Network Worm/DoS. System Engineer. Cisco Systems Korea
|
|
- Homer Tucker
- 8 years ago
- Views:
Transcription
1 Network Worm/DoS System Engineer Cisco Systems Korea
2 Blaster Worm Router Switch Switch Security Service Module Epilogue
3 Blaster Worm Router Switch Switch Security Service Module Epilogue
4 Worm/DoS CERTCC-KR Internet Backbone Access Client TCP135, TCP135,4444 worm TFTP (UDP69) TCP135 port Msblast.exe 2. TCP135 RPC DCOM 3. UDP69 open/tftp Server 4. TCP4444 Worm Download TCP135 port TCP4444 open Msblast.exe Network TCP 135 port scanning Process ATM Backbone Switch Switch CPU TCP 4444 port or UDP 69 port Server Farm
5 Worm/DoS CERTCC-KR Internet Backbone Access Client Windowsupdate.com Syn flooding Attack 1. windowsupdate.com DNS Query 2. IP IP spoofing & DoS attack Msblast.exe 3. DoS TCP Syn flooding Attck DNS Query Network TCP syn flooding Process Server Farm ATM Backbone Switch Switch CPU TCP synflooding ( )IP Server,Network Down..
6 Worm/DoS CERTCC-KR Internet Backbone Access Client Nachi worm TCP 707/UDP 69 ICMP ICMP Nachi worm 1. windowsupdate.com DNS Query 2. ICMP Scanning (92byte) 3. TCP135port 4. TCP 707 port worm upload ICMP DNS Query Network 92Byte ICMP Process Server Farm ATM Backbone Switch Switch CPU Router Process (B class ICMP ), IDS Smurf attack, ICMP Attack
7
8 Blaster Worm Router Switch Switch Security Service Module
9 Network Internet Backbone Access Client Cisco Router 1. Monitoring Netflow 2. Defense Blaster Worm TCP 135/4444,UDP 69 Nachi/Welchia TCP 135/707,UDP 69, ICMP ICMP limit CAR ICMP -PBR,MQC Server Farm
10 Network Internet 1. Netflow Enable Router(config)#ip cef Router(config)#interface fastethernet 0 (Monitoring Interface ) Router(config-if)#ip route-cache flow (Netflow ) 2. Netflow Monitoring Router#show ip cache flow Netflow <Netflow Service Port > Router#show ip cache flow include Router#show ip cache flow include 115C Router#sh ip cac flow inc 0087 Gi0/ Null CB Gi0/ Null CA Gi0/ Null C Gi0/ Null C
11 Network Internet 1. TCP 135, 4444, UDP 69 Inbound Defense 2. access-list 100 deny udp any any eq 69 access-list 100 deny tcp any any eq 135 access-list 100 deny tcp any any eq 4444 access-list 100 permit ip any any interface < interface> ip access-group 100 in ACL Inbound Defense 3. TCP 135 Port Site Blocking. ###TCP 135 port ### DHCP/WINS Managerservice Exchange client/server /Administrator service RPC TCP:135
12 Internet 1. Netflow Enable Router(config)#ip cef Router(config)#interface fastethernet 0 (Monitoring Interface ) Router(config-if)#ip route-cache flow (Netflow ) 2. Netflow Monitoring Router#show ip cache flow Netflow <Netflow Service Port > Router#show ip cache flow include 0000 ICMP Router#show ip cache flow include 02C Router#sh ip cac flow inc Gi0/ Null Gi0/ Null Gi0/ Null Gi0/ Null
13 Internet 1. TCP 135, 707, UDP 69,ICMP Inbound Defense ACL Inbound Defense MS : TCP135,139,445,593,UDP135,137, access-list 100 deny udp any any eq 69 access-list 100 deny tcp any any eq 135 access-list 100 deny tcp any any eq 707 access-list 100 deny icmp any any access-list 100 deny icmp any any echo-reply <MS TCP139,445,593 UDP 135,137,38 > access-list 100 permit ip any any interface < interface> ip access-group 100 in 3. Ethernet Interface ACL ICMP, Network Issue,.
