Ca Ex S4 C4 Network Security
-
Upload
neo-kim -
Category
Technology
-
view
1.291 -
download
0
Transcript of Ca Ex S4 C4 Network Security
CCNA – Semester 4
Chapter 4: Network Security
CCNA Exploration 4.0
2
Objectives
• Identify security threats to enterprise networks
• Describe methods to mitigate security threats to enterprise
networks
• Configure basic router security
• Disable unused router services and interfaces
• Use the Cisco SDM one-step lockdown feature
• Manage files and software images with the Cisco IOS
Integrated File System (IFS)
3
Introduction to Network Security
4
Why is Network Security Important?
• Computer networks have grown in both size and importance in a very short time. If the security of the network is compromised, there could be serious consequences, such as loss of privacy, theft of information, and even legal liability. To make the situation even more challenging, the types of potential threats to network security are always evolving.
5
The Increasing Threat to Security
6
The Increasing Threat to Security
• Over the years, network attack tools and methods have
evolved.
• As the types of threats, attacks, and exploits have evolved,
various terms have been coined to describe the individuals
involved:
– White hat
– Hacker
– Black hat
– Cracker
– Phreaker
– Spammer
– Phisher
7
Think Like a Attacker
Seven-step process to gain information and state an attack:
• Step 1. Perform footprint analysis (reconnaissance).
• Step 2. Enumerate information.
• Step 3. Manipulate users to gain access.
• Step 4. Escalate privileges.
• Step 5. Gather additional passwords and secrets.
• Step 6. Install backdoors.
• Step 7. Leverage the compromised system.
8
Types of Computer Crime
• Insider abuse of network access
• Virus
• Mobile device theft
• Phishing where an organization is fraudulently represented as the sender
• Instant messaging misuse
• Denial of service
• Unauthorized access to information
• Bots within the organization
• Theft of customer or employee data
• Abuse of wireless network
• System penetration
• Financial fraud
• Password sniffing
• Key logging
• Website defacement
• Misuse of a public web application
• Theft of proprietary information
• Exploiting the DNS server of an organization
• Telecom fraud
• Sabotage
9
Open versus Closed Networks
10
Developing a Security Policy
• The first step any organization should take to
protect its data and itself from a liability
challenge is to develop a security policy: a
set of principles that guide decision-making
processes and enable leaders in an
organization to distribute authority confidently.
• A security policy meets these goals:
– Informs users, staff, and managers of their
obligatory requirements for protecting
technology and information assets
– Specifies the mechanisms through which these requirements can be
met
– Provides a baseline from which to acquire, configure, and audit
computer systems and networks for compliance with the policy
• A security policy can be as simple as a brief Acceptable Use Policy for
network resources, or it can be several hundred pages long and detail
every element of connectivity and associated policies.
11
Developing a Security Policy
• ISO/IEC 27002 is intended to be a common basis and practical guideline
for developing organizational security standards and effective security
management practices. The document consists of 12 sections:
• Risk assessment
• Security policy
• Organization of information security
• Asset management
• Human resources security
• Physical and environmental security
• Communications and operations management
• Access control
• Information systems acquisition, development, and maintenance
• Information security incident management
• Business continuity management
• Compliance
12
Common Security Threats
• When discussing network security, three common factors are
vulnerability, threat, and attack.
Vulnerability
• Vulnerability is the degree of weakness which is inherent in
every network and device.
• There are three primary vulnerabilities or weaknesses:
– Technological weaknesses
– Configuration weaknesses
– Security policy weaknesses
13
Vulnerabilities: Technological weaknesses
14
Vulnerabilities: Configuration weaknesses
15
Vulnerabilities: Security policy weaknesses
16
Common Security Threats
Threats to Physical Infrastructure
• The four classes of physical threats are:
– Hardware threats: Physical damage to servers, routers,
switches, cabling plant, and workstations
– Environmental threats: Temperature extremes (too hot
or too cold) or humidity extremes (too wet or too dry)
– Electrical threats: Voltage spikes, insufficient supply
voltage (brownouts), unconditioned power (noise), and
total power loss
– Maintenance threats: Poor handling of key electrical
components (electrostatic discharge), lack of critical spare
parts, poor cabling, and poor labeling
17
Physical Security Measures
18
Physical Security Measures
19
Common Security Threats: Threats to
Networks
20
Common Security Threats: Threats to
Networks
• Threats to Networks: four primary classes
• Unstructured Threats : consist of mostly inexperienced
individuals using easily available hacking tools. An attacker's
skills can do serious damage to a network.
