Ca Ex S4 C4 Network Security

CCNA – Semester 4

Chapter 4: Network Security

CCNA Exploration 4.0

2

Objectives

• Identify security threats to enterprise networks

• Describe methods to mitigate security threats to enterprise

networks

• Configure basic router security

• Disable unused router services and interfaces

• Use the Cisco SDM one-step lockdown feature

• Manage files and software images with the Cisco IOS

Integrated File System (IFS)

3

Introduction to Network Security

4

Why is Network Security Important?

• Computer networks have grown in both size and importance in a very short time. If the security of the network is compromised, there could be serious consequences, such as loss of privacy, theft of information, and even legal liability. To make the situation even more challenging, the types of potential threats to network security are always evolving.

5

The Increasing Threat to Security

6

The Increasing Threat to Security

• Over the years, network attack tools and methods have

evolved.

• As the types of threats, attacks, and exploits have evolved,

various terms have been coined to describe the individuals

involved:

– White hat

– Hacker

– Black hat

– Cracker

– Phreaker

– Spammer

– Phisher

7

Think Like a Attacker

Seven-step process to gain information and state an attack:

• Step 1. Perform footprint analysis (reconnaissance).

• Step 2. Enumerate information.

• Step 3. Manipulate users to gain access.

• Step 4. Escalate privileges.

• Step 5. Gather additional passwords and secrets.

• Step 6. Install backdoors.

• Step 7. Leverage the compromised system.

8

Types of Computer Crime

• Insider abuse of network access

• Virus

• Mobile device theft

• Phishing where an organization is fraudulently represented as the sender

• Instant messaging misuse

• Denial of service

• Unauthorized access to information

• Bots within the organization

• Theft of customer or employee data

• Abuse of wireless network

• System penetration

• Financial fraud

• Password sniffing

• Key logging

• Website defacement

• Misuse of a public web application

• Theft of proprietary information

• Exploiting the DNS server of an organization

• Telecom fraud

• Sabotage

9

Open versus Closed Networks

10

Developing a Security Policy

• The first step any organization should take to

protect its data and itself from a liability

challenge is to develop a security policy: a

set of principles that guide decision-making

processes and enable leaders in an

organization to distribute authority confidently.

• A security policy meets these goals:

– Informs users, staff, and managers of their

obligatory requirements for protecting

technology and information assets

– Specifies the mechanisms through which these requirements can be

met

– Provides a baseline from which to acquire, configure, and audit

computer systems and networks for compliance with the policy

• A security policy can be as simple as a brief Acceptable Use Policy for

network resources, or it can be several hundred pages long and detail

every element of connectivity and associated policies.

11

Developing a Security Policy

• ISO/IEC 27002 is intended to be a common basis and practical guideline

for developing organizational security standards and effective security

management practices. The document consists of 12 sections:

• Risk assessment

• Security policy

• Organization of information security

• Asset management

• Human resources security

• Physical and environmental security

• Communications and operations management

• Access control

• Information systems acquisition, development, and maintenance

• Information security incident management

• Business continuity management

• Compliance

12

Common Security Threats

• When discussing network security, three common factors are

vulnerability, threat, and attack.

Vulnerability

• Vulnerability is the degree of weakness which is inherent in

every network and device.

• There are three primary vulnerabilities or weaknesses:

– Technological weaknesses

– Configuration weaknesses

– Security policy weaknesses

13

Vulnerabilities: Technological weaknesses

14

Vulnerabilities: Configuration weaknesses

15

Vulnerabilities: Security policy weaknesses

16

Common Security Threats

Threats to Physical Infrastructure

• The four classes of physical threats are:

– Hardware threats: Physical damage to servers, routers,

switches, cabling plant, and workstations

– Environmental threats: Temperature extremes (too hot

or too cold) or humidity extremes (too wet or too dry)

– Electrical threats: Voltage spikes, insufficient supply

voltage (brownouts), unconditioned power (noise), and

total power loss

– Maintenance threats: Poor handling of key electrical

components (electrostatic discharge), lack of critical spare

parts, poor cabling, and poor labeling

17

Physical Security Measures

18

Physical Security Measures

19

Common Security Threats: Threats to

Networks

20

Common Security Threats: Threats to

Networks

• Threats to Networks: four primary classes

• Unstructured Threats : consist of mostly inexperienced

individuals using easily available hacking tools. An attacker's

skills can do serious damage to a network.

