en CCNAS v11 ch02 securing network devices

Tài liệu Interconnecting Cisco Network Devices P2 pptx

... server Network attached storage (NAS) makes storage available through a special network appliance Finally, storage area networks (SAN) provide a network of storage devices ■ Backup devices: A network ... can be shared include both input devices, such as cameras, and output devices, such as printers Chapter 1: Building a Simple Network ■ Network storage: Today the network makes storage available ... Securing the Network Today, corporate networks require access to the Internet and other public networks Most of these networks have several access points to public and other private networks, as...

Tài liệu Interconnecting Cisco Network Devices P1 ppt

... Guide Interconnecting Cisco Network Devices, Part (ICND1) Second Edition Steve McQuerry, CCIE No 6108 Cisco Press 800 East 96th Street Indianapolis, Indiana 46240 USA ii Interconnecting Cisco Network ... and Devices 443 Managing Cisco IOS Images 445 Managing Device Configuration Files 448 Cisco IOS copy Command 449 Using show and debug Commands on Cisco Devices 452 Summary of Managing Cisco Devices ... Cisco SDM 309 Cisco SDM Overview 309 Configuring Your Router to Support Cisco SDM 311 Start Cisco SDM 312 More Link 314 Configuration Overview 314 Cisco SDM Wizards 316 Summary of Using the Cisco...

Tài liệu Authorized Self-Study Guide Cisco Network Devices,Part 2 (ICND2 pdf

... VLAN 22 10 .2. 2.0 /24 For future growth Table 2- 4 10 .2. 3.0–10 .2. 255.0 Building C: VLANs and IP Subnets Department VLAN IP Subnet Address Finance VLAN 31 10.3.1.0 /24 Accounting VLAN 32 10.3 .2. 0 /24 ... Enterprise Network Example: Network Design 18 Considering Traffic Source to Destination Paths 20 Voice VLAN Essentials 22 VLAN Operation 23 Understanding Trunking with 8 02. 1Q 24 8 02. 1Q Frame 25 8 02. 1Q ... Configuring ACLs 22 2 Configuring Numbered Standard IPv4 ACLs 22 2 Example: Numbered Standard IPv4 ACL—Permit My Network Only 22 3 Example: Numbered Standard IPv4 ACL—Deny a Specific Host 22 4 Example:...

Tài liệu Cisco.press.interconnecting.cisco.network.devices doc

... cautions are also spread throughout the text In addition, you can ﬁnd many references to standards, documents, books, and websites to help you understand networking concepts At the end of each chapter, ... ■ Difﬁculty in management and support: A poorly designed network may be disorganized and poorly documented and lack easily identiﬁed trafﬁc ﬂows, which can make support, maintenance, and problem ... domain Delete the vlan.dat ﬁle and reload the switch to clear the VTP and VLAN information See documentation for your speciﬁc switch model to determine how to delete the vlan.dat ﬁle VTP Operation...

Interconnecting Cisco Network Devices, Part 1 (ICND1) docx

... Numbers 11 3 Summary of Understanding Ethernet 11 4 Connecting to an Ethernet LAN 11 5 Ethernet Network Interface Cards 11 5 Ethernet Media and Connection Requirements 11 6 Connection Media 11 6 Unshielded ... 10 7 Ethernet 10 8 Ethernet LAN Standards 10 8 LLC Sublayer 10 9 MAC Sublayer 10 9 The Role of CSMA/CD in Ethernet 10 9 Ethernet Frames 11 1 Ethernet Frame Addressing 11 2 Ethernet Addresses 11 3 MAC Addresses ... http://www.simpopdf.com Interconnecting Cisco Network Devices, Part (ICND1) Second Edition Steve McQuerry, CCIE No 610 8 Copyright© 2008 Cisco Systems, Inc Cisco Press logo is a trademark of Cisco Systems,...

en CCNAS v11 ch01 modern network security threats

... wide-open world of the Internet, the networks of today are more open © 2012 Cisco and/or its affiliates All rights reserved Threats • There are four primary classes of threats to network security: ... affiliates All rights reserved 31 Trends Driving Network Security • Increase of network attacks • Increased sophistication of attacks • Increased dependence on the network • Wireless access • Lack ... was a wake up call for network administrators – • It made it very apparent that network security administrators must patch their systems regularly If security patches had been applied in a timely...

143
4,656
2

en CCNAS v11 ch02 securing network devices

... be utilized: – Enforce minimum password length: security passwords min-length – Disable unattended connections: exec-timeout – Encrypt config file passwords: service password-encryption © 2012 ... occurs and when Authenticate access – Ensure that access is granted only to authenticated users, groups, and services – Limit the number of failed login attempts and the time between logins © ... reserved Enforcing Perimeter Security Policy • Routers are used to secure the network perimeter • Scenario 1: – • The router protects the LAN Router (R1) LAN Internet 192.168.2.0 Scenario Scenario...

