Transcript Router/Switch Security

•
•
•
•
Verify that timestamps for debugging and logging
messages has been enabled.
Verify the severity level of events that are being
captured.
Verify that the source interface command has
been configured.
Verify the IP address of the syslog server.
•
•
•
•
•
•
•
ACLs
Routing Protocol Authentication
CDP
VLANs
Switchport Security
VTP
DTP
•
Cisco IOS uses access control lists to separate
data traffic into that which it will process
(permitted packets) and that which it will not
process (denied packets).
•
Cisco routers makes very heavy use of access
lists:
• restrict access to services
• filter traffic passing through the router.
•
An ACL is a sequential list of permit or deny
statements that apply to addresses or upper-layer
protocols.
•
Static packet filtering controls access to a network
by analyzing the incoming and outgoing packets
•
By default, a router does not have any ACLs
configured and therefore does not filter traffic.
•
Standard ACLs - Allow you to filter traffic based
on source IP address.
•
Extended ACLs filter IP packets based on:
• Protocol type,
• Source IP address,
• Destination IP address
• TCP or UDP ports.
•
Extended ACLs are used for more precise trafficfiltering control and are used more often than
standard ACLs to provide a greater range of
control.
•
ICMP Packet Filtering - filter ICMP messages by
name or type and code.
•
Filter IP Fragments – Fragmentation is often used
in attempts to evade detection by intrusion
detection systems, deny IP fragments.
•
Anti IP Address Spoofing – Deny any inbound IP
packet that contains a source address from the
internal network.
•
Smurf Attack - deny packets destined for
broadcast addresses.