• Structured Threats: come from individuals or groups that

are more highly motivated and technically competent. These

people know system vulnerabilities and use sophisticated

hacking techniques to penetrate unsuspecting businesses.

• External Threats: arise from individuals or organizations

working outside of a company who do not have authorized

access to the computer systems or network.

• Internal Threats: occur when someone has authorized

access to the network with either an account or physical

access.

21

Common Security Threats: Social

Engineering

• The easiest hack involves no computer skill at all.

• Social engineering: an intruder can trick a member of an

organization into giving over valuable information, such as

the location of files or passwords.

• Phishing is a type of social engineering attack that involves

using e-mail or other types of messages in an attempt to trick

others into providing sensitive information, such as credit

card numbers or passwords.

• Phishing attacks can be prevented by educating users and

implementing reporting guidelines when they receive

suspicious e-mail.

22

Types of Network Attacks

• Reconnaissance

– Is the unauthorized discovery and mapping of systems, services, or vulnerabilities.

– It is also known as information gathering and, in most cases, it precedes another type of attack.

• Access

– Is the ability for an intruder to gain access to a device for which the intruder does not have an account or a password.

• Denial of service (DoS)

– Is when an attacker disables or corrupts networks, systems, or services with the intent to deny services to intended users.

• Worms, Viruses, and Trojan Horses

23

Reconnaissance Attacks

• Reconnaissance attacks can consist of the following:

– Internet information queries

– Ping sweeps

– Port scans

– Packet sniffers

• The information gathered by eavesdropping can be used to pose other attacks to the network.

• Two common uses of eavesdropping are as follows:

– Information gathering: Network intruders can identify usernames, passwords, or information carried in a packet.

– Information theft: The theft can occur as data is transmitted over the internal or external network. The network intruder can also steal data from networked computers by gaining unauthorized access.

24

Reconnaissance Attacks

• Three of the most effective methods for counteracting

eavesdropping are as follows:

– Using switched networks instead of hubs so that traffic

is not broadcast to all endpoints or network hosts.

– Using encryption that meets the data security needs of

the organization without imposing an excessive burden on

system resources or users.

– Implementing and enforcing a policy directive that forbids

the use of protocols with known susceptibilities to

eavesdropping.

• Encryption provides protection for data susceptible to

eavesdropping attacks, password crackers, or manipulation.

25

Access Attacks

• Access attacks exploit known vulnerabilities in authentication

services, FTP services, and web services to gain entry to

web accounts, confidential databases, and other sensitive

information.

• Password Attacks:

– Implemented using a packet sniffer to yield user accounts

and passwords that are transmitted as clear text.

– Use programs repeatedly attempt to log in as a user using

words derived from a dictionary.

– Another password attack method uses rainbow tables.

– A brute-force attack tool is more sophisticated

26

Access Attacks

• Trust Exploitation

– To compromise a trusted host, using it to stage attacks on

other hosts in a network.

– Trust exploitation-based attacks can be mitigated through

tight constraints on trust levels within a network.

27

Access Attacks

28

Access Attacks

• Man-in-the-Middle Attack:

– Is carried out by attackers that manage to position

themselves between two legitimate hosts.

– The transparent proxy: a popular method of MITM.

29

DoS Attacks

• DoS attacks:

– Are the most publicized form of attack and also among

the most difficult to eliminate.

– DoS attacks take many forms

30

DoS Attacks

• Ping of Death:

– It took advantage of vulnerabilities in older operating

systems.

– This attack modified the IP portion of a ping packet

header to indicate that there is more data in the packet

than there actually was.

• SYN Flood:

– Exploits the TCP

three-way

handshake.

31

DoS Attacks

• DDos Attacks

– Distributed DoS

(DDoS) attacks are

designed to saturate

network links with

illegitimate data.

• E-mail bombs: Programs send bulk e-mails to individuals,

lists, or domains, monopolizing e-mail services.