14 Traffic Security..
15 2,3 Port x Queue 4 Queue 3 Http Queue 2 ftp,smtp Queue 1 ERP, etc Network 4 QoS Security tool
16 Internet 1. QoS CAR (Commit Access Rate) Router Inbound Defense ACL Inbound Limit CAR - Limit Traffic ACL ICMP marking ICMP
17 Internet 2. ACL Marking Router(config)#access-list 177 remark "ICMP_limit_marking" Router(config)# access-list 177 permit icmp any any Router(config)# access-list 177 permit icmp any any echo Router(config)# access-list 177 permit icmp any any echo-reply Interface ( Ethernet Interface) Router(config-if)#rate-limit input access-group conform-action transmit exceed-action drop ACL 177 Traffic 8000bps Drop, ICMP packet 8Kbps Drop Normal Maximum burst Size, Limit Monitoring Router#sh interfaces fastethernet 0 rate-limit FastEthernet0 " " Input matches: access-group 177 params: 8000 bps, 8000 limit, 8000 extended limit conformed 599 packets, bytes; action: transmit exceeded 527 packets, bytes; action: drop last packet: 280ms ago, current burst: 7896 bytes last cleared 00:02:22 ago, conformed 8000 bps, exceeded bps
18
19 Limit Limit O.K!! Limit
20 Internet 1. PBR (Policy Base Routing) Router Inbound Defense ACL Inbound Limit PBR Traffic ICMP Cisco Layer 3 Switching!!! Null 0 ACL PBR 92Byte ICMP Logical Interface(Null 0) Drop 92byte ICMP
21 Internet 2. ACL Marking Router(config)#access-list 187 remark "ICMP_PBR_marking" Router(config)# access-list 187 permit icmp any any echo Router(config)# access-list 187 permit icmp any any echo-reply PBR Rule setup Router(config)#route-map worm permit 10 Router(config)#match ip address 187 PBR ACL Router(config)#match length ICMP Packet Ethernet Frame 92Byte Router(config)#set interface Null 0 92Byte ICMP Packet Null 0 Interface Interface Router(config-if)#ip policy route-map worm Monitoring Router#sh route-map worm route-map worm, permit, sequence 10 Match clauses: ip address (access-lists): 187 Set clauses: interface Null0 Policy routing matches: 4165 packets, bytes Policy Null 0 Packet Data
22 64Byte Packet All permit
23 Deny Deny Deny Permit
24 Internet 1. MQC (Modular QoS CLI) Router Inbound Defense ACL Inbound Limit MQC Traffic ICMP Cisco IOS 12.2(13)T!!! ACL MQC 92Byte ICMP 92Byte ICMP drop 92byte ICMP
25 Internet 2. ACL Marking Router(config)#access-list 197 remark "ICMP_MQC_marking" Router(config)# access-list 197 permit icmp any any echo Router(config)# access-list 197 permit icmp any any echo-reply PBR Rule setup Router(config)#class-map match-all class_worm Class Group Router(config-cmap)#match access-group 187 Class ACL Marking Router(config-cmap)#match packet length min 92 max 92 Marking ACL 92Byte Router(config)#policy-map policy_worm Router(config-pmap)#class class_worm Class Router(config-pmap)#drop Class Action Interface Router(config-if)#service-policy input policy_worm Router(config-if)#service-policy output policy_worm Monitoring Router#sh policy-map interface fa 0 FastEthernet0 Service-policy input: policy_worm Class-map: class_worm (match-all) 5 packets, 530 bytes Drop Packet,Data 5 minute offered rate 0 bps, drop rate 0 bps Match: access-group 187 Match: packet length min 92 max 92 drop
26 64Byte Packet All permit
27 Deny Deny Deny Permit
28 Blaster Worm Router Switch Switch Security Service Module Epilogue
29 Internet Backbone Access Client Cisco Cat Monitoring MLS flow 2. Defense Blaster Worm TCP 135/4444,UDP 69 Nachi/Welchia TCP 135/707,UDP 69, ICMP ICMP limit Policing ICMP -PBR Server Farm
30 Backbone Cat OS 1. Mls flow Enable Cat OS : Switch(enable)#set mls flow full Default destionation Native IOS : Switch(config)#mls flow ip full 2. MLS flw Monitoring Cat OS 6500> (enable) sh mls statistics entry ip src-port 135 Last Used Destination IP Source IP Prot DstPrt SrcPrt Stat-Pkts Stat-Bytes TCP TCP TCP TCP TCP TCP > (enable) sh mls statistics entry ip src-port 135 Blaster worm 6500> (enable) sh mls statistics entry ip src-port 4444 Blaster worm 6500> (enable) sh mls statistics entry ip src-port 707 Nachi 6500> (enable) sh mls statistics entry ip protocol icmp Nachi ICMP attack
31 Backbone Native IOS Native IOS CAT6500#sh mls ip statistics inc tcp :3846 :135 0 : tcp :2197 :135 0 : tcp :4470 :135 0 : tcp :2052 :135 0 : tcp :3797 :135 0 : 0. CAT6500#sh mls ip statistics inc 135 CAT6500#sh mls ip statistics inc 4444 CAT6500#sh mls ip statistics inc 707 CAT6500#sh mls ip statistics inc icmp Cat6500#sh mls ip source PC monitoring Displaying Netflow entries in Supervisor Earl DstIP SrcIP Prot:SrcPort:DstPort Src i/f:adjptr Pkts Bytes Age LastSeen Attributes tcp :4816 :135 0 : :13:05 L3 - Dynamic tcp :4613 :135 0 : :12:43 L3 Dynamic....
