Logging – Audit Steps
-
Upload
irene-ramsey -
Category
Documents
-
view
145 -
download
1
description
Transcript of Logging – Audit Steps
![Page 1: Logging – Audit Steps](https://reader036.fdocuments.in/reader036/viewer/2022062314/5681344e550346895d9b3495/html5/thumbnails/1.jpg)
• Verify that timestamps for debugging and logging messages has been enabled.
• Verify the severity level of events that are being captured.
• Verify that the source interface command has been configured.
• Verify the IP address of the syslog server.
![Page 2: Logging – Audit Steps](https://reader036.fdocuments.in/reader036/viewer/2022062314/5681344e550346895d9b3495/html5/thumbnails/2.jpg)
• ACLs• Routing Protocol Authentication• CDP• VLANs• Switchport Security• VTP• DTP
![Page 3: Logging – Audit Steps](https://reader036.fdocuments.in/reader036/viewer/2022062314/5681344e550346895d9b3495/html5/thumbnails/3.jpg)
• Cisco IOS uses access control lists to separate data traffic into that which it will process (permitted packets) and that which it will not process (denied packets).
• Cisco routers makes very heavy use of access lists:
• restrict access to services
• filter traffic passing through the router.
![Page 4: Logging – Audit Steps](https://reader036.fdocuments.in/reader036/viewer/2022062314/5681344e550346895d9b3495/html5/thumbnails/4.jpg)
• An ACL is a sequential list of permit or deny statements that apply to addresses or upper-layer protocols.
• Static packet filtering controls access to a network by analyzing the incoming and outgoing packets
• By default, a router does not have any ACLs configured and therefore does not filter traffic.
![Page 5: Logging – Audit Steps](https://reader036.fdocuments.in/reader036/viewer/2022062314/5681344e550346895d9b3495/html5/thumbnails/5.jpg)
![Page 6: Logging – Audit Steps](https://reader036.fdocuments.in/reader036/viewer/2022062314/5681344e550346895d9b3495/html5/thumbnails/6.jpg)
• Standard ACLs - Allow you to filter traffic based on source IP address.
• Extended ACLs filter IP packets based on:
• Protocol type,
• Source IP address,
• Destination IP address
• TCP or UDP ports.
![Page 7: Logging – Audit Steps](https://reader036.fdocuments.in/reader036/viewer/2022062314/5681344e550346895d9b3495/html5/thumbnails/7.jpg)
• Extended ACLs are used for more precise traffic-filtering control and are used more often than standard ACLs to provide a greater range of control.
![Page 8: Logging – Audit Steps](https://reader036.fdocuments.in/reader036/viewer/2022062314/5681344e550346895d9b3495/html5/thumbnails/8.jpg)
• ICMP Packet Filtering - filter ICMP messages by name or type and code.
• Filter IP Fragments – Fragmentation is often used in attempts to evade detection by intrusion detection systems, deny IP fragments.
• Anti IP Address Spoofing – Deny any inbound IP packet that contains a source address from the internal network.
• Smurf Attack - deny packets destined for broadcast addresses.