• Malicious applets: These attacks are Java, JavaScript, or

ActiveX programs that cause destruction or tie up computer

resources.

32

DoS Attacks

DDos Attacks (cont.)

• There are three components to a DDoS attack.

– There is a Client who is typically a person who launches

the attack.

– A Handler is a compromised host that is running the

attacker program and each Handler is capable of

controlling multiple Agents

– An Agent is a compromised host that is running the

attacker program and is responsible for generating a

stream of packets that is directed toward the intended

victim

• Examples of DDoS attacks include the following: SMURF

attack, Tribe flood network (TFN), Stacheldraht, MyDoom

33

DoS Attacks

34

Malicious Code Attacks: Worms

• The enabling vulnerability: A worm installs itself by exploiting

known vulnerabilities in systems, such as naive end users who

open unverified executable attachments in e-mails.

• Propagation mechanism: After gaining access to a host, a worm

copies itself to that host and then selects new targets.

• Payload: Once a host is infected with a worm, the attacker has

access to the host, often as a privileged user. Attackers could use

a local exploit to escalate their privilege level to administrator.

35

Malicious Code Attacks: Worms

• Worm attack mitigation requires diligence on the part of system and network administration staff.

• The following are the recommended steps for worm attack mitigation:

– Containment: Contain the spread of the worm in and within the network. Compartmentalize uninfected parts of the network.

– Inoculation: Start patching all systems and, if possible, scanning for vulnerable systems.

– Quarantine: Track down each infected machine inside the network. Disconnect, remove, or block infected machines from the network.

– Treatment: Clean and patch each infected system. Some worms may require complete core system reinstallations to clean the system.

36

Malicious Code Attacks: Viruses and Trojan

Horses

• A virus is malicious software that is attached to another

program to execute a particular unwanted function on a

workstation.

• A Trojan horse is different only in that the entire application

was written to look like something else, when in fact it is an

attack tool.

37

Host and Server Based Security

• Device Hardening

– Default usernames and passwords should be changed immediately.

– Access to system resources should be restricted to only the individuals that are authorized to use those resources.

– Any unnecessary services and applications should be turned off and uninstalled, when possible.

• Antivirus Software

– It scans files, comparing their contents to known viruses in a virus dictionary. Matches are flagged in a manner defined by the end user.

– It monitors suspicious processes running on a host that might indicate infection. This monitoring may include data captures, port monitoring, and other methods.

38

Host and Server Based Security

• Personal Firewall

• Operating System Patches

39

Intrusion Detection and Prevention

• Intrusion detection systems (IDS) detect attacks against a network and send logs to a management console.

• Intrusion prevention systems (IPS) prevent attacks against the network and should provide the following active defense mechanisms in addition to detection:

– Prevention: Stops the detected attack from executing.

– Reaction: Immunizes the system from future attacks from a malicious source.

40

Intrusion Detection and Prevention

Host-based Intrusion Detection Systems

• Implemented as inline or passive technology

• Passive technology, which was the first generation

technology, is called a host-based intrusion detection

system (HIDS). HIDS sends logs to a management console

after the attack has occurred and the damage is done.

• Inline technology, called a host-based intrusion

prevention system (HIPS), actually stops the attack,

prevents damage, and blocks the propagation of worms and

viruses.

41

Common Security Appliances and

Applications

• Security is a top consideration whenever planning a network.

• Threat control: Regulates network access, isolates infected

systems, prevents intrusions, and protects assets by

counteracting malicious traffic, such as worms and viruses.

Devices that provide threat control solutions are:

– Cisco ASA 5500 Series Adaptive Security Appliances

– Integrated Services Routers (ISR)

– Network Admission Control

– Cisco Security Agent for Desktops

– Cisco Intrusion Prevention Systems

42


Applications

• Secure communications: Secures network endpoints with

VPN. The devices that allow an organization to deploy VPN

are Cisco ISR routers with Cisco IOS VPN solution, and the

Cisco 5500 ASA and Cisco Catalyst 6500 switches.

• Network admission control (NAC): Provides a roles-based

method of preventing unauthorized access to a network.

Cisco offers a NAC appliance.