32 Backbone Router Port RACL RACL, VLAN Traffic Control VLAN A Subnet A VLAN B Subnet B RACL Subnet,VLAN Traffic Control???
33 Backbone Switch(Vlan) VACL VACL Traffic VLAN,Subnet Traffic VLAN A Subnet A VLAN B Subnet B VACL VLAN,Subnet Traffic!!! Worm
34 IDS Distribution worm worm worm Router F.W Backbone Switch Distribution Access Switch worm worm worm Worm.. F.W Flow. IPS/IDS Server Farm or Gateway. Router ACL. Traffic Filtering. Worm Subnet,Vlan filtering Vlan ACL
35 Backbone Vlan ACL Cat OS set security acl ip VACL deny udp any eq 4444 any set security acl ip VACL deny udp any any eq 4444 set security acl ip VACL deny tcp any eq 135 any set security acl ip VACL deny tcp any any eq 135 Blaster Worm config set security acl ip VACL deny tcp any eq 707 any set security acl ip VACL deny tcp any any eq 707 Nachi worm config set security acl ip VACL permit ip any any Worm traffic permit VACL Vlan commit security acl VACL set security acl map VACL < VLAN > VACL clear security acl VACL commit secuirty acl VACL
36 Backbone ACL Native IOS Switch(config)#ip access-list extended worm_block Switch(config)# permit tcp any any 135 Switch(config)# permit tcp any any 139 Switch(config)# permit tcp any any 445 Switch(config)# permit tcp any any 4444 Switch(config)# permit tcp any any 707 Switch(config)# permit udp any any 69 Switch(config)# permit icmp any any echo Switch(config)# permit icmp any any echo-reply ICMP Echo Service network, PBR Vlan AccessMap Switch(config) #vlan access-map worm_vacl 10 Switch(config)#match ip address worm_block ACL Switch(config)#action drop ACL Drop Vlan Interface Switch(config)#vlan filter worm_vacl vlan-list VACL Vlan
37 Backbone MSFC ACL Marking Cat OS Native IOS Router(config)#access-list 187 remark "ICMP_PBR_marking" Router(config)# access-list 187 permit icmp any any echo Router(config)# access-list 187 permit icmp any any echo-reply PBR Rule setup Router(config)#route-map worm permit 10 Router(config)#match ip address 187 PBR ACL Router(config)#match length ICMP Packet Ethernet Frame 92Byte Router(config)#set interface Null 0 92Byte ICMP Packet Null 0 Interface Interface Router(config-if)#ip policy route-map worm Monitoring Router#sh route-map worm route-map worm, permit, sequence 10 Match clauses: ip address (access-lists): 187 Set clauses: interface Null0 Policy routing matches: 4165 packets, bytes Policy Null 0 Packet Data
38 Rate Bucket 1 Bucket 2 erate - Rate Network PFC2 only eburst Burst worm worm Backbone Cat OS Native IOS TCP 135,ICMP echo/echo-reply TCP4444,TCP707,UDP69 TCP 135,ICMP echo/echo-reply TCP4444,TCP707,UDP69 worm worm
39 Backbone Native IOS mls qos mls QoS enable Access-list 113 permit icmp any any echo Access-list 113 permit icmp any any echo-reply icmp attack marking Access-list 111 permit tcp any any eq 135 Access-list 111 permit tcp any any eq 4444 Access-list 111 permit tcp any any eq 707 Access-list 111 permit udp any any eq 69 Blaster worm,nachi worm marking Access-list 112 permit tcp any any syn 8 15 syn flooding attack marking Class-map class-map match-all icmp_attack match access-group 113 class-map match-all Blaster_0815_attack match access-group 112 class-map match-all Blaster_Nachi match access-group 111 Class ACL
40 Backbone Native IOS policy-map QoS class icmp_attack police conform-action transmit exceed-action drop violate-action drop class Blaster_0815_attack police conform-action transmit exceed-action drop violate-action drop class Blaster_Nachi police conform-action transmit exceed-action drop violate-action drop Class 32Kbps Drop Monitoring Cat6500#sh policy-map interface gigabitethernet 2/1 GigabitEthernet2/1 service-policy input: QoS class-map: attack (match-all) 0 packets 5 minute offered rate 0 pps match: access-group 113 police : bps 1000 limit 1000 extended limit aggregate-forwarded 0 packets action: transmit exceeded 44 packets action: drop aggregate-forward 345 pps exceed 40 pps
