Week 4 Security Concepts CCNA

Preview (26 of 84 Pages)

100%

Week 4 Security Concepts CCNA - Page 1 preview image

Loading page ...

iWHATYOUDOHERE.CONESTOGACOUNTSOUTTHERE.Week4:Week4:SecurityConcepts(BasicSecurityandBackups)NTWKS8031-ConfiguringRoutersandSwitches

Week 4 Security Concepts CCNA - Page 2 preview image

Loading page ...

CONESTOGACOUNTSOUTTHERE.WelcometoWeek4!Youshouldbefamiliarwithanumberofbasicsnow,butwe'llgooverafewmorethisweek.*Youshouldunderstandbasic10Scommands*Thevariouslevels(enable,conf't,interface)ofconfiguration*Theimportanceofsecurity

Week 4 Security Concepts CCNA - Page 3 preview image

Loading page ...

WHATYOUDOHERE...CONESTOGA1SOUTTHERE.Discussion!WhatdoyoubelievetobeimportantsecurityitemsinCiscoNetworkingHardware?AHERRa2LigEBpLje—|:ffLirswEr-11ve’oF>»7sEs)|.iY4¢iSEANY\JiaoKR(beh™glC82ri\?MierogJ),TYss=asa<Gl§FD)~\aGEmlFE7A]

Week 4 Security Concepts CCNA - Page 4 preview image

Loading page ...

i\WHATYOUDOHERE...CONESTOGACOUNISoutTHERE.Part0HOUSEKEEPING

Week 4 Security Concepts CCNA - Page 5 preview image

Loading page ...

CONESTOGACOUNTSOUTTHERE.AnyquestionsfromourfirstGradedLab?Thefirstgradedlabwashowourpracticalassignmentswillruninthisclass.Whileworth5%,itimportanttounderstandthatthiscourserequiresyoutopractice-hencewhysufficienttimeisgiventoyouaftereachlecture.~~YoucanalsopracticebyusingCiscoPacketTracer.

Week 4 Security Concepts CCNA - Page 6 preview image

Loading page ...

CONESTOGACOUNTSOUTTHERE.RequiredReading*YouwererequiredtoreadChapter12/AppendixCinourtextbook(atleasttocomprehendtheprinciples-moretobediscussedinWeek5)*Anyquestionsthatyouhavepertainingtothecontentcanbeaddressedattheendofthislecture

Week 4 Security Concepts CCNA - Page 7 preview image

Loading page ...

i\WHATYOUDOHERE...CONESTOGACOUNTSoutTHERE.Part1SECURITYBASICS-MOTD

Week 4 Security Concepts CCNA - Page 8 preview image

Loading page ...

&WHATYOUDOHERE..Let'sstartwiththebasics*Oneofthefirstthingsyoucandotocombatunwantedaccesstoyourequipmentistoensurepropernoticesandpolicies*MOTDs(Message-of-the-day)isaneffectivemechanismthatallowsyoutowarnusersthattheequipmenttheyareaccessingisrestricted,andto"turnback’*MOTDsareapplicableonroutersandswitches

Week 4 Security Concepts CCNA - Page 9 preview image

Loading page ...

cWHATYOUDOHERE...CONESTOGACOUNTSoutTHERE.HowtoconfigureanMOTDIntheConfigureTerminalmode,simplyenterthefollowing:bannermotd#ThisisprivateequipmentIfyoudon'tbelonghere,youmustleaveBewarned!#

Week 4 Security Concepts CCNA - Page 10 preview image

Loading page ...

.WHATYOUDOHERE...CONESTOGACOUNTSOUTTHERE.MOTD-configurationexplainedbannermotdisthecommand,weenterahashtag(#)afterthe'motd'parttospecifytheterminationcharacter.Itcanbeanycharacter(letter,number,ormostASCIIsymbols)bannermotd#‘Webeginourmessage,itcanbeoneormanylines.Asyoucanseebelow,themessageis3lineshereThisisprivateequipmentIfyoudon'tbelonghere,youmustleaveBewarned!Whenfinished,simplyentertheterminationcharacterandhitenter,thiswillfinishthebannerconfigurationmode

Week 4 Security Concepts CCNA - Page 11 preview image

Loading page ...