• Cisco IOS Software on Cisco Integrated Services

Routers (ISRs)

– Cisco provides many of the required security measures

for customers within the Cisco IOS software. Cisco IOS

software provides built-in Cisco IOS Firewall, IPsec, SSL

VPN, and IPS services.

43


Applications

44

The Network Security Wheel

• Most security incidents occur because system administrators do not implement available countermeasures, and attackers or disgruntled employees exploit the oversight.

• The Security Wheel has proven to be an effective approach.

• The Security Wheel promotes retesting and reapplying updated security measures on a continuous basis.

• A security policy includes the following:

– Identifies the security objectives of the organization.

– Documents the resources to be protected.

– Identifies the network infrastructure with current maps and inventories.

– Identifies the critical resources that need to be protected, such as research and development, finance, and human resources. This is called a risk analysis.

45


• Intrusion prevention systems.

• Vulnerability patching.

• Disable unnecessary services

SecurityPolicyImprove Monitor

Test

Secure

Step 1: Secure

• Threat defense

• Stateful inspection and

packet filtering: Filter

network traffic to allow

only valid traffic and

services.

46


Step 1: Secure (Cont.)

• Secure connectivity

– VPNs

– Trust and identity

– Authentication

– Policy enforcement

Step 2: Monitor

• Active and passive methods of detecting security violations.

Step 3: Test

• The security measures are proactively tested.

Step 4: Improve

• Analyzing the data collected during the monitoring and testing phases.

47

The Enterprise Security Policy

• A security policy is a set of guidelines established to safeguard the network from attacks, both from inside and outside a company.

• Security policy benefits:

– Provides a means to audit existing network security and compare the requirements to what is in place.

– Plan security improvements, including equipment, software, and procedures.

– Defines the roles and responsibilities of the company executives, administrators, and users.

– Defines which behavior is and is not allowed.

– Defines a process for handling network security incidents.

– Enables global security implementation and enforcement by acting as a standard between sites.

– Creates a basis for legal action if necessary.

48

Functions of a Security Policy

• Functions of a Security Policy:

• The security policy is for everyone, including employees,

contractors, suppliers, and customers who have access to

the network.

49

Components of a Security Policy

• Components of a Security Policy

– General security policies:

50

Components of a Security Policy

• Components of a Security Policy: Others that may be necessary:

– Account access request policy

– Acquisition assessment policy

– Audit policy

– Information sensitivity policy

– Password policy

– Risk assessment policy

– Global web server policy

• E-mail policy: Automatically forwarded e-mail policy, E-mail policy, Spam policy

• Remote access policies: Dial-in access policy, Remote access policy, VPN security policy

Activity 4.1.6.4

51

Securing Cisco Routers

52

Router Security Issues

The Role of Routers in Network Security

• Routers fulfill the following roles:

– Advertise networks and filter who can use them.

– Provide access to network segments and subnetworks.

53

Routers are Targets

• Routers provide gateways to other networks, they are

obvious targets, and are subject to a variety of attacks.

– Compromising the access control can expose network

configuration details, thereby facilitating attacks against

other network components.

– Compromising the route tables can reduce performance,

deny network communication services, and expose

sensitive data.

– Misconfiguring a router traffic filter can expose internal

network components to scans and attacks, making it

easier for attackers to avoid detection.

• Attackers can compromise routers in different ways: trust

exploitation attacks, IP spoofing, session hijacking, and

MITM attacks

54

Securing Your Network

• Physical security

• Update the router IOS whenever advisable

• Backup the router configuration and IOS

• Harden the router to eliminate the potential abuse of unused

ports and services

55

Applying Cisco IOS Security Features to

Routers

Steps to safeguard a router:

• Step 1. Manage router security

• Step 2. Secure remote administrative access to routers

• Step 3. Logging router activity

• Step 4. Secure vulnerable router services and interfaces

• Step 5. Secure routing protocols

• Step 6. Control and filter network traffic

56

Manage Router Security

• Basic router security consists of configuring passwords.

• Passphrases: for creating strong

• By default, Cisco IOS software leaves passwords in plain

text when they are entered on a router: not secure.