41 Backbone set qos enable QoS Cat OS Policer set qos policer aggregate policer_worm rate 32 policed-dscp erate 32 drop burst 4 eburst 4 32Kbps worm ACL Drop QoS ACL Marking set qos acl ip worm dscp 8 aggregate policer_worm tcp any any eq 135 set qos acl ip worm dscp 8 aggregate policer_worm tcp any any eq 4444 set qos acl ip worm dscp 8 aggregate policer_worm tcp any any eq 707 set qos acl ip worm dscp 8 aggregate policer_worm udp any any eq 69 set qos acl ip worm dscp 8 aggregate policer_worm icmp any any echo set qos acl ip worm dscp 8 aggregate policer_worm icmp any any echo-reply Blaster worm, Nachi worm,icmp Attack
42 Backbone Cat OS / commit qos acl worm QoS ACL set qos acl map worm 100 Vlan or Interface Clear qos acl worm Commit qos acl worm QoS Monitoring Cat6500> (enable) sh qos statistics aggregate-policer policer_worm QoS aggregate-policer statistics: Aggregate policer Allowed packet Packets exceed Packets exceed count normal rate excess rate policer_worm QoS Drop packet monitoring
43 Internet Backbone Access Client Cisco Switch Defense Blaster Worm TCP 135/4444,UDP 69 Nachi/Welchia TCP 135/707,UDP 69, ICMP ICMP limit Policing ICMP -PBR Server Farm
44 Access ACL Switch(config)#ip access-list extended worm_block Switch(config)# permit tcp any any 135 Switch(config)# permit tcp any any 139 Switch(config)# permit tcp any any 445 Switch(config)# permit tcp any any 4444 Switch(config)# permit tcp any any 707 Switch(config)# permit udp any any 69 Switch(config)# permit icmp any any echo Switch(config)# permit icmp any any echo-reply ICMP Echo Service network, PBR Vlan AccessMap Switch(config) #vlan access-map worm_vacl 10 Switch(config)#match ip address worm_block ACL Switch(config)#action drop ACL Drop Vlan Interface Switch(config)#vlan filter worm_vacl vlan-list VACL Vlan Catalyst 4500/ / ACL
45 Access ACL Marking Router(config)#access-list 187 remark "ICMP_PBR_marking" Router(config)# access-list 187 permit icmp any any echo Router(config)# access-list 187 permit icmp any any echo-reply PBR Rule setup Router(config)#route-map worm permit 10 Router(config)#match ip address 187 PBR ACL Router(config)#match length ICMP Packet Ethernet Frame 92Byte Router(config)#set interface Null 0 92Byte ICMP Packet Null 0 Interface Interface Router(config-if)#ip policy route-map worm Monitoring Router#sh route-map worm route-map worm, permit, sequence 10 Match clauses: ip address (access-lists): 187 Set clauses: interface Null0 Policy routing matches: 4165 packets, bytes Policy Null 0 Packet Data
46 Access QoS mls qos map policed-dscp 48 to 16 mls qos 4500 qos ACL access-list 199 permit icmp any any echo Access-list 199 permit icmp any any echo-reply icmp attack ACL Access-list 198 permit tcp any any syn syn flooding attack ACL Access-list 197 permit tcp any any eq 135 Access-list 197 permit tcp any any eq 4444 Access-list 197 permit tcp any any eq 707 Access-list 197 permit udp any any eq 69 Blaster,Nachi worm attack ACL Catalyst 4500/ /3550/2950 Class Group class-map match-all icmp_attack match access-group 199 Class-map match-all syn_attck match access-group 198 Class-map access-group worm match access-group 197
47 Access Policy ( ) policy-map p_worm class icmp_attack set ip precedence 6 police exceed-action drop class syn_attack set ip precedence 5 police exceed-action drop class worm set ip precedence 4 police exceed-action drop icmp_attack,syn_attack,worm traffic 8Kbps Drop interface interface GigabitEthernet0/10 switchport access vlan 100 switchport mode access no ip address load-interval 30 mls qos monitor dscp mls qos monitor packets service-policy input p_worm
48 Access Monitoring sh mls qos interface gigabitethernet 0/10 statistics GigabitEthernet0/10 Ingress dscp: incoming no_change classified policed dropped (in bytes) 8 : : : : : : Others: DSCP Marking Traffic Drop.
