1 / 50

Enterprise Network Security

Enterprise Network Security. Accessing the WAN – Chapter 4. Objectives. Describe the general methods used to mitigate security threats to Enterprise networks Configure Basic Router Security Explain how to disable unused Cisco router network services and interfaces

zwi
Download Presentation

Enterprise Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Enterprise Network Security Accessing the WAN– Chapter 4

  2. Objectives • Describe the general methods used to mitigate security threats to Enterprise networks • Configure Basic Router Security • Explain how to disable unused Cisco router network services and interfaces • Explain how to use Cisco SDM • Manage Cisco IOS devices

  3. Reconnaissance (also scouting) is a military and medical term denoting exploration conducted to gain information.

  4. What is a Security Policy? • A statement of rules by which people are given access to an organization’s technology and information assets to which they must abide

  5. Functions of a Security Policy • Protects people and information • Sets rules for specific behavior by users, system administrators, management and security personnel • Authorizes security personnel to monitor, probe and investigate • Defines and authorizes the consequences of violators

  6. Applying Cisco IOS Security Features to Routers • Manager router security • Secure remote administrative access to routers • Logging router activity • Secure venerable router services and interfaces • Secure router protocols • Control and filter network traffic

  7. Passphrase Examples “All people seem to need data processing” Apstndp “My favourite spy is James Bond 007” Mfsijb007 “It was the best of time, it was the worst of times” iwtbotiwtwot “Fly me to the moon and let me play among the start” fmttmalmpats

  8. Venerable Router Services

  9. Venerable Router Services

  10. Venerable Router Services

  11. Venerable Router Services

  12. Venerable Router Services

  13. Venerable Router Services

  14. Venerable Router Services

  15. Venerable Router Services

  16. Venerable Router Services

  17. Venerable Router Services

  18. SNMP, NTP, and DNS Vulnerabilities Protocol Vulnerability Versions 1 & 2 pass management information & community strings (passwords) in clear text Leaves listening ports open and vulnerable Can help attackers connect IP addresses to domain names • SNMP • NTP • DNS

  19. Security Device Manager (SDM)

  20. Cisco SDM Features • Imbedded web-based management tools • Intelligent wizards • Tools for more advanced users • ACL • VPN Crypto map editor • Cisco IOS CLI preview

  21. Cisco IOS Troubleshooting Commands SHOW Static Low overhead Gather facts DBUG Dynamic High overhead Observe Processes Processing Characteristic Processing load Primary use

  22. Summary • Security Threats to an Enterprise network include: • Unstructured threats • Structured threats • External threats • Internal threats • Methods to lessen security threats consist of: • Device hardening • Use of antivirus software • Firewalls • Download security updates

  23. Summary • Basic router security involves the following: • Physical security • Update and backup IOS • Backup configuration files • Password configuration • Logging router activity • Disable unused router interfaces & services to minimize their exploitation by intruders • Cisco SDM • A web based management tool for configuring security measures on Cisco routers

  24. Summary • Cisco IOS Integrated File System (IFS) • Allows for the creation, navigation & manipulation of directories on a cisco device

  25. END

More Related