• To encrypt passwords using type 7 encryption, use the

service password-encryption global configuration

command

• Cisco recommends that Type 5 encryption be used instead

of Type 7

57

Manage Router Security

• Type 5 encryption:

– enable secret command

– username username secret password

• Cisco IOS Software Release 12.3(1) and later allow

administrators to set the minimum character length for all

router passwords using the security passwords min-length

global configuration command

• Note: Some processes may not be able to use type 5

encrypted passwords (for example, PAP and CHAP)

58

Securing Administrative Access to Routers

• Network administrators can

connect to a router or switch

locally or remotely.

• Local access through the

console port:

– Is secure

– Can become overwhelming

• Remote administrative access:

– May be not secure

– To secure: secure the administrative lines (VTY, AUX),

then you will configure the network device to encrypt

traffic in an SSH tunnel.

59

Remote Administrative Access with Telnet

and SSH

• Having remote access to network devices is critical for

effectively managing a network.

• Remote access typically involves allowing Telnet, Secure

Shell (SSH), HTTP, HTTP Secure (HTTPS), or SNMP

connections to the router from a computer on the same

internetwork as the router.

• If remote access is required, your options are as follows:

– Establish a dedicated management network.

– Encrypt all traffic between the administrator computer and

the router.

60

Remote Administrative Access with Telnet

and SSH

61

Implementing SSH to Secure Remote

Administrative Access• Telnet traffic is forwarded in plain text, uses port TCP 23

• SSH has replaced Telnet, uses port TCP 22

• Not all Cisco IOS images support SSH. Typically, these images have

image IDs of k8 or k9 in their image names.

• The SSH terminal-line access feature enables administrators to configure

routers with secure access and perform the following tasks:

– Connect to a router that has multiple terminal lines connected to

consoles or serial ports of other routers, switches, and devices.

– Simplify connectivity to a router from anywhere by securely

connecting to the terminal server on a specific line.

– Allow modems attached to routers to be used for dial-out securely.

– Require authentication to each of the lines through a locally defined

username and password, or a security server such as a TACACS+ or

RADIUS server.

62

Configuring SSH Security

• Step 1: Set router parameters

– the hostname hostname command

• Step 2: Set the domain name

– the ip domain-name cisco.com command

• Step 3: Generate asymmetric keys

– the crypto key generate rsa command

• Step 4: Configure local authentication and vty

– You must define a local user and assign SSH

communication to the vty lines as shown in the figure.

• Step 5: Configure SSH timeouts (optional)

– Use the command ip ssh time-outsecondsauthentication-

retriesinteger to enable timeouts and authentication

retries Activity 4.2.4.5

63

Logging Router Activity

• Logs allow you to verify that a router is working properly or to

determine whether the router has been compromised.

• Configuring logging (syslog) on the router should be done

carefully.

• Routers support different

levels of logging:0 Emergencies 1 Alerts

2 Critical 3 Errors

4 Warnings 5 Notifications

6 Informational 7 Debugging

• Accurate time stamps are

important to logging

R2(config)#service timestamps

• Dedicated to storing logs

• Connected on a protected

network or a dedicated

router interface

64

Secure Router Network Services

65

Vulnerable Router Services and Interfaces

• Cisco routers support a large number of network services at

layers 2, 3, 4, and 7

66


67


• Services which should typically be disabled are:

– Small services such as echo, discard, and chargen - Use the no

service tcp-small-servers or no service udp-small-servers

command.

– BOOTP - Use the no ip bootp server command.

– Finger - Use the no service finger command.

– HTTP - Use the no ip http server command.

– SNMP - Use the no snmp-server command.

– Cisco Discovery Protocol (CDP) - Use the no cdp run command.

– Remote configuration - Use the no service config command.

– Source routing - Use the no ip source-route command.

– Classless routing - Use the no ip classless command.

– Unused interfaces - Use the shutdown command.

– No SMURF attacks - Use the no ip directed-broadcast command.

– Ad hoc routing - Use the no ip proxy-arp command.

68


• SNMP:

– Different versions of SNMP with different security properties. Normally, SNMP version 3 should be used.

• NTP:

– To reject all NTP messages at a particular interface, use an access list.

• DNS:

– ip name-server addresses command.

– no ip domain-lookup command.