• Structured Threats: come from individuals or groups that
are more highly motivated and technically competent. These
people know system vulnerabilities and use sophisticated
hacking techniques to penetrate unsuspecting businesses.
• External Threats: arise from individuals or organizations
working outside of a company who do not have authorized
access to the computer systems or network.
• Internal Threats: occur when someone has authorized
access to the network with either an account or physical
access.
21
Common Security Threats: Social
Engineering
• The easiest hack involves no computer skill at all.
• Social engineering: an intruder can trick a member of an
organization into giving over valuable information, such as
the location of files or passwords.
• Phishing is a type of social engineering attack that involves
using e-mail or other types of messages in an attempt to trick
others into providing sensitive information, such as credit
card numbers or passwords.
• Phishing attacks can be prevented by educating users and
implementing reporting guidelines when they receive
suspicious e-mail.
22
Types of Network Attacks
• Reconnaissance
– Is the unauthorized discovery and mapping of systems, services, or vulnerabilities.
– It is also known as information gathering and, in most cases, it precedes another type of attack.
• Access
– Is the ability for an intruder to gain access to a device for which the intruder does not have an account or a password.
• Denial of service (DoS)
– Is when an attacker disables or corrupts networks, systems, or services with the intent to deny services to intended users.
• Worms, Viruses, and Trojan Horses
23
Reconnaissance Attacks
• Reconnaissance attacks can consist of the following:
– Internet information queries
– Ping sweeps
– Port scans
– Packet sniffers
• The information gathered by eavesdropping can be used to pose other attacks to the network.
• Two common uses of eavesdropping are as follows:
– Information gathering: Network intruders can identify usernames, passwords, or information carried in a packet.
– Information theft: The theft can occur as data is transmitted over the internal or external network. The network intruder can also steal data from networked computers by gaining unauthorized access.
24
Reconnaissance Attacks
• Three of the most effective methods for counteracting
eavesdropping are as follows:
– Using switched networks instead of hubs so that traffic
is not broadcast to all endpoints or network hosts.
– Using encryption that meets the data security needs of
the organization without imposing an excessive burden on
system resources or users.
– Implementing and enforcing a policy directive that forbids
the use of protocols with known susceptibilities to
eavesdropping.
• Encryption provides protection for data susceptible to
eavesdropping attacks, password crackers, or manipulation.
25
Access Attacks
• Access attacks exploit known vulnerabilities in authentication
services, FTP services, and web services to gain entry to
web accounts, confidential databases, and other sensitive
information.
• Password Attacks:
– Implemented using a packet sniffer to yield user accounts
and passwords that are transmitted as clear text.
– Use programs repeatedly attempt to log in as a user using
words derived from a dictionary.
– Another password attack method uses rainbow tables.
– A brute-force attack tool is more sophisticated
26
Access Attacks
• Trust Exploitation
– To compromise a trusted host, using it to stage attacks on
other hosts in a network.
– Trust exploitation-based attacks can be mitigated through
tight constraints on trust levels within a network.
27
Access Attacks
28
Access Attacks
• Man-in-the-Middle Attack:
– Is carried out by attackers that manage to position
themselves between two legitimate hosts.
– The transparent proxy: a popular method of MITM.
29
DoS Attacks
• DoS attacks:
– Are the most publicized form of attack and also among
the most difficult to eliminate.
– DoS attacks take many forms
30
DoS Attacks
• Ping of Death:
– It took advantage of vulnerabilities in older operating
systems.
– This attack modified the IP portion of a ping packet
header to indicate that there is more data in the packet
than there actually was.
• SYN Flood:
– Exploits the TCP
three-way
handshake.
31
DoS Attacks
• DDos Attacks
– Distributed DoS
(DDoS) attacks are
designed to saturate
network links with
illegitimate data.
• E-mail bombs: Programs send bulk e-mails to individuals,
lists, or domains, monopolizing e-mail services.
• Malicious applets: These attacks are Java, JavaScript, or
ActiveX programs that cause destruction or tie up computer
resources.
