module Summary Key switch security issues should be identified on a switched network and.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Module Summary The multihomed customer network must exchange BGP information with both ISP.
© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Minimizing Service Loss and Data Theft in a Campus Network Describing STP Security Mechanisms.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v Managing IP Traffic with ACLs Introducing ACLs.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v BGP Overview Establishing BGP Sessions.
© 2006 Cisco Systems, Inc. All rights reserved.SNRS v Adaptive Threat Defense Examining Cisco IOS Firewall.
© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Implementing Inter-VLAN Routing Enabling Routing Between VLANs on a Multilayer Switch.
© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Minimizing Service Loss and Data Theft in a Campus Network Protecting Against VLAN Attacks.
© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Minimizing Service Loss and Data Theft in a Campus Network Preventing STP Forwarding Loops.
© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Implementing Inter-VLAN Routing Describing Routing Between VLANs.
© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Layer 2 Security Examining Layer 2 Attacks.
© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Structuring and Modularizing the Network Designing the Network Hierarchy.
© 2005 Cisco Systems, Inc. All rights reserved.INTRO v Module Summary The Cisco Discovery Protocol is an information-gathering tool used by network.
© 2006 Cisco Systems, Inc. All rights reserved.BCMSN v Implementing Spanning Tree Configuring Link Aggregation with EtherChannel.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Route Selection Using Policy Controls Using Multihomed BGP Networks.
© 2006 Cisco Systems, Inc. All rights reserved.BCMSN v Wireless LANs Describing WLAN Topologies.
Транксрипт:

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Minimizing Service Loss and Data Theft in a Campus Network Securing Network Switches

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Describing Vulnerabilities in CDP

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Describing Vulnerabilities in the Telnet Protocol The Telnet connection sends text unencrypted and potentially readable.

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Describing the Secure Shell Protocol SSH replaces the Telnet session with an encrypted connection.

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Describing vty ACLs Set up standard IP ACL. Use line configuration mode to filter access with the access-class command. Set identical restrictions on every vty line.

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Configures a standard IP access list Switch(config)#access-list access-list-number {permit | deny | remark} source [mask] Enters configuration mode for a vty or vty range Restricts incoming or outgoing vty connections to addresses in the ACL Switch(config-line)#access-class access-list-number in|out Switch(config)#line vty {vty# | vty-range} Describing Commands to Apply ACLs

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Best Practices: Switch Security Secure switch access: Set system passwords. Secure physical access to the console. Secure access via Telnet. Use SSH when possible. Configure system warning banners. Use Syslog if available.

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Best Practices: Switch Security (Cont.) Secure switch protocols: Trim CDP and use only as needed. Secure spanning tree. Mitigate compromises through a switch: Take precautions for trunk links. Minimize physical port access. Establish standard access port configuration for both unused and used ports.

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Summary CDP packets can expose some network information. Authentication information and data carried in Telnet sessions are vulnerable. SSH provides a more secure option for Telnet. vty ACLs should be used to limit Telnet access to switch devices. vty ACL configuration commands use standard IP ACL lists. Sound security measures and trimming of unused applications are the basis of best practices.

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v