Configuring AAA requires four basic steps: 1.Enable AAA (new-model). 2.Configure security server network parameters. 3.Define one or more method lists.

Slides:



Advertisements
Similar presentations
Cisco Device Hardening Disabling Unused Cisco Router Network Services and Interfaces.
Advertisements

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Securing the Router Chris Cunningham.
Filtering and Security By Mohammad Shanehsaz June 2004.
CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.
Implementing a Highly Available Network
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Configuring and Testing Your Network Network Fundamentals – Chapter 11.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Enterprise Network Security Accessing the WAN Lecture week 4.
COEN 252: Computer Forensics Router Investigation.
CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control Non e0e1 s server.
1 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, U.S./Canada Equipping Today’s Instructors for Tomorrow’s.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Securing Network Services.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Router Hardening Nancy Grover, CISSP ISC2/ISSA Security Conference November 2004.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
CLI modes Accessing the configuration Basic configuration (hostname and DNS) Authentication and authorization (AAA) Log collection Time Synchronization.
© 2002, Cisco Systems, Inc. All rights reserved..
CLI modes Accessing the configuration Basic configuration (hostname and DNS) Authentication and authorization (AAA) Log collection Time Synchronization.
TCP/SYN Attack – use ACL to allow traffic from TCP connections that were established from the internal network and block packets from an external network.
1 © 2007 Cisco Systems, Inc. All rights reserved.Cisco Public Remote access typically involves allowing telnet, SSH connections to the router Remote requires.
Cisco Configuration Elements Network Monitoring and Management Tutorial.
User Access to Router Securing Access.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Network Security 2 Module 7 – Secure Network Architecture and Management.
Access-Lists Securing Your Router and Protecting Your Network.
© 2015 Mohamed Samir YouTube channel All rights reserved. Samir Part V: Monitoring Campus Networks.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Page 1 Chapter 11 CCNA2 Chapter 11 Access Control Lists : Creating ACLs, using Wildcard Mask Bits, Standard and Extended ACLs.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 6 City College.
Chapter 3: Authentication, Authorization, and Accounting
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.
1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture.
Verify that timestamps for debugging and logging messages has been enabled. Verify the severity level of events that are being captured. Verify that the.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Configuring and Testing Your Network Network Fundamentals – Chapter.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 ver.2 Module 8 City College.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Basic Switch Configurations.
Will learn to use router modes and configuration methods to update a router's configuration file with current and prior versions of Cisco Internetwork.
Carlos Armas Roundtrip Networks Hervey Allen NSRC.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
CCNA4 Perrine / Brierley Page 12/20/2016 Chapter 05 Access Control Non e0e1 s server.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Establishing BGP Sessions.
Configuring and Testing Your Network Network Fundamentals.
Cisco Exam Questions IMPLEMENTING CISCO IOS NETWORK SECURITY (IINS V2.0) VERSION: Presents: 1.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.
Instructor Materials Chapter 8: DHCP
Instructor Materials Chapter 5: Network Security and Monitoring
100% Exam Passing Guarantee & Money Back Assurance
Working at a Small-to-Medium Business or ISP – Chapter 8
The sign of success.
Implementing Network Access Protection
Chapter 10: DHCP Routing & Switching Chapter 10: DHCP
Chapter 2: Basic Switching Concepts and Configuration
Configuring and Testing Your Network
NAT , Device Discovery Chapter 9 , chapter 10.
1Y0-253 Exam Implementing Citrix NetScaler 10.5 for App and Desktop Solutions
Chapter 5: Network Security and Monitoring
Chapter 5: Switch Configuration
– Chapter 3 – Device Security (B)
Routing and Switching Essentials v6.0
Chapter 8: Monitoring the Network
– Chapter 3 – Device Security (B)
Presentation transcript:

Configuring AAA requires four basic steps: 1.Enable AAA (new-model). 2.Configure security server network parameters. 3.Define one or more method lists for AAA authentication. 4.Apply the method lists to a particular interface or line.

Verify that SSH access is configured. Verify that HTTP access is disabled Verify that explicitly defined protocols allowed for incoming and outgoing sessions. Verify that access-class ACLs are used to control the sources from which sessions are going to be permitted. Verify idle session timeout

As a security best practice, any unnecessary service must be disabled. By default, TCP and UDP small services are disabled in IOS software releases 12.0 and later. See reference material for full listing service that should be disabled. Review configuration files to verify that unnecessary services have been disabled.

The commands tcp−keepalives−in and tcp−keepalives−out enable a device to send/receive TCP keep alives for TCP sessions. This ensures that the device on the remote end of the connection is still accessible and that half−open or orphaned connections are removed from the local Cisco device. Review the config file to verify that keepalives have been configured.

If NTP is used, it is important to explicitly configure a trusted time source. Accurate and reliable time is required for syslog purposes, such as during forensic investigations of potential attacks. Review the configuration to verify the following: Router has been configured to be a NTP client The NTP source interface has been configured One or more NTP servers have been configured. ACL has been established to permit NTP to device.

SNMP provides information on that status or condition of network devices. SNMPv3 provides secure access to devices by authenticating and optionally encrypting packets over the network. Community strings are passwords that are applied to an IOS device to restrict access. Default community string for read−only “public” Default community string for read-write “private”

Community strings should be treated like a password, chose carefully and change at regular intervals. An ACL can be applied that further restricts SNMP access to a select group of source IP addresses Verify that SNMPv3 is implemented with encryption. Verify that ACLs are used to restrict access

Event logging provides visibility into the operation of a Cisco IOS device and the network into which it is deployed. Each log message generated by Cisco device is assigned a severity level, 0 (emergency) – 7(debug).

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.