CramX Logo
RegisterLog in
Week 4 Security Concepts CCNA - Document preview page 1

Week 4 Security Concepts CCNA - Page 1

Document preview content for Week 4 Security Concepts CCNA

Week 4 Security Concepts CCNA

Covers basic IOS commands, configuration levels (enable, conf t, interface), and essential security concepts including backups to ensure router and switch protection.

Daniel Miller
Contributor
0.0
0
11 months ago
Preview (26 of 84 Pages)
100%
Log in to unlock
Page 1 of 26
Week 4 Security Concepts CCNA - Page 1 preview imageiWHATYOUDOHERE.CONESTOGACOUNTSOUTTHERE.Week4:Week4:SecurityConcepts(BasicSecurityandBackups)NTWKS8031-ConfiguringRoutersandSwitches
Page 2 of 26
Week 4 Security Concepts CCNA - Page 2 preview imageCONESTOGACOUNTSOUTTHERE.WelcometoWeek4!Youshouldbefamiliarwithanumberofbasicsnow,butwe'llgooverafewmorethisweek.*Youshouldunderstandbasic10Scommands*Thevariouslevels(enable,conf't,interface)ofconfiguration*Theimportanceofsecurity
Page 3 of 26
Week 4 Security Concepts CCNA - Page 3 preview imageWHATYOUDOHERE...CONESTOGA1SOUTTHERE.Discussion!WhatdoyoubelievetobeimportantsecurityitemsinCiscoNetworkingHardware?AHERRa2LigEBpLje—|:ffLirswEr-11veoF7sEs)|.iY4¢iSEANY\JiaoKR(behglC82ri\?MierogJ),TYss=asa<Gl§FD)~\aGEmlFE7A]
Page 4 of 26
Week 4 Security Concepts CCNA - Page 4 preview imagei\WHATYOUDOHERE...CONESTOGACOUNISoutTHERE.Part0HOUSEKEEPING
Page 5 of 26
Week 4 Security Concepts CCNA - Page 5 preview imageCONESTOGACOUNTSOUTTHERE.AnyquestionsfromourfirstGradedLab?Thefirstgradedlabwashowourpracticalassignmentswillruninthisclass.Whileworth5%,itimportanttounderstandthatthiscourserequiresyoutopractice-hencewhysufficienttimeisgiventoyouaftereachlecture.~~YoucanalsopracticebyusingCiscoPacketTracer.
Page 6 of 26
Week 4 Security Concepts CCNA - Page 6 preview imageCONESTOGACOUNTSOUTTHERE.RequiredReading*YouwererequiredtoreadChapter12/AppendixCinourtextbook(atleasttocomprehendtheprinciples-moretobediscussedinWeek5)*Anyquestionsthatyouhavepertainingtothecontentcanbeaddressedattheendofthislecture
Page 7 of 26
Week 4 Security Concepts CCNA - Page 7 preview imagei\WHATYOUDOHERE...CONESTOGACOUNTSoutTHERE.Part1SECURITYBASICS-MOTD
Page 8 of 26
Week 4 Security Concepts CCNA - Page 8 preview image&WHATYOUDOHERE..Let'sstartwiththebasics*Oneofthefirstthingsyoucandotocombatunwantedaccesstoyourequipmentistoensurepropernoticesandpolicies*MOTDs(Message-of-the-day)isaneffectivemechanismthatallowsyoutowarnusersthattheequipmenttheyareaccessingisrestricted,andto"turnback’*MOTDsareapplicableonroutersandswitches
Page 9 of 26
Week 4 Security Concepts CCNA - Page 9 preview imagecWHATYOUDOHERE...CONESTOGACOUNTSoutTHERE.HowtoconfigureanMOTDIntheConfigureTerminalmode,simplyenterthefollowing:bannermotd#ThisisprivateequipmentIfyoudon'tbelonghere,youmustleaveBewarned!#
Page 10 of 26
Week 4 Security Concepts CCNA - Page 10 preview image.WHATYOUDOHERE...CONESTOGACOUNTSOUTTHERE.MOTD-configurationexplainedbannermotdisthecommand,weenterahashtag(#)afterthe'motd'parttospecifytheterminationcharacter.Itcanbeanycharacter(letter,number,ormostASCIIsymbols)bannermotd#‘Webeginourmessage,itcanbeoneormanylines.Asyoucanseebelow,themessageis3lineshereThisisprivateequipmentIfyoudon'tbelonghere,youmustleaveBewarned!Whenfinished,simplyentertheterminationcharacterandhitenter,thiswillfinishthebannerconfigurationmode
Page 11 of 26
