CCNA (R & S) Module 02 - Connecting Networks - Chapter 5
Download as pptx, pdf0 likes138 views
CCNA (R & S) Module 02 - Connecting Networks - Chapter 5 Network Security, Monitoring, LAN Security, SNMP, SPAN Overview, Connectivity
More Related Content
What's hot (20)
Similar to CCNA (R & S) Module 02 - Connecting Networks - Chapter 5 (20)
More from Waqas Ahmed Nawaz (14)
Recently uploaded (20)
CCNA (R & S) Module 02 - Connecting Networks - Chapter 5
- 1. © 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1 Chapter 5: Network Security and Monitoring Connecting Networks
- 2. Presentation_ID 2© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Chapter 5 - Sections & Objectives 5.1 LAN Security • Explain how to mitigate common LAN security. 5.2 SNMP • Configure SNMP to monitor network operations in a small to medium- sized business network. 5.3 Cisco Switch Port Analyzer (SPAN) • Troubleshoot a network problem using SPAN.
- 3. © 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 3 5.1 LAN Security
- 4. Presentation_ID 4© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential LAN Security LAN Security Attacks Common attacks against the Layer 2 LAN infrastructure include: • CDP Reconnaissance Attacks • Telnet Attacks • MAC Address Table Flooding Attacks • VLAN Attacks • DHCP Attacks
- 5. Presentation_ID 5© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential This topic covers several Layer 2 security solutions: • Mitigating MAC address table flooding attacks using port security • Mitigating VLAN attacks • Mitigating DHCP attacks using DHCP snooping • Securing administrative access using AAA • Securing device access using 802.1X port authentication LAN Security LAN Security Best Practices
- 6. Presentation_ID 6© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential There are several strategies to help secure Layer 2 of a network: • Always use secure variants of these protocols such as SSH, SCP, SSL, SNMPv3, and SFTP. • Always use strong passwords and change them often. • Enable CDP on select ports only. • Secure Telnet access. • Use a dedicated management VLAN where nothing but management traffic resides. • Use ACLs to filter unwanted access. LAN Security LAN Security Best Practices
- 7. © 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 7 5.2 SNMP
- 8. Presentation_ID 8© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential SNMP SNMP Operation SNMP allows administrators to manage and monitor devices on an IP network. SNMP Elements • SNMP Manager • SNMP Agent • MIB SNMP Operation • Trap • Get • Set
- 9. Presentation_ID 9© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential SNMP SNMP Operation SNMP Security Model and Levels
- 10. Presentation_ID 10© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential SNMP Configuring SNMP Configuration steps • Configure community string • Document location of device • Document system contact • Restrict SNMP Access • Specify recipient of SNMP Traps • Enable traps on SNMP agent
- 11. Presentation_ID 11© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential SNMP Configuring SNMP Securing SNMPv3
- 12. © 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 12 5.3 Cisco Switch Port Analyzer (SPAN)
- 13. Presentation_ID 13© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Cisco Switch Port Analyzer SPAN Overview Port mirroring • The port mirroring feature allows a switch to copy and send Ethernet frames from specific ports to the destination port connected to a packet analyzer. The original frame is still forwarded in the usual manner.
- 14. Presentation_ID 14© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Cisco Switch Port Analyzer SPAN Overview SPAN terminology
- 15. Presentation_ID 15© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Cisco Switch Port Analyzer SPAN Overview RSPAN terminology
- 16. Presentation_ID 16© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Cisco Switch Port Analyzer SPAN Configuration Use monitor session global configuration command
- 17. Presentation_ID 17© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Cisco Switch Port Analyzer SPAN as a Troubleshooting Tool SPAN allows administrators to troubleshoot network issues Administrator can use SPAN to duplicate and redirect traffic to a packet analyzer Administrator can analyze traffic from all devices to troubleshoot sub-optimal operation of network applications
- 18. © 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 18 5.4 Chapter Summary
- 19. Presentation_ID 19© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Chapter Summary Summary At Layer 2, a number of vulnerabilities exist that require specialized mitigation techniques: • MAC address table flooding attacks are addressed with port security. • VLAN attacks are controlled by disabling DTP and following basic guidelines for configuring trunk ports. • DHCP attacks are addressed with DHCP snooping. The SNMP protocol has three elements: the Manager, the Agent, and the MIB. The SNMP manager resides on the NMS, while the Agent and the MIB are on the client devices. • The SNMP Manager can poll the client devices for information, or it can use a TRAP message that tells a client to report immediately if the client reaches a particular threshold. SNMP can also be used to change the configuration of a device.
- 20. Presentation_ID 20© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Summary Continued SNMPv3 is the recommended version because it provides security. SNMP is a comprehensive and powerful remote management tool. Nearly every item available in a show command is available through SNMP. Switched Port Analyzer (SPAN) is used to mirror the traffic going to and/or coming from the host. It is commonly implemented to support traffic analyzers or IPS devices.
- 21. Presentation_ID 21© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
- 22. Presentation_ID 22© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential