© 2007 Cisco Systems, Inc. All rights reserved.SNRS v2.03-1 Cisco Network Foundation Protection Securing the Management Plane.

Презентация:



Advertisements
Похожие презентации
© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Cisco Network Foundation Protection Introducing Cisco NFP.
Advertisements

© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Module Summary Cisco NFP includes protection of the control, management, and data planes. CPPr.
© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Cisco Network Foundation Protection Securing the Control Plane.
© 2005 Cisco Systems, Inc. All rights reserved.INTRO v Module Summary The Cisco Discovery Protocol is an information-gathering tool used by network.
© 2006 Cisco Systems, Inc. All rights reserved.SND v Module Summary Routers play an important role in ensuring that network perimeters are secure;
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Module Summary Attacks can target various components of modern networks, such as system integrity,
© 2006 Cisco Systems, Inc. All rights reserved.SNRS v Adaptive Threat Defense Examining Cisco IOS Firewall.
© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Module Summary IPsec is designed to provide interoperable, high-quality, cryptographically.
© 2005 Cisco Systems, Inc. All rights reserved. INTRO v Module Summary The Cisco IOS software platform is implemented on most Cisco hardware platforms,
© 2006 Cisco Systems, Inc. All rights reserved.IP6FD v IPv6 Services Using Cisco IOS Software Features.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v Module Summary Using ACLs, you can classify or filter packets on inbound and outbound routed.
© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Implementing Inter-VLAN Routing Enabling Routing Between VLANs on a Multilayer Switch.
© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Adaptive Threat Defense Configuring Cisco IOS Firewall Authentication Proxy.
© 2006 Cisco Systems, Inc. All rights reserved. SND v Securing the Perimeter Disabling Unused Cisco Router Network Services and Interfaces.
© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Module Summary Cisco Secure ACS can be used as AAA server to manage identity. Cisco IBNS uses.
© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Layer 2 Security Examining Layer 2 Attacks.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Module Summary CSA MC enables you to configure groups, to ease host management and security.
© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Layer 2 Security Configuring DHCP Snooping.
© 2005 Cisco Systems, Inc. All rights reserved.INTRO v Managing Your Network Environment Discovering Neighbors on the Network.
© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Minimizing Service Loss and Data Theft in a Campus Network Securing Network Switches.
Транксрипт:

© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Cisco Network Foundation Protection Securing the Management Plane

© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Protocols of the Management Plane Telnet SNMP SSH HTTP HTTPS

© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Tools Used to Secure the Management Plane Cisco MPP feature for Cisco IOS Release 12.4(6)T SSH access only ACLs on the vty ports Cisco IOS Software login enhancement Role-based CLI views

© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Cisco IOS MPP AttackerAdministrator Denied! Fa0/0 Fa0/1

© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Securing the Management Plane router(config)# control-plane host router(config-cp-host)# management-interface FastEthernet 0/0 allow ssh snmp Administrator Fa0/0

© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Verifying MPP router# show management-interface Management interface FastEthernet0/0 Protocol Packets processed ssh 84 snmp 1203 Administrator Fa0/0

© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Summary The management plane performs management functions for a network device. Several tools are available to secure the management plane. The Cisco MPP feature allows you to designate one or more router interfaces as management interfaces. There are three steps used to configure MPP. Use the show management-interface command to verify MPP.

© 2007 Cisco Systems, Inc. All rights reserved.SNRS v2.03-8