49 Blaster Worm Router Switch Switch Security Service Module Epilogue
50 Network Router Core Switch
51 Network Router L4switch L2switch L2switch L4switch Core Switch
52 Network Router Core Switch Router L4switch L2switch L2switch L4switch Core Switch F/W F/W
53 FWSM Performance PIX 6.0 base Feature Set (some feature of 6.2 ) High Performance Firewall, targeted OC48 or 5GB (aggregated) Concurrent connections : 1M 3 Million pps 100K new connections/sec for HTTP, DNS and enhanced SMTP 100 VLAN LAN failover active/standby Dynamic Routing I.e. OSPF multiple blades 128K Rule Set No IDS Signatures Supported on Native IOS and CatOS ( IOS12.1(13)E / Cat OS 7.5(1)) Classic 32G bus/fabric 256G bus
54 Network New IDSM-2 600Mbps 5000 cps( TCP ) 500,000 VLAN 32Gb bus/ Fabric Switch monitoring Passive Monitoring Transparent Operation IDSM IDS Device Manager IDSM IDS Event Viewer Feature Parity with IDS Appliances Cat OS 7.5(1)/IOS 12.1(19)E Catalyst 7600/6500 IDSM II
55 3 Shunning / reset / rate-limit 2 1
56 Catalyst Service Module을 통한 Monitoring/Defense IDSM shuning u h S g n i n ACL 자동 추가 Router VACL 자동 추가 Shuning Sh un ing Cat 6500 Cisco 7600 Inside Host 자동 차단 PIX Series Network 장비를 통한 Worm/DoS 공격 방어 전략
57 Shuning IDMS ICMP Attack configuration set security acl ip IDS_160_0 permit arp set security acl ip IDS_160_0 permit ip host any set security acl ip IDS_160_0 deny ip host any set security acl ip IDS_160_0 deny ip host any set security acl ip IDS_160_0 deny ip host any set security acl ip IDS_160_0 deny ip host any set security acl ip IDS_160_0 deny ip host any set security acl ip IDS_160_0 deny ip host any set security acl ip IDS_160_0 deny ip host any set security acl ip IDS_160_0 deny ip host any set security acl ip IDS_160_0 deny ip host any set security acl ip IDS_160_0 deny ip host any set security acl ip IDS_160_0 deny ip host any set security acl ip IDS_160_0 deny ip host any..
58 NAM-2 Performance Classic 32Gbps Bus/ 256Gbps Fabric 1Gb RAM 128Mb capture buffer Application Monitoring Performance Management Troubleshooting Trend Analysis Capacity planning VOIP Monitoring QoS and DSCP monitoring MIB II RFC1213 RMON (RFC2819) All groups RMON2 (RFC2021) All groups S(swtich)MON (RFC2613) DSMON ART MIB/ HCRMON NAM SW v3.1(catos 7.3(1)/IOS 12.1(13)E support)
59 Network Enhanced SNMP HTTP/S ngenius Real Time Monitor or 3rd party applications (aggregation of multiple NAMs) NAM Blade NAM Integrated Traffic Analyzer (easy to deploy and use) Layer 2 Mini-RMON Per Port Catalyst 6000/6500 NEW Cisco 7600 Flexible data sources: SPAN (detailed) Netflow (broad) VACL (specific) Enhanced Layer 3-7 RMON I,II HCRMON SMON DSMON ART Voice Analysis
60 NAM Embedded Traffic Analyzer Cisco Catalyst Switch Mini RMON Mini RMON SPAN Source FTP HTTP Multicast NetFlow Records NetFlow FTP Multicast FTP BPDU Multicast HTTP Cisco Router FTP
