CCNA 7: LAN Security

CCNA 7 LAN Security-ppt Download

  • Date:15 Aug 2020
  • Views:16
  • Downloads:0
  • Size:6.95 MB

Share Presentation : CCNA 7 LAN Security

Download and Preview : CCNA 7 LAN Security

Report CopyRight/DMCA Form For : CCNA 7 LAN Security


Transcription:

CCNA 7 Switch Security ConfigurationCisco Networking AcademyDecember 2019 IPD Week NetAcadIPDhttp cs co IPD20.
NetAcad com 2019 Cisco and or its affiliates All rights reserved Technical Session1 CCNA v7 Modules2 End Point Security.
3 L2 Security4 Next Steps 2019 Cisco and or its affiliates All rights reserved 2019 Cisco and or its affiliates All rights reserved CCNA 7 0 Course Outlines.
CCNA v7 Course 1 CCNA v7 Course 2 CCNA v7 Course 3Networking Today Basic Device Configuration Single Area OSPFv2 ConceptsBasic Switch and End Device Switching Concepts Single Area OSPFv2Configuration VLANs ConfigurationProtocol Models Inter VLAN Routing WAN Concepts.
Physical Layer STP Network Security ConceptsNumber SystemsEtherchannel ACL ConceptsData Link LayerEthernet Switching ACLs for IPv4 Configuration.
SLAAC and DHCPv6 ConceptsNetwork Layer NAT for IPv4Address Resolution FHRP ConceptsVPN and IPsec ConceptsBasic Router Configuration LAN Security Concepts.
Switch Security Configuration QoS ConceptsIPv4 AddressingIPv6 Addressing WLAN Concepts Network ManagementICMP WLAN Configuration Network DesignTransport Layer Routing Concepts Network Troubleshooting.
Application Layer IP Static Routing Network VirtualizationNetwork Security Fundamentals Troubleshoot Static and Default Network AutomationBuild a Small Network Routes New significantly changed 2019 Cisco and or its affiliates All rights reserved content.
Download Draft Scope and Sequence Scope and Sequence 2019 Cisco and or its affiliates All rights reserved CCNA 6 to CCNA 7 comparisonCCNA v6 CCNA v7.
Focus on configuration Focus on networkverification and fundamental conceptstroubleshooting and configuration 2019 Cisco and or its affi liates All rights reserved Source Leandro Almeida Brazil Cisco Confidential.
Module ObjectivesModule Title Switch Security ConfigurationModule Objective Configure switch security to mitigate LAN attacksTopic Title Topic ObjectiveImplement Port Security Implement port security to mitigate MAC address table attacks .
Explain how to configure DTP and native VLAN to mitigate VLANMitigate VLAN AttacksExplain how to configure DHCP snooping to mitigate DHCPMitigate DHCP AttacksMitigate ARP Attacks Explain how to configure ARP inspection to mitigate ARP attacks .
Explain how to configure PortFast and BPDU Guard to mitigateMitigate STP AttacksSTP Attacks 2016 Cisco and or its affiliates All rights reserved Cisco Confidential 7 Importance of L2.
2019 Cisco and or its affiliates All rights reserved We forget about attacks inside our network Employee innocently open a link on an e mail or download a non trusted applicationon the network.
Malicious attacks coming from adisgruntled employee Visitors accessing the LAN from public IoT devices not properly securedMost of the attacks on the network occur or.
started from inside of your network FBI report onNetworking Security 2019 Cisco and or its affiliates All rights reserved Cisco Confidential Why L2 security is so important 2019 Cisco and or its affiliates All rights reserved Cisco Confidential.
L2 Security Threats 2019 Cisco and or its affiliates All rights reserved Implement Port SecuritySecure Unused PortsLayer 2 attacks are some of the easiest for hackers to deploy but these threats can also.
be mitigated with some common Layer 2 solutions All switch ports interfaces should be secured before the switch is deployed forproduction use How a port is secured depends on its function A simple method that many administrators use to help secure the network fromunauthorized access is to disable all unused ports on a switch Navigate to each.
unused port and issue the Cisco IOS shutdown command If a port must bereactivated at a later time it can be enabled with the no shutdown command To configure a range of ports use the interface range command Switch config interface range type module first number last numberSwitch config interface range f0 20 24.
Switch config if shutdown 2016 Cisco and or its affiliates All rights reserved Cisco Confidential 12 MAC Address Table 2019 Cisco and or its affiliates All rights reserved MAC Address Table Flooding.