32
DoS Attacks
DDos Attacks (cont.)
• There are three components to a DDoS attack.
– There is a Client who is typically a person who launches
the attack.
– A Handler is a compromised host that is running the
attacker program and each Handler is capable of
controlling multiple Agents
– An Agent is a compromised host that is running the
attacker program and is responsible for generating a
stream of packets that is directed toward the intended
victim
• Examples of DDoS attacks include the following: SMURF
attack, Tribe flood network (TFN), Stacheldraht, MyDoom
33
DoS Attacks
34
Malicious Code Attacks: Worms
• The enabling vulnerability: A worm installs itself by exploiting
known vulnerabilities in systems, such as naive end users who
open unverified executable attachments in e-mails.
• Propagation mechanism: After gaining access to a host, a worm
copies itself to that host and then selects new targets.
• Payload: Once a host is infected with a worm, the attacker has
access to the host, often as a privileged user. Attackers could use
a local exploit to escalate their privilege level to administrator.
35
Malicious Code Attacks: Worms
• Worm attack mitigation requires diligence on the part of system and network administration staff.
• The following are the recommended steps for worm attack mitigation:
– Containment: Contain the spread of the worm in and within the network. Compartmentalize uninfected parts of the network.
– Inoculation: Start patching all systems and, if possible, scanning for vulnerable systems.
– Quarantine: Track down each infected machine inside the network. Disconnect, remove, or block infected machines from the network.
– Treatment: Clean and patch each infected system. Some worms may require complete core system reinstallations to clean the system.
36
Malicious Code Attacks: Viruses and Trojan
Horses
• A virus is malicious software that is attached to another
program to execute a particular unwanted function on a
workstation.
• A Trojan horse is different only in that the entire application
was written to look like something else, when in fact it is an
attack tool.
37
Host and Server Based Security
• Device Hardening
– Default usernames and passwords should be changed immediately.
– Access to system resources should be restricted to only the individuals that are authorized to use those resources.
– Any unnecessary services and applications should be turned off and uninstalled, when possible.
• Antivirus Software
– It scans files, comparing their contents to known viruses in a virus dictionary. Matches are flagged in a manner defined by the end user.
– It monitors suspicious processes running on a host that might indicate infection. This monitoring may include data captures, port monitoring, and other methods.
38
Host and Server Based Security
• Personal Firewall
• Operating System Patches
39
Intrusion Detection and Prevention
• Intrusion detection systems (IDS) detect attacks against a network and send logs to a management console.
• Intrusion prevention systems (IPS) prevent attacks against the network and should provide the following active defense mechanisms in addition to detection:
– Prevention: Stops the detected attack from executing.
– Reaction: Immunizes the system from future attacks from a malicious source.
40
Intrusion Detection and Prevention
Host-based Intrusion Detection Systems
• Implemented as inline or passive technology
• Passive technology, which was the first generation
technology, is called a host-based intrusion detection
system (HIDS). HIDS sends logs to a management console
after the attack has occurred and the damage is done.
• Inline technology, called a host-based intrusion
prevention system (HIPS), actually stops the attack,
prevents damage, and blocks the propagation of worms and
viruses.
41
Common Security Appliances and
Applications
• Security is a top consideration whenever planning a network.
• Threat control: Regulates network access, isolates infected
systems, prevents intrusions, and protects assets by
counteracting malicious traffic, such as worms and viruses.
Devices that provide threat control solutions are:
– Cisco ASA 5500 Series Adaptive Security Appliances
– Integrated Services Routers (ISR)
– Network Admission Control
– Cisco Security Agent for Desktops
– Cisco Intrusion Prevention Systems
42
Common Security Appliances and
Applications
• Secure communications: Secures network endpoints with
VPN. The devices that allow an organization to deploy VPN
are Cisco ISR routers with Cisco IOS VPN solution, and the
Cisco 5500 ASA and Cisco Catalyst 6500 switches.
• Network admission control (NAC): Provides a roles-based
method of preventing unauthorized access to a network.
Cisco offers a NAC appliance.
• Cisco IOS Software on Cisco Integrated Services
Routers (ISRs)
– Cisco provides many of the required security measures
for customers within the Cisco IOS software. Cisco IOS
software provides built-in Cisco IOS Firewall, IPsec, SSL
VPN, and IPS services.
