Gttr
Páginas: 47 (11629 palabras)
Publicado: 9 de mayo de 2012
CCNA Security
Chapter 2 Lab A: Securing the Router for Administrative Access
Topology
[pic]
Note: ISR G2 devices use GigabitEthernet interfaces instead of FastEthernet Interfaces.
IP Addressing Table
|Device | |IP Address |Subnet Mask |Default Gateway | |
| |Interface || | |Switch Port |
|R1 |Fa0/1 |192.168.1.1 |255.255.255.0 |N/A |S1 Fa0/5 |
| |S0/0/0 (DCE) |10.1.1.1 |255.255.255.252 |N/A |N/A |
|R2 |S0/0/0|10.1.1.2 |255.255.255.252 |N/A |N/A |
| |S0/0/1 (DCE) |10.2.2.2 |255.255.255.252 |N/A |N/A |
|R3 |Fa0/1 |192.168.3.1 |255.255.255.0 |N/A |S3 Fa0/5 |
| |S0/0/1|10.2.2.1 |255.255.255.252 |N/A |N/A |
|PC-A |NIC |192.168.1.3 |255.255.255.0 |192.168.1.1 |S1 Fa0/6 |
|PC-C |NIC |192.168.3.3 |255.255.255.0 |192.168.3.1 |S3 Fa0/18 |
Objectives
Part 1:Basic Network Device Configuration
• Cable the network as shown in the topology.
• Configure basic IP addressing for routers and PCs.
• Configure static routing, including default routes.
• Verify connectivity between hosts and routers.
Part 2: Control Administrative Access for Routers
• Configure and encrypt all passwords.
• Configure a login warning banner.
• Configureenhanced username password security.
• Configure enhanced virtual login security.
• Configure an SSH server on a router.
• Configure an SSH client and verify connectivity.
Part 3: Configure Administrative Roles
• Create multiple role views and grant varying privileges.
• Verify and contrast views.
Part 4: Configure Cisco IOS Resilience and Management Reporting
• Secure theCisco IOS image and configuration files.
• Configure a router as a synchronized time source for other devices using NTP.
• Configure Syslog support on a router.
• Install a Syslog server on a PC and enable it.
• Configure trap reporting on a router using SNMP.
• Make changes to the router and monitor syslog results on the PC.
Part 5: Configure Automated Security Features
•Lock down a router using AutoSecure and verify the configuration.
• Use the CCP Security Audit tool to identify vulnerabilities and to lock down services.
• Contrast the AutoSecure configuration with CCP.
Background/Scenario
The router is a key component that controls the movement of data into and out of the network and between devices within the network. It is particularly importantto protect network routers because the failure of a routing device could make sections of the network or the entire network inaccessible. Controlling access to routers and enabling reporting on routers are critical to network security and should be part of a comprehensive security policy.
In this lab, you build a multi-router network and configure the routers and hosts. You use various CLIand CCP tools to secure local and remote access to the routers, analyze potential vulnerabilities, and take steps to mitigate them. You also enable management reporting to monitor router configuration changes.
The router commands and output in this lab are from Cisco 1841s using Cisco IOS software, release 12.4(20)T (advanced IP image). Other routers and Cisco IOS versions can be used. See...
Chapter 2 Lab A: Securing the Router for Administrative Access
Topology
[pic]
Note: ISR G2 devices use GigabitEthernet interfaces instead of FastEthernet Interfaces.
IP Addressing Table
|Device | |IP Address |Subnet Mask |Default Gateway | |
| |Interface || | |Switch Port |
|R1 |Fa0/1 |192.168.1.1 |255.255.255.0 |N/A |S1 Fa0/5 |
| |S0/0/0 (DCE) |10.1.1.1 |255.255.255.252 |N/A |N/A |
|R2 |S0/0/0|10.1.1.2 |255.255.255.252 |N/A |N/A |
| |S0/0/1 (DCE) |10.2.2.2 |255.255.255.252 |N/A |N/A |
|R3 |Fa0/1 |192.168.3.1 |255.255.255.0 |N/A |S3 Fa0/5 |
| |S0/0/1|10.2.2.1 |255.255.255.252 |N/A |N/A |
|PC-A |NIC |192.168.1.3 |255.255.255.0 |192.168.1.1 |S1 Fa0/6 |
|PC-C |NIC |192.168.3.3 |255.255.255.0 |192.168.3.1 |S3 Fa0/18 |
Objectives
Part 1:Basic Network Device Configuration
• Cable the network as shown in the topology.
• Configure basic IP addressing for routers and PCs.
• Configure static routing, including default routes.
• Verify connectivity between hosts and routers.
Part 2: Control Administrative Access for Routers
• Configure and encrypt all passwords.
• Configure a login warning banner.
• Configureenhanced username password security.
• Configure enhanced virtual login security.
• Configure an SSH server on a router.
• Configure an SSH client and verify connectivity.
Part 3: Configure Administrative Roles
• Create multiple role views and grant varying privileges.
• Verify and contrast views.
Part 4: Configure Cisco IOS Resilience and Management Reporting
• Secure theCisco IOS image and configuration files.
• Configure a router as a synchronized time source for other devices using NTP.
• Configure Syslog support on a router.
• Install a Syslog server on a PC and enable it.
• Configure trap reporting on a router using SNMP.
• Make changes to the router and monitor syslog results on the PC.
Part 5: Configure Automated Security Features
•Lock down a router using AutoSecure and verify the configuration.
• Use the CCP Security Audit tool to identify vulnerabilities and to lock down services.
• Contrast the AutoSecure configuration with CCP.
Background/Scenario
The router is a key component that controls the movement of data into and out of the network and between devices within the network. It is particularly importantto protect network routers because the failure of a routing device could make sections of the network or the entire network inaccessible. Controlling access to routers and enabling reporting on routers are critical to network security and should be part of a comprehensive security policy.
In this lab, you build a multi-router network and configure the routers and hosts. You use various CLIand CCP tools to secure local and remote access to the routers, analyze potential vulnerabilities, and take steps to mitigate them. You also enable management reporting to monitor router configuration changes.
The router commands and output in this lab are from Cisco 1841s using Cisco IOS software, release 12.4(20)T (advanced IP image). Other routers and Cisco IOS versions can be used. See...
Leer documento completo
Regístrate para leer el documento completo.