69

Securing Routing Protocols

Routing systems can be

attacked in two ways:

• Disruption of peers

• Falsification of routing

information

• The best way to protect

routing information on the

network is to authenticate

routing protocol packets using message digest algorithm 5

(MD5).

70

Securing Routing Protocols

• RIPv2, EIGRP, OSPF, IS-IS, and BGP all support various

forms of MD5 authentication.

71

Routing Protocol Authentication for RIPv2

• Step 3. Verify the operation of RIP routing:

– Use show ip route command

72

Routing Protocol Authentication for EIGRP

and OSPF

73

Locking Down Your Router with Cisco Auto

Secure

• Cisco AutoSecure uses a single command to disable non-

essential system processes and services, eliminating

potential security threats. Two modes of auto secure

command:

– Interactive mode - This mode prompts you with options

to enable and disable services and other security

features. This is the default mode.

– Non-interactive mode - This mode automatically

executes the auto secure command with the

recommended Cisco default settings. This mode is

enabled with the no-interact command option.

74

Locking Down Your Router with Cisco Auto

Secure

• To start the process of securing a

router issue the auto secure

command, Cisco AutoSecure will

ask you for a number of items

including :

− Interface specifics

− Banners

− Passwords

− SSH

− IOS firewall features

75

Using Cisco SDM

76

Cisco SDM Overview

• What is Cisco SDM?

• Security Device Manager (SDM) is an easy-to-use, web-

based device-management tool designed for configuring

LAN, WAN, and security features on Cisco IOS software-

based routers.

• The SDM files can be

installed on the router,

a PC, or on both.

• Advantage: it saves

router memory, and

allows to manage other

routers on the network.

77

Cisco SDM Overview

• Cisco SDM Features

78

Configuring Your Router to Support Cisco

SDM

• Step 1. Access the router's Cisco CLI interface using Telnet or the console connection

• Step 2. Enable the HTTP and HTTPS servers on the router

• Step 3 Create a user account defined with privilege level 15 (enable privileges).

• Step 4 Configure SSH and Telnet for local login and privilege level 15.

79

Starting Cisco SDM

• Cisco SDM is stored in the router flash memory. It can also

be stored on a local PC.

• To launch the Cisco SDM use the HTTPS

protocol and put the IP address of the

router into the browser.

80

The Cisco SDM Interface

81


Hardware Software

About Your

RouterHost Name

82


83

Cisco SDM Wizards

• Cisco SDM provides a number of wizards to help you

configure a Cisco ISR router.

84

Locking Down a Router with Cisco SDM

85


86


87


88


89


90


91


92

Secure Router Management

93

Maintaining Cisco IOS Software Images

• Periodically, the router requires updates to be loaded to

either the operating system or the configuration file to fix

known security vulnerabilities, support new features that

allow more advanced security policies, or improve

performance.

94


• Cisco recommends following a four-phase migration process

to simplify network operations and management.

– Plan: Set goals, identify resources, profile network

hardware and software, and create a preliminary

schedule for migrating to new releases.

– Design: Choose new Cisco IOS releases and create a

strategy for migrating to the releases.

– Implement: Schedule and execute the migration.

– Operate: Monitor the migration progress and make

backup copies of images that are running on your

network.

95


• There are a number of tools available on Cisco.com to aid in migrating Cisco IOS software.

• The following tools do not require a Cisco.com login:

– Cisco IOS Reference Guide: Covers the basics of the Cisco IOS software family

– Cisco IOS software technical documents: Documentation for each release of Cisco IOS software

– Software Center: Cisco IOS software downloads

• The following tools require valid Cisco.com login accounts:

– Bug Toolkit: Searches for known software fixes based on software version, feature set, and keywords

– Cisco Feature Navigator: Finds releases that support a set of software features and hardware, and compares releases

– Software Advisor: Compares releases, matches Cisco IOS software and Cisco Catalyst OS features to releases, and finds out which software release supports a given hardware device

– Cisco IOS Upgrade Planner: Finds releases by hardware, release, and feature set, and downloads images of Cisco IOS software

96

Managing Cisco IOS Images

Cisco IOS File Systems and Devices

• You have to be able to save, back up, and restore

configuration and IOS images.