43
Common Security Appliances and
Applications
44
The Network Security Wheel
• Most security incidents occur because system administrators do not implement available countermeasures, and attackers or disgruntled employees exploit the oversight.
• The Security Wheel has proven to be an effective approach.
• The Security Wheel promotes retesting and reapplying updated security measures on a continuous basis.
• A security policy includes the following:
– Identifies the security objectives of the organization.
– Documents the resources to be protected.
– Identifies the network infrastructure with current maps and inventories.
– Identifies the critical resources that need to be protected, such as research and development, finance, and human resources. This is called a risk analysis.
45
The Network Security Wheel
• Intrusion prevention systems.
• Vulnerability patching.
• Disable unnecessary services
SecurityPolicyImprove Monitor
Test
Secure
Step 1: Secure
• Threat defense
• Stateful inspection and
packet filtering: Filter
network traffic to allow
only valid traffic and
services.
46
The Network Security Wheel
Step 1: Secure (Cont.)
• Secure connectivity
– VPNs
– Trust and identity
– Authentication
– Policy enforcement
Step 2: Monitor
• Active and passive methods of detecting security violations.
Step 3: Test
• The security measures are proactively tested.
Step 4: Improve
• Analyzing the data collected during the monitoring and testing phases.
47
The Enterprise Security Policy
• A security policy is a set of guidelines established to safeguard the network from attacks, both from inside and outside a company.
• Security policy benefits:
– Provides a means to audit existing network security and compare the requirements to what is in place.
– Plan security improvements, including equipment, software, and procedures.
– Defines the roles and responsibilities of the company executives, administrators, and users.
– Defines which behavior is and is not allowed.
– Defines a process for handling network security incidents.
– Enables global security implementation and enforcement by acting as a standard between sites.
– Creates a basis for legal action if necessary.
48
Functions of a Security Policy
• Functions of a Security Policy:
• The security policy is for everyone, including employees,
contractors, suppliers, and customers who have access to
the network.
49
Components of a Security Policy
• Components of a Security Policy
– General security policies:
50
Components of a Security Policy
• Components of a Security Policy: Others that may be necessary:
– Account access request policy
– Acquisition assessment policy
– Audit policy
– Information sensitivity policy
– Password policy
– Risk assessment policy
– Global web server policy
• E-mail policy: Automatically forwarded e-mail policy, E-mail policy, Spam policy
• Remote access policies: Dial-in access policy, Remote access policy, VPN security policy
Activity 4.1.6.4
51
Securing Cisco Routers
52
Router Security Issues
The Role of Routers in Network Security
• Routers fulfill the following roles:
– Advertise networks and filter who can use them.
– Provide access to network segments and subnetworks.
53
Routers are Targets
• Routers provide gateways to other networks, they are
obvious targets, and are subject to a variety of attacks.
– Compromising the access control can expose network
configuration details, thereby facilitating attacks against
other network components.
– Compromising the route tables can reduce performance,
deny network communication services, and expose
sensitive data.
– Misconfiguring a router traffic filter can expose internal
network components to scans and attacks, making it
easier for attackers to avoid detection.
• Attackers can compromise routers in different ways: trust
exploitation attacks, IP spoofing, session hijacking, and
MITM attacks
54
Securing Your Network
• Physical security
• Update the router IOS whenever advisable
• Backup the router configuration and IOS
• Harden the router to eliminate the potential abuse of unused
ports and services
55
Applying Cisco IOS Security Features to
Routers
Steps to safeguard a router:
• Step 1. Manage router security
• Step 2. Secure remote administrative access to routers
• Step 3. Logging router activity
• Step 4. Secure vulnerable router services and interfaces
• Step 5. Secure routing protocols
• Step 6. Control and filter network traffic
56
Manage Router Security
• Basic router security consists of configuring passwords.
• Passphrases: for creating strong
• By default, Cisco IOS software leaves passwords in plain
text when they are entered on a router: not secure.
• To encrypt passwords using type 7 encryption, use the
service password-encryption global configuration
command
• Cisco recommends that Type 5 encryption be used instead
of Type 7
57
Manage Router Security
• Type 5 encryption:
– enable secret command
– username username secret password
• Cisco IOS Software Release 12.3(1) and later allow
administrators to set the minimum character length for all
router passwords using the security passwords min-length
global configuration command
• Note: Some processes may not be able to use type 5
encrypted passwords (for example, PAP and CHAP)
58
Securing Administrative Access to Routers
• Network administrators can
connect to a router or switch
locally or remotely.
