Presentation is loading. Please wait.

Presentation is loading. Please wait.

Configuring AAA requires four basic steps: 1.Enable AAA (new-model). 2.Configure security server network parameters. 3.Define one or more method lists.

Published byDinah Whitehead Modified over 8 years ago

Similar presentations

Presentation on theme: "Configuring AAA requires four basic steps: 1.Enable AAA (new-model). 2.Configure security server network parameters. 3.Define one or more method lists."— Presentation transcript:

1 Configuring AAA requires four basic steps: 1.Enable AAA (new-model). 2.Configure security server network parameters. 3.Define one or more method lists for AAA authentication. 4.Apply the method lists to a particular interface or line.

2 Verify that SSH access is configured. Verify that HTTP access is disabled Verify that explicitly defined protocols allowed for incoming and outgoing sessions. Verify that access-class ACLs are used to control the sources from which sessions are going to be permitted. Verify idle session timeout

3 As a security best practice, any unnecessary service must be disabled. By default, TCP and UDP small services are disabled in IOS software releases 12.0 and later. See reference material for full listing service that should be disabled. Review configuration files to verify that unnecessary services have been disabled.

4 The commands tcp−keepalives−in and tcp−keepalives−out enable a device to send/receive TCP keep alives for TCP sessions. This ensures that the device on the remote end of the connection is still accessible and that half−open or orphaned connections are removed from the local Cisco device. Review the config file to verify that keepalives have been configured.

5 If NTP is used, it is important to explicitly configure a trusted time source. Accurate and reliable time is required for syslog purposes, such as during forensic investigations of potential attacks. Review the configuration to verify the following: Router has been configured to be a NTP client The NTP source interface has been configured One or more NTP servers have been configured. ACL has been established to permit NTP to device.

6 SNMP provides information on that status or condition of network devices. SNMPv3 provides secure access to devices by authenticating and optionally encrypting packets over the network. Community strings are passwords that are applied to an IOS device to restrict access. Default community string for read−only “public” Default community string for read-write “private”

7 Community strings should be treated like a password, chose carefully and change at regular intervals. An ACL can be applied that further restricts SNMP access to a select group of source IP addresses Verify that SNMPv3 is implemented with encryption. Verify that ACLs are used to restrict access

8 Event logging provides visibility into the operation of a Cisco IOS device and the network into which it is deployed. Each log message generated by Cisco device is assigned a severity level, 0 (emergency) – 7(debug).

Download ppt "Configuring AAA requires four basic steps: 1.Enable AAA (new-model). 2.Configure security server network parameters. 3.Define one or more method lists."

Similar presentations

Cisco Device Hardening Disabling Unused Cisco Router Network Services and Interfaces.

Cisco Device Hardening Disabling Unused Cisco Router Network Services and Interfaces.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Securing the Router Chris Cunningham.

Securing the Router Chris Cunningham.
Filtering and Security By Mohammad Shanehsaz June 2004.

Filtering and Security By Mohammad Shanehsaz June 2004.
CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.

CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.
Implementing a Highly Available Network

Implementing a Highly Available Network
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Configuring and Testing Your Network Network Fundamentals – Chapter 11.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Configuring and Testing Your Network Network Fundamentals – Chapter 11.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Enterprise Network Security Accessing the WAN Lecture week 4.

Enterprise Network Security Accessing the WAN Lecture week 4.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control 172.16.3.0172.16.4.0 Non-172.16.0.0 e0e1 s0 172.16.4.13 server.

CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control Non e0e1 s server.
1 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, U.S./Canada Equipping Today’s Instructors for Tomorrow’s.

1 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, U.S./Canada Equipping Today’s Instructors for Tomorrow’s.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Securing Network Services.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Securing Network Services.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.

Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Router Hardening Nancy Grover, CISSP ISC2/ISSA Security Conference November 2004.

Router Hardening Nancy Grover, CISSP ISC2/ISSA Security Conference November 2004.

Similar presentations

Ads by Google