• Use show file system command

97


98


• URL Prefixes for Cisco Devices

99

Commands for Managing Configuration Files

• R2# copy running-config startup-config

• R2# copy system:running-config nvram:startup-config

• R2# copy running-config tftp:

• R2# copy system:running-config tftp:

• R2# copy tftp: running-config

• R2# copy tftp: system:running-config

• R2# copy tftp: startup-config

• R2# copy tftp: nvram:startup-config

100

Cisco IOS File Naming Conventions

• i - Designates the IP feature set

• j - Designates the enterprise feature set (all protocols)s -

Designates a PLUS feature set (extra queuing, manipulation,

or translations)

• 56i - Designates 56-bit IPsec DES encryption

• 3 - Designates the firewall/IDS

• k2 - Designates the 3DES IPsec encryption (168 bit)

101

Using TFTP Servers to Manage IOS Images

• Using a network TFTP server allows image and

configuration uploads and downloads over the network.

102

Backing Up IOS Software Image

• Step 1

• Step 2

• Step 3

103

Upgrading IOS Software Images

• Note: Make sure that the Cisco IOS image loaded is

appropriate for the router platform. If the wrong Cisco IOS

image is loaded, the router could be made unbootable,

requiring ROM monitor (ROMmon) intervention.

104

Restoring IOS Software Images

• Step 1. Connect the devices.

• Step 2. Boot the router and set the ROMmon variables.

• Step 3.

Use tftpdnld

command

105

Using xmodem to Restore an IOS Image

• Step 1. Connect the devices

• Step 2.

106

Using xmodem to Restore an IOS Image

• Step 3

• Step 4

107

Cisco IOS Troubleshooting Commands

• Using the show command

• The show command displays static information.

108


• Using the debug command

• By default, the network server sends the output from debug

commands and system error messages to the console.

• The debug command displays dynamic data and events.

109


Commands Related to the debug Command

• R1 (config) # service timestamps debug datetime mesc

• R1# show processes

• R1 # no debug all

• R1 # terminal monitor

110

Recovering a Lost Router Password

• Step 1. Connect to the console port.

• Step 2. If you have lost the enable password, you would still

have access to user EXEC mode.

• Step 3. Use the power switch to turn off the router, and then

turn the router back on.

• Step 4. Press Break on the terminal keyboard within 60

seconds of power up to put the router into ROMmon.

• Step 5. Type confreg 0x2142 at the rommon 1> prompt. This

causes the router to bypass the startup configuration where

the forgotten enable password is stored.

• Step 6. Type reset at the rommon 2> prompt. The router

reboots, but ignores the saved configuration.

111


• Step 7. Type no after each setup question, or press Ctrl-C to

skip the initial setup procedure.

• Step 8. Type enable at the Router> prompt. This puts you

into enable mode, and you should be able to see the

Router# prompt.

• Step 9. Type copy startup-config running-config to copy the

NVRAM into memory.

• Step 10. Type show running-config.

• Step 11. Type configure terminal. The hostname(config)#

prompt appears.

• Step 12. Type enable secret password to change the enable

secret password.

112


• Step 13. Issue the no shutdown command on every interface

that you want to use. You can issue a show ip interface brief

command to confirm that your interface configuration is

correct. Every interface that you want to use should display

up up.

• Step 14. Type config-registerconfiguration_register_setting.

The configuration_register_setting is either the value you

recorded in Step 2 or 0x2102 . For example:

• R1(config)#config-register 0x2102

• Step 15. Press Ctrl-Z or type end to leave configuration

mode. The hostname# prompt appears.

• Step 16. Type copy running-config startup-config to commit

the changes.

113

Summary

• Identify security threats to enterprise networks

• Describe methods to mitigate security threats to enterprise

networks

• Configure basic router security

• Disable unused router services and interfaces

• Use the Cisco SDM one-step lockdown feature

• Manage files and software images with the Cisco IOS

Integrated File System (IFS)

Date post:	10-May-2015
Category:	Technology
Upload:	neo-kim
View:	1,921 times
Download:	1 times

Ca Ex S4 C4 Network Security

Technology