WHATYOUDOHERE..CONESTOGACUUNTDSoutTHERE.MOTD-ExampleSwitch(config)#¢bannermotd&EnterTEXTmessage.Endwiththecharacter'g$'.Pleasedonotaccessthiswithoutproperpermissionyouhavebeenwarned!

Week 4 Security Concepts CCNA - Page 12 preview image

Loading page ...

i\WHATYOUDOHERE...CONESTOGACOUNTSoutTHERE.Part2SECURITYBASICS-PASSWORDS

Week 4 Security Concepts CCNA - Page 13 preview image

Loading page ...

CONESTOGACOUNTSOUTTHERE.Passwords*Passwordsarethemostfundamentalsecuritymechanisms*Therearemultiplepasswordsthatcanbeusedandmultiplesecureloginmechanismsthatcanbeused*Advancedpasswordmechanismswillbediscussedaswell

Week 4 Security Concepts CCNA - Page 14 preview image

Loading page ...

&WHATYOUDOHERE.CONESTOGACOUNTSoutTHERE.Console/LinepasswordsTheCisco"Console"or"Line"passwordsarepasswordsthatareseenwhenyoutrytoconfiguretherouterorswitchfromtheConsolePort.Bydefault,youdonotseeanything.ItisadvisabletoenableConsole/Linepasswordsasyourfirstlineofdefencefromanyaccesstotheswitch

Week 4 Security Concepts CCNA - Page 15 preview image

Loading page ...

CONESTOGACOUNTSOUTTHERE.Enable-modepasswords*Thesepasswordsrestrictaccesstotheenablemode*Enable-modeiswhereyouhandlemostofthetheconfigurationsfortheswitch,includingallthecriticalconfigurations*Thisiswhereyouwillspendmostofyourtimeasanetworkadminconfiguringswitches/routers

Week 4 Security Concepts CCNA - Page 16 preview image

Loading page ...

2WHATYOUDOHERE...CONESTOGACOUNTSOUTTHERE.WhatcanyoudowithConsole/Lineaccess?Console/Lineaccessisbasically'user-level'commands.Theyarelimitedinnature,butallowyouaccesstosomecrucialinformation:*Viewingconfiguration-(showrunning-config)*Othersystemstatus(routingtables,vlans,etc)*Prettymuchallshowcommands*Theaboveassumesthattheenable-modehasapassword

Week 4 Security Concepts CCNA - Page 17 preview image

Loading page ...

CONESTOGACOUNTSOUTTHERE.DiscussionPoint*Discussion:Whatdangerscanbedonebyhavingaccesstotherunningconfig?*Ifamaliciouspartyaccessesyourinfrastructureandisabletogetacopyofrunning-config,whatcantheysee?*Whatpossiblefollow-upattackscantheylaunchusingtheinformationfromrunning-config?

Week 4 Security Concepts CCNA - Page 18 preview image

Loading page ...

2WHATYOUDOHERE...CONESTOGACOUNTSOUTTHERE.Beforewemoveontoconfiguration*ItisimportanttounderstandthatCiscodevicepasswordsarestoredasplaintextintheconfigurationfilesbydefault-TheEnablePasswordISencrypted(ifyouuseEnableSecret,notEnablePassword)*Passwordencryptionisnotenabledbydefault*Itmustbeenabledtoensurethatuserscannotseethemintheconfigurationfiles*Thisisdonethroughthecommand(enable>conf't)-servicepassword-encryption

Week 4 Security Concepts CCNA - Page 19 preview image

Loading page ...

WHATYOUDOHERE..CONESTOGACOUNTSOUTTHERE.Plaintextpasswords(andenablepassword)SwicengshowruninterfaceGigabitZthernetd/2DvrainterfaceVlanlBoneairdaiAviadke:noservicepassword-encryption!LEE.T—!passwordPasswordl23ylogin|linevty04spanning-treemodepvstloginDine.toneReteSoovemstdlinewey515interfaceFastZthernesd/1AogiaSwicens--More--

Week 4 Security Concepts CCNA - Page 20 preview image

Loading page ...

WHATYOUDOHERE..CONESTOGACOUNTSOUTTHERE.Encryptedpasswords(andenablesecret)BuildingconfigurationinterfaceGigabitZthernetd/2version15.0noipsdiivensnoservicetimestampslogdatetimemsecshutdowneoel[ETaaiarapassword708114DSDIAOEOAOBLESASESTlinevey04easRidSessahat

Week 4 Security Concepts CCNA - Page 21 preview image

Loading page ...