179
4,730
2

en CCNAS v11 ch03 authentication, authorization, and accounting

... auxiliary, and console login, exec, and enable commands Packet (interface mode) Dial-up and VPN access including asynchronous and ISDN (BRI and PRI) ppp and network commands © 2012 Cisco and/ or its ... AAA Accounting Remote Client Cisco Secure ACS Server AAA Router 1.When a user has been authenticated, the AAA accounting process generates a start message to begin the accounting process 2.When ... Configuring Authentication • Specify which type of authentication to configure: – Login - enables AAA for logins on TTY, VTYs, and – Enable - enables AAA for EXEC mode access – PPP - enables AAA...

84
6,159
2

en CCNAS v11 ch04 implementing firewall technologies

... statement is added to the end Without sequence numbers the only way to add a statement between existing entries was to delete the ACL and recreate it • • Likewise, the only way to delete an entry ... to fully implement a security policy Order of statements: – ACLs have a policy of first match; when a statement is matched, the list is no longer examined – Ensure that statements at the top ... tcp any any eq 20 • Resequence if necessary • Use the no sequence-number command to delete a statement • Use the sequence-number {permit | deny} command to add a statement within the ACL R1(config)#...

136
5,206
1

en CCNAS v11 ch05 implementing intrusion prevention

... Event Monitoring and Management There are two key functions of event monitoring and management: Real-time event monitoring and management Analysis based on archived information (reporting) Event ... Features Sensors are connected to network segments A single sensor can monitor many hosts Sensors are network appliances tuned for intrusion detection analysis The operating system is “hardened.” ... event horizon to determine how long it looks for a specific attack signature when an initial signature component is detected Configuring the length of the event horizon is a tradeoff between...

102
4,640
1

en CCNAS v11 ch06 securing the local area network

... the frames to the wrong VLAN – The first switch strips the first tag off the frame and forwards the frame – The second switch then forwards the packet to the destination based on the VLAN identifier ... managing online users The Cisco NAM manages the Cisco NAS, which is the enforcement component of the Cisco NAC Appliance Cisco NAC Appliance Agent (NAA) – – Optional lightweight client for device-based ... access all the VLANs on the target switch Double-tagging VLAN attack by spoofing DTP messages from the attacking host to cause the switch to enter trunking mode • The attacker can then send traffic...

131
5,507
2

en CCNAS v11 ch07 cryptographic systems

... reserved Authentication • Data nonrepudiation is a similar service that allows the sender of a message to be uniquely identified • This means that a sender / device cannot deny having been the source ... Cipher • When Julius Caesar sent messages to his generals, he didn't trust his messengers • He encrypted his messages by replacing every letter: – A with a D – B with an E – and so on • His generals ... reserved 12 Vigenère Cipher • In 1586, Frenchman Blaise de Vigenère described a poly alphabetic system of encryption – It became known as the Vigenère Cipher • Based on the Caesar cipher, it encrypted...

159
4,752
2

en CCNAS v11 ch08 implementing virtual private networks

... Conventional Private Networks © 2012 Cisco and/or its affiliates All rights reserved 15 Virtual Private Networks © 2012 Cisco and/or its affiliates All rights reserved 16 VPNs • A Virtual Private Network ... does not provide confidentiality (encryption) – It is appropriate to use when confidentiality is not required or permitted – All text is transported unencrypted • It only ensures the origin of ... Only? Use IPsec VPN 31 Generic Routing Encapsulation (GRE) • GRE can encapsulate almost any other type of packet – Uses IP to create a virtual point-to-point link between Cisco routers – Supports...

169
4,429
3

en CCNAS v11 ch09 managing a secure network

... username scpADMIN privilege 15 password scpPa55W04D ip domain-name scp.cisco.com crypto key generate rsa general-keys modulus 1024 aaa new-model aaa authentication login default local aaa authorization ... steps: – Step Enable AAA with the aaa new-model global configuration command – Step Define a named list of authentication methods, with the aaa authentication login {default |list-name} method1 ... Risk Management and Risk Avoidance © 2012 Cisco and/or its affiliates All rights reserved 23 Risk Management and Risk Avoidance • When the threats are identified and the risks are assessed, a protection...

75
4,762
1

en CCNAS v11 ch10 implementing the cisco adaptive security appliance (ASA)

... the pre-installed licenses creates a permanent license – – The permanent license is activated by installing a permanent activation key using the activation-key command Only one permanent license ... conf t ciscoasa(config)# hostname CCNAS- ASA CCNAS- ASA(config)# domain-name ccnasecurity.com CCNAS- ASA(config)# enable password class CCNAS- ASA(config)# passwd cisco CCNAS- ASA(config)# © 2012 Cisco ... simple authentication is provided using the passwd command, securing Telnet access using AAA authentication and the local database is recommended • Use the following commands to enable AAA authentication:...

231
5,261
6

Xem thêm