2019 Cisco and or its affiliates All rights reserved Implement Port SecurityMitigate MAC Address Table AttacksThe simplest and most effective method to prevent MAC address table overflow attacks isto enable port security .
Port security limits the number of valid MAC addresses allowed on a port It allows anadministrator to manually configure MAC addresses for a port or to permit the switchto dynamically learn a limited number of MAC addresses When a port configured withport security receives a frame the source MAC address of the frame is compared tothe list of secure source MAC addresses that were manually configured or.
dynamically learned on the port By limiting the number of permitted MAC addresses on a port to one port security canbe used to control unauthorized access to the network 2016 Cisco and or its affiliates All rights reserved Cisco Confidential 15 Implement Port Security.
Enable Port SecurityPort security is enabled with the switchport port security interface configuration command Notice in the example the switchport port security command was rejected This is becauseport security can only be configured on manually configured access ports or manuallyconfigured trunk ports By default Layer 2 switch ports are set to dynamic auto trunking on .
Therefore in the example the port is configured with the switchport mode access interfaceconfiguration command Note Trunk port security is beyond the scope of this course 2016 Cisco and or its affiliates All rights reserved Cisco Confidential 16 Implement Port Security.
Limit and Learn MAC AddressesTo set the maximum number of MAC addresses allowed on a port use the followingSwitch config if switchport port security maximum value The default port security value is 1 The maximum number of secure MAC addresses that can be configured depends the.
switch and the IOS In this example the maximum is 8192 2016 Cisco and or its affiliates All rights reserved Cisco Confidential 17 Implement Port SecurityLimit and Learn MAC Addresses Cont .
The example demonstrates a completeport security configuration forFastEthernet 0 1 The administrator specifies amaximum of 4 MAC addresses .
manually configures one secure MACaddress and then configures the portto dynamically learn additional secureMAC addresses up to the 4 secureMAC address maximum .
Use the show port securityinterface and the show port security address command to verifythe configuration 2016 Cisco and or its affiliates All rights reserved Cisco Confidential 18.
Implement Port SecurityPort Security AgingPort security aging can be used to set the aging time for static and dynamic secureaddresses on a port and two types of aging are supported per port Absolute The secure addresses on the port are deleted after the specified aging time .
Inactivity The secure addresses on the port are deleted if they are inactive for a specified time Use aging to remove secure MAC addresses on a secure port without manually deletingthe existing secure MAC addresses Aging of statically configured secure addresses can be enabled or disabled on a per port basis Use the switchport port security aging command to enable or disable static aging for.
the secure port or to set the aging time or type Switch config if switchport port security aging static time time type absolute inactivity 2016 Cisco and or its affiliates All rights reserved Cisco Confidential 19 Implement Port SecurityPort Security Violation Modes.
If the MAC address of a device attached to a port differs from the list of secure addresses then a port violation occurs and the port enters the error disabled state To set the port security violation mode use the following command Switch config if switchport port security violation shutdown restrict protect The following table shows how a switch reacts based on the configured violation mode .
Mode DescriptionThe port transitions to the error disabled state immediately turns off the port LED and sends a syslogshutdown message It increments the violation counter When a secure port is in the error disabled state an default administrator must re enable it by entering the shutdown and no shutdown commands The port drops packets with unknown source addresses until you remove a sufficient number of secure MAC.