• Local access through the
console port:
– Is secure
– Can become overwhelming
• Remote administrative access:
– May be not secure
– To secure: secure the administrative lines (VTY, AUX),
then you will configure the network device to encrypt
traffic in an SSH tunnel.
59
Remote Administrative Access with Telnet
and SSH
• Having remote access to network devices is critical for
effectively managing a network.
• Remote access typically involves allowing Telnet, Secure
Shell (SSH), HTTP, HTTP Secure (HTTPS), or SNMP
connections to the router from a computer on the same
internetwork as the router.
• If remote access is required, your options are as follows:
– Establish a dedicated management network.
– Encrypt all traffic between the administrator computer and
the router.
60
Remote Administrative Access with Telnet
and SSH
61
Implementing SSH to Secure Remote
Administrative Access• Telnet traffic is forwarded in plain text, uses port TCP 23
• SSH has replaced Telnet, uses port TCP 22
• Not all Cisco IOS images support SSH. Typically, these images have
image IDs of k8 or k9 in their image names.
• The SSH terminal-line access feature enables administrators to configure
routers with secure access and perform the following tasks:
– Connect to a router that has multiple terminal lines connected to
consoles or serial ports of other routers, switches, and devices.
– Simplify connectivity to a router from anywhere by securely
connecting to the terminal server on a specific line.
– Allow modems attached to routers to be used for dial-out securely.
– Require authentication to each of the lines through a locally defined
username and password, or a security server such as a TACACS+ or
RADIUS server.
62
Configuring SSH Security
• Step 1: Set router parameters
– the hostname hostname command
• Step 2: Set the domain name
– the ip domain-name cisco.com command
• Step 3: Generate asymmetric keys
– the crypto key generate rsa command
• Step 4: Configure local authentication and vty
– You must define a local user and assign SSH
communication to the vty lines as shown in the figure.
• Step 5: Configure SSH timeouts (optional)
– Use the command ip ssh time-outsecondsauthentication-
retriesinteger to enable timeouts and authentication
retries Activity 4.2.4.5
63
Logging Router Activity
• Logs allow you to verify that a router is working properly or to
determine whether the router has been compromised.
• Configuring logging (syslog) on the router should be done
carefully.
• Routers support different
levels of logging:0 Emergencies 1 Alerts
2 Critical 3 Errors
4 Warnings 5 Notifications
6 Informational 7 Debugging
• Accurate time stamps are
important to logging
R2(config)#service timestamps
• Dedicated to storing logs
• Connected on a protected
network or a dedicated
router interface
64
Secure Router Network Services
65
Vulnerable Router Services and Interfaces
• Cisco routers support a large number of network services at
layers 2, 3, 4, and 7
66
Vulnerable Router Services and Interfaces
67
Vulnerable Router Services and Interfaces
• Services which should typically be disabled are:
– Small services such as echo, discard, and chargen - Use the no
service tcp-small-servers or no service udp-small-servers
command.
– BOOTP - Use the no ip bootp server command.
– Finger - Use the no service finger command.
– HTTP - Use the no ip http server command.
– SNMP - Use the no snmp-server command.
– Cisco Discovery Protocol (CDP) - Use the no cdp run command.
– Remote configuration - Use the no service config command.
– Source routing - Use the no ip source-route command.
– Classless routing - Use the no ip classless command.
– Unused interfaces - Use the shutdown command.
– No SMURF attacks - Use the no ip directed-broadcast command.
– Ad hoc routing - Use the no ip proxy-arp command.
68
Vulnerable Router Services and Interfaces
• SNMP:
– Different versions of SNMP with different security properties. Normally, SNMP version 3 should be used.
• NTP:
– To reject all NTP messages at a particular interface, use an access list.
• DNS:
– ip name-server addresses command.
– no ip domain-lookup command.
69
Securing Routing Protocols
Routing systems can be
attacked in two ways:
• Disruption of peers
• Falsification of routing
information
• The best way to protect
routing information on the
network is to authenticate
routing protocol packets using message digest algorithm 5
(MD5).