Week 4 Security Concepts CCNA - Page 11 preview imageWHATYOUDOHERE..CONESTOGACUUNTDSoutTHERE.MOTD-ExampleSwitch(config)#¢bannermotd&EnterTEXTmessage.Endwiththecharacter'g$'.Pleasedonotaccessthiswithoutproperpermissionyouhavebeenwarned!
Page 12 of 26
Week 4 Security Concepts CCNA - Page 12 preview imagei\WHATYOUDOHERE...CONESTOGACOUNTSoutTHERE.Part2SECURITYBASICS-PASSWORDS
Page 13 of 26
Week 4 Security Concepts CCNA - Page 13 preview imageCONESTOGACOUNTSOUTTHERE.Passwords*Passwordsarethemostfundamentalsecuritymechanisms*Therearemultiplepasswordsthatcanbeusedandmultiplesecureloginmechanismsthatcanbeused*Advancedpasswordmechanismswillbediscussedaswell
Page 14 of 26
Week 4 Security Concepts CCNA - Page 14 preview image&WHATYOUDOHERE.CONESTOGACOUNTSoutTHERE.Console/LinepasswordsTheCisco"Console"or"Line"passwordsarepasswordsthatareseenwhenyoutrytoconfiguretherouterorswitchfromtheConsolePort.Bydefault,youdonotseeanything.ItisadvisabletoenableConsole/Linepasswordsasyourfirstlineofdefencefromanyaccesstotheswitch
Page 15 of 26
Week 4 Security Concepts CCNA - Page 15 preview imageCONESTOGACOUNTSOUTTHERE.Enable-modepasswords*Thesepasswordsrestrictaccesstotheenablemode*Enable-modeiswhereyouhandlemostofthetheconfigurationsfortheswitch,includingallthecriticalconfigurations*Thisiswhereyouwillspendmostofyourtimeasanetworkadminconfiguringswitches/routers
Page 16 of 26
Week 4 Security Concepts CCNA - Page 16 preview image2WHATYOUDOHERE...CONESTOGACOUNTSOUTTHERE.WhatcanyoudowithConsole/Lineaccess?Console/Lineaccessisbasically'user-level'commands.Theyarelimitedinnature,butallowyouaccesstosomecrucialinformation:*Viewingconfiguration-(showrunning-config)*Othersystemstatus(routingtables,vlans,etc)*Prettymuchallshowcommands*Theaboveassumesthattheenable-modehasapassword
Page 17 of 26
Week 4 Security Concepts CCNA - Page 17 preview imageCONESTOGACOUNTSOUTTHERE.DiscussionPoint*Discussion:Whatdangerscanbedonebyhavingaccesstotherunningconfig?*Ifamaliciouspartyaccessesyourinfrastructureandisabletogetacopyofrunning-config,whatcantheysee?*Whatpossiblefollow-upattackscantheylaunchusingtheinformationfromrunning-config?
Page 18 of 26
Week 4 Security Concepts CCNA - Page 18 preview image2WHATYOUDOHERE...CONESTOGACOUNTSOUTTHERE.Beforewemoveontoconfiguration*ItisimportanttounderstandthatCiscodevicepasswordsarestoredasplaintextintheconfigurationfilesbydefault-TheEnablePasswordISencrypted(ifyouuseEnableSecret,notEnablePassword)*Passwordencryptionisnotenabledbydefault*Itmustbeenabledtoensurethatuserscannotseethemintheconfigurationfiles*Thisisdonethroughthecommand(enable>conf't)-servicepassword-encryption
Page 19 of 26
Week 4 Security Concepts CCNA - Page 19 preview imageWHATYOUDOHERE..CONESTOGACOUNTSOUTTHERE.Plaintextpasswords(andenablepassword)SwicengshowruninterfaceGigabitZthernetd/2DvrainterfaceVlanlBoneairdaiAviadke:noservicepassword-encryption!LEE.T—!passwordPasswordl23ylogin|linevty04spanning-treemodepvstloginDine.toneReteSoovemstdlinewey515interfaceFastZthernesd/1AogiaSwicens--More--
Page 20 of 26
Week 4 Security Concepts CCNA - Page 20 preview imageWHATYOUDOHERE..CONESTOGACOUNTSOUTTHERE.Encryptedpasswords(andenablesecret)BuildingconfigurationinterfaceGigabitZthernetd/2version15.0noipsdiivensnoservicetimestampslogdatetimemsecshutdowneoel[ETaaiarapassword708114DSDIAOEOAOBLESASESTlinevey04easRidSessahat
Page 21 of 26