CONESTOGACOUNTSOUTTHERE.Type7vs5PasswordsYoumayseethatthepasswords(EnableSecretandtheLineCon0Passwords)havea7or5infront*Theseindicatethelevelofencryption*7isalegacycypher-Vigenere*5isnotactuallyencryption-it'shashing-MD5tobeprecise-Hashingisone-wayandnon-reversable

Week 4 Security Concepts CCNA - Page 22 preview image

Loading page ...

.WHATYOUDOHERE...CONESTOGACOUNTSOUTTHERE.PasswordCommandsandConfigurationBeforewegototheactualcommands,let'sdiscussafewfinalthingsaboutpasswords*Line/consolepasswordsareplaintextbydefault*Enablepasswordswhicharesetviaenablepasswordareplaintextbydefault*EnablepasswordswhicharesetviaenablesecretareMD5(type5)passwordsbydefault*Usingtheservicepassword-encryptionwillconvertallplaintextpasswordstotype7(Vigenere)-YouCANNOTforcetype5encryptionwiththiscommand.AllplaintextpasswordswillbeusingVigenere* Vigenereisaweakmethodofencryptionandhasalreadybeencracked!

Week 4 Security Concepts CCNA - Page 23 preview image

Loading page ...

CONESTOGACOUNTSOUTTHERE.VigenereVulnerabilities*Thecypherisold-thefirstdescriptionofitdatesbackto1553*Useswell-knownkey*Decryptionistrivialwithtoday'stechnology*Ifconfigurationfilesarecompromised(...whichmeansyouhaveseriousissues)-thePasswordfortheconsolecanbeexposed(whichmayalsobethesameenablepassword...)

Week 4 Security Concepts CCNA - Page 24 preview image

Loading page ...

cWHATYOUDOHERE...CONESTOGACOUNTSOUTTHERE.PasswordConfigurations-ConsoleAsdiscussed,Consolesecuresyourphysicalconnection(theconsoleport)Thefirstcommand(lineconsole0)selectsthefirstconsoleport(mostCiscodeviceshaveonlyoneconsoleport,butinrarecases,theremaybemore-i.e.supervisormodules,etc)lineconsole0Thesecondcommandsetsapassword.Thecommand"password"isfollowedbythepasswordofourchoosing-inthiscasePassword123passwordPassword123Lastly-the'login’commandenablestheloginprocess.Withoutthis,thepasswordwillnotbeappliedandtheuserwillnotseealoginpromptlogin

Week 4 Security Concepts CCNA - Page 25 preview image

Loading page ...

&WHATYOUDOHERE..CONESTOGACOUNTSOUTTHERE.FinalnotesonConsoleConfigurations*YoumayknowthattherearemultiplemethodstologintoCiscoequipment=Console(Serial/Rollovercable)*SomenewerswitchesuseaUSB-Serialinterface,bypassingthelegacySerialPort(orUSBadapterdongleandrollovercable)-SSHandTelnet*Allmethodsusetheirownauthenticationmethodandtheconsole/terminaldoesnotapplytoSSHandTelnet*Again-worthmentioningisthatpasswords,evenwithservicepassword-encryptionarestilldecryptablequiteeasily(providedyouhavetherunningconfig,orstartupconfig)

Week 4 Security Concepts CCNA - Page 26 preview image

Loading page ...

CONESTOGACOUNTSOUTTHERE.Enable-modepasswords*Enable-modepasswordsaresimpletoenable*Therearetwotypes-aplaintext(withoptionalVigenere-cipherencryption*Or-thepreferred-MD5-basedPasswordenablepassword{password}enablesecret{password}

Preview Mode

This document has 84 pages. Sign in to access the full document!

Report

Study Now!

Document Details

Related Documents

Dump4Cisco CCNA CyberOps Associate 200-201

CCNA 1 - Introduction to Networks

CCNA 1 v7

CCNA 1 v7

9TUT CCNA Exam 102 Questions

CCNA Module Quiz Number Systems & IP Addressing

CCNA 4 Pretest Part 2

CCNA Week 1 Networks Basic Configuration

CCNA Exam Review Fundamentals12 Stamped

CCNA Exam Review Fundamentals 16-710 Stamped

Company

Explore

Study Tools