70
Securing Routing Protocols
• RIPv2, EIGRP, OSPF, IS-IS, and BGP all support various
forms of MD5 authentication.
71
Routing Protocol Authentication for RIPv2
• Step 3. Verify the operation of RIP routing:
– Use show ip route command
72
Routing Protocol Authentication for EIGRP
and OSPF
73
Locking Down Your Router with Cisco Auto
Secure
• Cisco AutoSecure uses a single command to disable non-
essential system processes and services, eliminating
potential security threats. Two modes of auto secure
command:
– Interactive mode - This mode prompts you with options
to enable and disable services and other security
features. This is the default mode.
– Non-interactive mode - This mode automatically
executes the auto secure command with the
recommended Cisco default settings. This mode is
enabled with the no-interact command option.
74
Locking Down Your Router with Cisco Auto
Secure
• To start the process of securing a
router issue the auto secure
command, Cisco AutoSecure will
ask you for a number of items
including :
− Interface specifics
− Banners
− Passwords
− SSH
− IOS firewall features
75
Using Cisco SDM
76
Cisco SDM Overview
• What is Cisco SDM?
• Security Device Manager (SDM) is an easy-to-use, web-
based device-management tool designed for configuring
LAN, WAN, and security features on Cisco IOS software-
based routers.
• The SDM files can be
installed on the router,
a PC, or on both.
• Advantage: it saves
router memory, and
allows to manage other
routers on the network.
77
Cisco SDM Overview
• Cisco SDM Features
78
Configuring Your Router to Support Cisco
SDM
• Step 1. Access the router's Cisco CLI interface using Telnet or the console connection
• Step 2. Enable the HTTP and HTTPS servers on the router
• Step 3 Create a user account defined with privilege level 15 (enable privileges).
• Step 4 Configure SSH and Telnet for local login and privilege level 15.
79
Starting Cisco SDM
• Cisco SDM is stored in the router flash memory. It can also
be stored on a local PC.
• To launch the Cisco SDM use the HTTPS
protocol and put the IP address of the
router into the browser.
80
The Cisco SDM Interface
81
The Cisco SDM Interface
Hardware Software
About Your
RouterHost Name
82
The Cisco SDM Interface
83
Cisco SDM Wizards
• Cisco SDM provides a number of wizards to help you
configure a Cisco ISR router.
84
Locking Down a Router with Cisco SDM
85
Locking Down a Router with Cisco SDM
86
Locking Down a Router with Cisco SDM
87
Locking Down a Router with Cisco SDM
88
Locking Down a Router with Cisco SDM
89
Locking Down a Router with Cisco SDM
90
Locking Down a Router with Cisco SDM
91
Locking Down a Router with Cisco SDM
92
Secure Router Management
93
Maintaining Cisco IOS Software Images
• Periodically, the router requires updates to be loaded to
either the operating system or the configuration file to fix
known security vulnerabilities, support new features that
allow more advanced security policies, or improve
performance.
94
Maintaining Cisco IOS Software Images
• Cisco recommends following a four-phase migration process
to simplify network operations and management.
– Plan: Set goals, identify resources, profile network
hardware and software, and create a preliminary
schedule for migrating to new releases.
– Design: Choose new Cisco IOS releases and create a
strategy for migrating to the releases.
– Implement: Schedule and execute the migration.
– Operate: Monitor the migration progress and make
backup copies of images that are running on your
network.
95
Maintaining Cisco IOS Software Images
• There are a number of tools available on Cisco.com to aid in migrating Cisco IOS software.
• The following tools do not require a Cisco.com login:
– Cisco IOS Reference Guide: Covers the basics of the Cisco IOS software family
– Cisco IOS software technical documents: Documentation for each release of Cisco IOS software
– Software Center: Cisco IOS software downloads
• The following tools require valid Cisco.com login accounts:
– Bug Toolkit: Searches for known software fixes based on software version, feature set, and keywords
– Cisco Feature Navigator: Finds releases that support a set of software features and hardware, and compares releases
– Software Advisor: Compares releases, matches Cisco IOS software and Cisco Catalyst OS features to releases, and finds out which software release supports a given hardware device
– Cisco IOS Upgrade Planner: Finds releases by hardware, release, and feature set, and downloads images of Cisco IOS software
96
Managing Cisco IOS Images
Cisco IOS File Systems and Devices
• You have to be able to save, back up, and restore
configuration and IOS images.