Week 4 Security Concepts CCNA - Page 21 preview imageCONESTOGACOUNTSOUTTHERE.Type7vs5PasswordsYoumayseethatthepasswords(EnableSecretandtheLineCon0Passwords)havea7or5infront*Theseindicatethelevelofencryption*7isalegacycypher-Vigenere*5isnotactuallyencryption-it'shashing-MD5tobeprecise-Hashingisone-wayandnon-reversable
Page 22 of 26
Week 4 Security Concepts CCNA - Page 22 preview image.WHATYOUDOHERE...CONESTOGACOUNTSOUTTHERE.PasswordCommandsandConfigurationBeforewegototheactualcommands,let'sdiscussafewfinalthingsaboutpasswords*Line/consolepasswordsareplaintextbydefault*Enablepasswordswhicharesetviaenablepasswordareplaintextbydefault*EnablepasswordswhicharesetviaenablesecretareMD5(type5)passwordsbydefault*Usingtheservicepassword-encryptionwillconvertallplaintextpasswordstotype7(Vigenere)-YouCANNOTforcetype5encryptionwiththiscommand.AllplaintextpasswordswillbeusingVigenere* Vigenereisaweakmethodofencryptionandhasalreadybeencracked!
Page 23 of 26
Week 4 Security Concepts CCNA - Page 23 preview imageCONESTOGACOUNTSOUTTHERE.VigenereVulnerabilities*Thecypherisold-thefirstdescriptionofitdatesbackto1553*Useswell-knownkey*Decryptionistrivialwithtoday'stechnology*Ifconfigurationfilesarecompromised(...whichmeansyouhaveseriousissues)-thePasswordfortheconsolecanbeexposed(whichmayalsobethesameenablepassword...)
Page 24 of 26
Week 4 Security Concepts CCNA - Page 24 preview imagecWHATYOUDOHERE...CONESTOGACOUNTSOUTTHERE.PasswordConfigurations-ConsoleAsdiscussed,Consolesecuresyourphysicalconnection(theconsoleport)Thefirstcommand(lineconsole0)selectsthefirstconsoleport(mostCiscodeviceshaveonlyoneconsoleport,butinrarecases,theremaybemore-i.e.supervisormodules,etc)lineconsole0Thesecondcommandsetsapassword.Thecommand"password"isfollowedbythepasswordofourchoosing-inthiscasePassword123passwordPassword123Lastly-the'login’commandenablestheloginprocess.Withoutthis,thepasswordwillnotbeappliedandtheuserwillnotseealoginpromptlogin
Page 25 of 26
Week 4 Security Concepts CCNA - Page 25 preview image&WHATYOUDOHERE..CONESTOGACOUNTSOUTTHERE.FinalnotesonConsoleConfigurations*YoumayknowthattherearemultiplemethodstologintoCiscoequipment=Console(Serial/Rollovercable)*SomenewerswitchesuseaUSB-Serialinterface,bypassingthelegacySerialPort(orUSBadapterdongleandrollovercable)-SSHandTelnet*Allmethodsusetheirownauthenticationmethodandtheconsole/terminaldoesnotapplytoSSHandTelnet*Again-worthmentioningisthatpasswords,evenwithservicepassword-encryptionarestilldecryptablequiteeasily(providedyouhavetherunningconfig,orstartupconfig)
Page 26 of 26
Week 4 Security Concepts CCNA - Page 26 preview imageCONESTOGACOUNTSOUTTHERE.Enable-modepasswords*Enable-modepasswordsaresimpletoenable*Therearetwotypes-aplaintext(withoptionalVigenere-cipherencryption*Or-thepreferred-MD5-basedPasswordenablepassword{password}enablesecret{password}
Preview Mode

This document has 84 pages. Sign in to access the full document!

Study Now!

X-Copilot AI
Unlimited Access
Secure Payment
Instant Access
24/7 Support
Document Chat

Document Details

Subject
Cisco Certified Network Associate

Related Documents

View all
Past Exams

Dump4Cisco CCNA CyberOps Associate 200-201

Past Exams

CCNA 1 - Introduction to Networks

Past Exams

CCNA 1 v7

Class Notes

CCNA 1 v7

Past Exams

9TUT CCNA Exam 102 Questions

Past Exams

CCNA Module Quiz Number Systems & IP Addressing

Past Exams

CCNA 4 Pretest Part 2

Class Notes

CCNA Week 1 Networks Basic Configuration

Past Exams

CCNA Exam Review Fundamentals12 Stamped

Past Exams

CCNA Exam Review Fundamentals 16-710 Stamped