Presentation is loading. Please wait.

Presentation is loading. Please wait.

Understanding Switch Security

Published byGloria Dorsey Modified over 5 years ago

Similar presentations

Presentation on theme: "Understanding Switch Security"— Presentation transcript:

1 Understanding Switch Security
Ethernet LANs

2 Common Threats to Physical Installations
Hardware threats Environmental threats Electrical threats Maintenance threats

3 Configuring a Switch Password
Layer 2 of 2 Emphasize: The router has one enable password. Remember that this is your only protection. Whoever owns this password can do anything with the router, so be careful about communicating this password to others. To provide an additional layer of security, particularly for passwords that cross the network or are stored on a TFTP server, you can use either the enable password or enable secret commands. Both commands accomplish the same thing; that is, they allow you to establish an encrypted password that users must enter to access enable mode (the default), or any privilege level you specify. Cisco recommends that you use the enable secret command because it uses an improved encryption algorithm. Use the enable password command only if you boot an older image of the Cisco IOS software, or if you boot older boot ROMs that do not recognize the enable secret command. If you configure the enable secret password, it is used instead of the enable password, not in addition to it. Cisco supports password encryption. Turn on password encryption using the service password-encryption command. Then enter the desired passwords for encryption. Immediately, on the next line, enter the no service password-encryption command. Only those passwords that are set between the two commands will be encrypted. If you enter service password-encryption and then press Ctrl-Z to exit, all passwords will be encrypted. Note: Password recovery is not covered in the course materials. Refer the students to the IMCR class.

4 Configuring the Login Banner
Defines and enables a customized banner to be displayed before the username and password login prompts. SwitchX# banner login " Access for authorized users only. Please enter your username and password. "

5 Telnet vs. SSH Access Telnet Most common access method Insecure
SSH-encrypted !– The username command create the username and password for the SSH session Username cisco password cisco ip domain-name mydomain.com crypto key generate rsa ip ssh version 2 line vty 0 4 login local transport input ssh

6 Configuring Port Security
Cisco Catalyst 2960 Series SwitchX(config-if)#switchport port-security [ mac-address mac-address | mac-address sticky [mac-address] | maximum value | violation {restrict | shutdown | protect }] SwitchX(config)#interface fa0/5 SwitchX(config-if)#switchport mode access SwitchX(config-if)#switchport port-security SwitchX(config-if)#switchport port-security maximum 1 SwitchX(config-if)#switchport port-security mac-address sticky [H.H.H.H] SwitchX(config-if)#switchport port-security violation shutdown [protect/restrict] - shutdown: port ở trạng thái off và tạo log. - protect: port ở trạng thái on nhưng hủy dữ liệu nhận và không tạo log - restrict: port ở trạng thái on nhưng hủy dữ liệu nhận và tạo log Layer 2 of 2 Note: When the switch-sticky learns a MAC address on a secured port, the switch will make that MAC address a permanent address.

7 Verifying Port Security on the Catalyst 2960 Series
SwitchX#show port-security [interface interface-id] [address] [ | {begin | exclude | include} expression] SwitchX#show port-security interface fastethernet 0/5 Port Security              : Enabled Port Status                : Secure-up Violation Mode             : Shutdown Aging Time                 : 20 mins Aging Type                 : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses      : 1 Total MAC Addresses        : 1 Configured MAC Addresses   : 0 Sticky MAC Addresses       : 0 Last Source Address        :  Security Violation Count   : 0 Layer 2 of 2 Emphasize: The default action is “suspend.”

8 Verifying Port Security on the Catalyst 2960 Series (Cont.)
SwitchX#sh port-security address Secure Mac Address Table Vlan Mac Address Type Ports Remaining Age (mins) dddd.eeee SecureConfigured Fa0/ Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 1024 Layer 2 of 2 Emphasize: The default action is “suspend.” SwitchX#sh port-security Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count) Fa0/ Shutdown Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 1024

9 Securing Unused Ports Unsecured ports can create a security hole.
A switch plugged into an unused port will be added to the network. Secure unused ports by disabling interfaces (ports).