• Use show file system command
97
Managing Cisco IOS Images
98
Managing Cisco IOS Images
• URL Prefixes for Cisco Devices
99
Commands for Managing Configuration Files
• R2# copy running-config startup-config
• R2# copy system:running-config nvram:startup-config
• R2# copy running-config tftp:
• R2# copy system:running-config tftp:
• R2# copy tftp: running-config
• R2# copy tftp: system:running-config
• R2# copy tftp: startup-config
• R2# copy tftp: nvram:startup-config
100
Cisco IOS File Naming Conventions
• i - Designates the IP feature set
• j - Designates the enterprise feature set (all protocols)s -
Designates a PLUS feature set (extra queuing, manipulation,
or translations)
• 56i - Designates 56-bit IPsec DES encryption
• 3 - Designates the firewall/IDS
• k2 - Designates the 3DES IPsec encryption (168 bit)
101
Using TFTP Servers to Manage IOS Images
• Using a network TFTP server allows image and
configuration uploads and downloads over the network.
102
Backing Up IOS Software Image
• Step 1
• Step 2
• Step 3
103
Upgrading IOS Software Images
• Note: Make sure that the Cisco IOS image loaded is
appropriate for the router platform. If the wrong Cisco IOS
image is loaded, the router could be made unbootable,
requiring ROM monitor (ROMmon) intervention.
104
Restoring IOS Software Images
• Step 1. Connect the devices.
• Step 2. Boot the router and set the ROMmon variables.
• Step 3.
Use tftpdnld
command
105
Using xmodem to Restore an IOS Image
• Step 1. Connect the devices
• Step 2.
106
Using xmodem to Restore an IOS Image
• Step 3
• Step 4
107
Cisco IOS Troubleshooting Commands
• Using the show command
• The show command displays static information.
108
Cisco IOS Troubleshooting Commands
• Using the debug command
• By default, the network server sends the output from debug
commands and system error messages to the console.
• The debug command displays dynamic data and events.
109
Cisco IOS Troubleshooting Commands
Commands Related to the debug Command
• R1 (config) # service timestamps debug datetime mesc
• R1# show processes
• R1 # no debug all
• R1 # terminal monitor
110
Recovering a Lost Router Password
• Step 1. Connect to the console port.
• Step 2. If you have lost the enable password, you would still
have access to user EXEC mode.
• Step 3. Use the power switch to turn off the router, and then
turn the router back on.
• Step 4. Press Break on the terminal keyboard within 60
seconds of power up to put the router into ROMmon.
• Step 5. Type confreg 0x2142 at the rommon 1> prompt. This
causes the router to bypass the startup configuration where
the forgotten enable password is stored.
• Step 6. Type reset at the rommon 2> prompt. The router
reboots, but ignores the saved configuration.
111
Recovering a Lost Router Password
• Step 7. Type no after each setup question, or press Ctrl-C to
skip the initial setup procedure.
• Step 8. Type enable at the Router> prompt. This puts you
into enable mode, and you should be able to see the
Router# prompt.
• Step 9. Type copy startup-config running-config to copy the
NVRAM into memory.
• Step 10. Type show running-config.
• Step 11. Type configure terminal. The hostname(config)#
prompt appears.
• Step 12. Type enable secret password to change the enable
secret password.
112
Recovering a Lost Router Password
• Step 13. Issue the no shutdown command on every interface
that you want to use. You can issue a show ip interface brief
command to confirm that your interface configuration is
correct. Every interface that you want to use should display
up up.
• Step 14. Type config-registerconfiguration_register_setting.
The configuration_register_setting is either the value you
recorded in Step 2 or 0x2102 . For example:
• R1(config)#config-register 0x2102
• Step 15. Press Ctrl-Z or type end to leave configuration
mode. The hostname# prompt appears.
• Step 16. Type copy running-config startup-config to commit
the changes.
113
Summary
• Identify security threats to enterprise networks
• Describe methods to mitigate security threats to enterprise
networks
• Configure basic router security
• Disable unused router services and interfaces
• Use the Cisco SDM one-step lockdown feature
• Manage files and software images with the Cisco IOS
Integrated File System (IFS)