addresses to drop below the maximum value or increase the maximum value This mode causes theSecurity Violation counter to increment and generates a syslog message This is the least secure of the security violation modes The port drops packets with unknown MAC sourceaddresses until you remove a sufficient number of secure MAC addresses to drop below the maximum valueor increase the maximum value No syslog message is sent .
2016 Cisco and or its affiliates All rights reserved Cisco Confidential 20 Implement Port SecurityPort Security Violation Modes Cont The example shows an administratorchanging the security violation to.
Restrict The output of the show port securityinterface command confirms that thechange has been made 2016 Cisco and or its affiliates All rights reserved Cisco Confidential 21.
Implement Port SecurityPorts in error disabled StateWhen a port is shutdown and placed in the error disabled state no traffic is sent orreceived on that port A series of port security related messages display on the console as shown in the.
following example Note The port protocol and link status are changed to down and the port LED is turned off 2016 Cisco and or its affiliates All rights reserved Cisco Confidential 22 Implement Port SecurityPorts in error disabled State Cont .
In the example the showinterface command identifies the port statusas err disabled The output of the showport security interface command nowshows the port status as secure shutdown .
The Security Violation counter increments by The administrator should determine whatcaused the security violation If anunauthorized device is connected to asecure port the security threat is eliminated.
before re enabling the port To re enable the port first usethe shutdown command then use the noshutdown command 2016 Cisco and or its affiliates All rights reserved Cisco Confidential 23.
Implement Port SecurityVerify Port Security Cont Use the show port securityinterface command to viewdetails for a specific interface as.
shown previously and in this 2016 Cisco and or its affiliates All rights reserved Cisco Confidential 24 Implement Port SecurityPacket Tracer Implement Port SecurityIn this Packet Tracer you will complete the following objectives .
Part 1 Configure Port Security Part 2 Verify Port Security 2016 Cisco and or its affiliates All rights reserved Cisco Confidential 25 VLAN Attacks 2019 Cisco and or its affiliates All rights reserved .
VLAN Hopping Attacks 2019 Cisco and or its affiliates All rights reserved VLAN Double Tagging AttackStep 1 Double Tagging AttackStep 2 Double Tagging Attack.
Step 3 Double Tagging Attack 2019 Cisco and or its affiliates All rights reserved Mitigate VLAN AttacksSteps to Mitigate VLAN Hopping AttacksUse the following steps to mitigate VLAN hopping.
Step 1 Disable DTP auto trunking negotiations on non trunking ports by using the switchport modeaccess interface configuration command Step 2 Disable unused ports and put them in an unusedStep 3 Manually enable the trunk link on a trunking port by.
using the switchport mode trunk command Step 4 Disable DTP auto trunking negotiations ontrunking ports by using the switchportnonegotiate command Step 5 Set the native VLAN to a VLAN other than VLAN 1.
by using the switchport trunk nativevlan vlan number command 2016 Cisco and or its affiliates All rights reserved Cisco Confidential 29 DHCP Attacks 2019 Cisco and or its affiliates All rights reserved .
DHCP Starvation AttackClient Requests all OffersUsing Gobler ToolDHCP Server Acknowledges All Requests creating a DoS 2019 Cisco and or its affiliates All rights reserved .
DHCP Spoofing 2019 Cisco and or its affiliates All rights reserved Mitigate DHCP AttacksDHCP SnoopingDHCP snooping filters DHCP messages and rate limits DHCP traffic on.
untrusted ports Devices under administrative control e g switches routers and servers are trusted sources Trusted interfaces e g trunk links server ports must be explicitlyconfigured as trusted .
Devices outside the network and all access ports are generally treated asCCNA v7 Course #1. CCNA. v7 Course #2. CCNA v7 Course #3. CCNA 7.0 Course Outlines __ New/significantly changed content. Download Draft Scope and Sequence. ... Disable DTP (auto trunking) negotiations on non-trunking ports by using the ...