10 Disabling an Interface (Port)
SwitchX(config-int)# shutdown To disable an interface, use the shutdown command in interface configuration mode. To restart a disabled interface, use the no form of this command.

11 Summary The first level of security is physical.
Passwords can be used to limit access to users that have been given the password. The login banner can be used to display a message before the user is prompted for a username. Telnet sends session traffic in cleartext; SSH encrypts the session traffic. Port security can be used to limit MAC addresses to a port. Unused ports should be shut down.

12

Download ppt "Understanding Switch Security"

Similar presentations

Mitigating Layer 2 Attacks

Mitigating Layer 2 Attacks
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Common Layer 2 Attacks and Countermeasures.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Common Layer 2 Attacks and Countermeasures.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-1 Ethernet LANs Starting a Switch.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-1 Ethernet LANs Starting a Switch.
Ch. 6 – Switch Configuration CCNA 3 version 3.0. 2 Overview Identify the major components of a Catalyst switch Monitor switch activity and status using.

Ch. 6 – Switch Configuration CCNA 3 version Overview Identify the major components of a Catalyst switch Monitor switch activity and status using.
Ch. 7 – Switch Configuration

Ch. 7 – Switch Configuration
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Understanding Switch Security Issues.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Understanding Switch Security Issues.
CCNA 2 v3.1 Module 2.

CCNA 2 v3.1 Module 2.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Securing Network Services.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Securing Network Services.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Initial Switch Configuration Internetworking Fundamentals Instructor: Abdirahman I. Abdi.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Initial Switch Configuration Internetworking Fundamentals Instructor: Abdirahman I. Abdi.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—1-1 Configuring Catalyst Switch Operations Configuring a Catalyst Switch.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—1-1 Configuring Catalyst Switch Operations Configuring a Catalyst Switch.
1 Semester 2 Module 3 Configuring a Router Yuda college of business James Chen

1 Semester 2 Module 3 Configuring a Router Yuda college of business James Chen
1 © 2004, Cisco Systems, Inc. All rights reserved. Chapter 6 Configuring a Router/ Learning About Other Devices/ Managing Cisco IOS Software.

1 © 2004, Cisco Systems, Inc. All rights reserved. Chapter 6 Configuring a Router/ Learning About Other Devices/ Managing Cisco IOS Software.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 Module Summary  Cisco routers operate at Layer 3, and their function is path determination.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 Module Summary  Cisco routers operate at Layer 3, and their function is path determination.
Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.

Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.
Module 6 – Switch Configuration CCNA 3 Cabrillo College.

Module 6 – Switch Configuration CCNA 3 Cabrillo College.
Cisco Router & Switch Configuration 1. Configuration modes:  Global configuration mode –SwitchX#configure terminal –SwitchX(config)#  Interface configuration.

Cisco Router & Switch Configuration 1. Configuration modes:  Global configuration mode –SwitchX#configure terminal –SwitchX(config)#  Interface configuration.
LAN Switching and Wireless – Chapter 2

LAN Switching and Wireless – Chapter 2
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Configure a Switch LAN Switching and Wireless – Chapter 2.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Configure a Switch LAN Switching and Wireless – Chapter 2.
Saeed Darvish Pazoki – MCSE, CCNA Abstracted From: Cisco Press – ICND 1 – Chapter 9 Ethernet Switch Configuration 1.

Saeed Darvish Pazoki – MCSE, CCNA Abstracted From: Cisco Press – ICND 1 – Chapter 9 Ethernet Switch Configuration 1.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Module 6 1 Basic Switch Concept Prepared by: Akhyari Nasir Resources form Internet.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Module 6 1 Basic Switch Concept Prepared by: Akhyari Nasir Resources form Internet.

Similar presentations

Ads by Google