Related Presentations

Routers Pass Email from LAN to LAN Professional Ethics

Ethics for the Information AgeFifth Editionby Michael J. Quinn. 1-Chapter Overview. Email and spam. World Wide Web. Censorship. Freedom of expression. Breaking trust on the Internet. 1-3.2 Email and Spam. 1-How Email Works. Email: Messages embedded in files transferred between computers.

3 Views0 Downloads

Wireless LAN Security

Wireless LAN Security Kim W. Tracy NEIU, University Computing [email protected] * * * * * * * * * * * * * * * * * Outline Threats to LANs & Wireless LANs Wireless LAN Security Techniques Summary Fundamental Premise Security cannot be considered in isolation and to be effective must consider the entire system That is, network and LAN security must be: Consistent with other security mechanisms ...

2 Views0 Downloads

CCNA 1 Chapter 2 Networking Fundamentals

CCNA 1 v3.1 Module 2 Networking Fundamentals Objectives Data Networks Network History Network History continued Networking Devices Network Topology Network Protocols Local-area Networks (LANs) Wide-area Networks (WANs) Metropolitan-Area Network (MANs) Storage-Area Networks (SANS) Virtual Private Networks (VPNs) Benefits of VPNs Intranet and Extranet VPN Importance of Bandwidth Bandwidth Pipe ...

22 Views0 Downloads

Back to Basics CCNA Raleigh Chapter of ISSA

Cisco Certified Entry Networking Technician. ICND2 (200-105 results in full CCNA) – Prereq. ICND1 - 45/55 Questions – 90 Minutes - ~$150.00. Cisco Certified Network Associate. Administered as one test: CCNA (200-125) – 60/70 Questions – 90 Minutes - ~$295.00. Certification exams are administered worldwide through Cisco’s testing ...

17 Views0 Downloads

Cisco Networking Academy New CCNA Curricula

Cisco Networking Academy CCNA Curricula US & Canada Webinar CCNA Discovery and CCNA Exploration ... chapter exams, and the final exam Maintenance fixes Please review the CCNA Discovery Scope and Sequence document, which has been updated with the new chapter outline for Working at a Small-to-Medium Business or ISP v4.1. ... Document Discovery ...

25 Views0 Downloads

CCNA Concentrations Cisco

Requirements: Hold active CCNA Certification (640-802 CCNA comp exam or 640-822 ICND1 and 640-816 ICND2 exams) and pass the corresponding CCNA Concentration exams Cisco Confidential CCNA Security Verifies an individual’s skills in the following roles: Network Security Specialists Security Administrators Network Security Support Engineers ...

15 Views0 Downloads

CCNA 3 Module 3 Single Area OSPF

Cisco Systems, Inc. ... Times New Roman Arial Arial Black Default Design CCNA 3 Chapter 7 Switch Configuration Objectives LAN Design Goals Physical Startup of Catalyst Switches Switch LED Indicators Verifying Port LEDs During Switch POST Connecting a Switch to a PC Help in the CLI The show Command Configuring the Switch Verifying the Catalyst ...

12 Views0 Downloads

CCNA 1 Module 11 TCP IP Transport and Application Layers

CCNA 2 v3.1 Module 9 Basic Router Troubleshooting

12 Views0 Downloads

ExamUnion 200 125 CCNA Routing and Switching Exam

Associated Certifications: CCENT, CCNA Routing & Switching, CCDA, CCNA Security, CCNA Wireless. Cisco 200-125 CCNA v3.0 exam is the newest exam. Note: Cisco 100-101 ICND1 v2.0 exam has been retired. The 100-101 ICND1 exam and training course have been revised from v2.0 to v3.0. Candidates can choose to take either the 100-101 ICND1 v2.0 exam or ...

13 Views0 Downloads

CCNA 2 Module 1 WANs and Routers

Purpose of This PowerPoint This PowerPoint primarily consists of the Target Indicators (TIs) of this module in CCNA version 3.1. It was created to give instructors a PowerPoint to take and modify as their own. This PowerPoint is: NOT a study guide for the module final assessment. NOT a study guide for the CCNA certification exam.

10 Views0 Downloads

CCNA Voice 640 461 Cert Guide

CCNA Voice 640-461 Cert Guide. ... Data applications can be integrated with the phone. Open, compatible standards: ... Call Center Applications, 911 services. Call Processing: Unified Communications Manager, Unified Communications Manager Express, UC500. Infrastructure: ASA Firewall, Voice Router/ Gateway,Voice Switch.

9 Views0 Downloads

CCNA 1 Module 10 Routing Fundamentals and Subnets

Arial Times New Roman Default Design CCNA 1 v3.1 Module 10 Routing Fundamentals and Subnets Purpose of This PowerPoint To Locate Instructional Resource Materials on Academy Connection: Objectives IP Address IP Address Grouping Routed Protocol Data Encapsulation IP Packet Header Network Layer Devices in Data Flow Router Protocol Stripping ...

11 Views0 Downloads