61
62
63
64
65 Blaster Worm Router Switch Switch Security Service Module Epilogue
66 CERT team. Server,Network, PC manager.. Security Design End to End..
67 If you have any questions,,,,, mailto:
Catalyst 6500/6000 Switches NetFlow Configuration and Troubleshooting
Catalyst 6500/6000 Switches NetFlow Configuration and Troubleshooting Document ID: 70974 Introduction Prerequisites Requirements Components Used Conventions Background Information Configure Network Diagram
More informationConfiguring Denial of Service Protection
24 CHAPTER This chapter contains information on how to protect your system against Denial of Service (DoS) attacks. The information covered in this chapter is unique to the Catalyst 6500 series switches,
More informationIOS Zone Based Firewall Step-by-Step Basic Configuration
IOS Zone Based Firewall Step-by-Step Basic Configuration Introduction The Cisco IOS Zone Based Firewall is one of the most advanced form of Stateful firewall used in the Cisco IOS devices. The zone based
More informationFWSM introduction Intro 5/1
Intro 5/0 Content: FWSM introduction Requirements for FWSM 3.2 How the Firewall Services Module Works with the Switch Using the MSFC Firewall Mode Overview Stateful Inspection Overview Security Context
More informationConfiguring Control Plane Policing
CHAPTER 53 This chapter describes how to configure control plane policing (CoPP) with Cisco IOS Release 12.2SX. Note For complete syntax and usage information for the commands used in this chapter, see
More information- QoS Classification and Marking -
1 - QoS Classification and Marking - Classifying and Marking Traffic Conceptually, DiffServ QoS involves three steps: Traffic must be identified and then classified into groups. Traffic must be marked
More informationSup720 Hardware Assisted Features
Sup720 Hardware Assisted Features 1 IPV6 Switching on Supervisor 720 IPV6 IPV6 SOFTWARE SOFTWARE FEATURES FEATURES IPV6 IPV6 HARDWARE HARDWARE FEATURES FEATURES 128K 128K FIB FIB entries entries IPV6 IPV6
More informationLab 8.9.3 QoS Classification and Policing Using CAR
Lab 8.9.3 QoS Classification and Policing Using CAR Objective Scenario Step 1 This lab uses Committed Access Rate (CAR) to classify and police traffic. Although the classification and policing actions
More informationTask 20.1: Configure ASBR1 Serial 0/2 to prevent DoS attacks to ASBR1 from SP1.
Task 20.1: Configure ASBR1 Serial 0/2 to prevent DoS attacks to ASBR1 from SP1. Task 20.2: Configure an access-list to block all networks addresses that is commonly used to hack SP networks. Task 20.3:
More informationChapter 4 Rate Limiting
Chapter 4 Rate Limiting HP s rate limiting enables you to control the amount of bandwidth specific Ethernet traffic uses on specific interfaces, by limiting the amount of data the interface receives or
More information- QoS and Queuing - Queuing Overview
1 Queuing Overview - QoS and Queuing - A queue is used to store traffic until it can be processed or serialized. Both switch and router interfaces have ingress (inbound) queues and egress (outbound) queues.
More informationLab 8: Confi guring QoS
Lab 8: Objective Implement QoS, mark traffi c, and display and interpret QoS output. Lab Topology For this lab, your network design will include two pods of devices. You will be responsible for confi guring
More informationIP Accounting C H A P T E R
C H A P T E R 6 IP Accounting This chapter describes the IP Accounting features in Cisco IOS and enables you to distinguish the different IP Accounting functions and understand SNMP MIB details. This chapter
More informationAutoQoS for Medianet
Appendix A AutoQoS for Medianet As of August 2010, an updated version of AutoQoS was released for the Catalyst 2960- G/S, 3560-G/E/X, and 3750-G/E/X family of switches (with IOS Release 12.2(55)SE). This
More informationConfiguring Auto-QoS
Finding Feature Information, page 1 Prerequisites for Auto-QoS, page 1 Restrictions for Auto-QoS, page 2 Information About, page 3 How to Configure Auto-QoS, page 5 Monitoring Auto-QoS, page 9 Configuration
More informationConfiguring Quality of Service
CHAPTER 37 QoS functionality on Supervisor Engine 6-E, Supervisor Engine 6L-E, Catalyst 49M, and Catalyst 4948E are equivalent. This chapter describes how to configure quality of service (QoS) by using
More informationHow To Lower Data Rate On A Network On A 2Ghz Network On An Ipnet 2 (Net 2) On A Pnet 2 On A Router On A Gbnet 2.5 (Net 1) On An Uniden Network On
Lab 8.1.10.3 QoS Classification and Policing Using CAR Objective Scenario Step 1 This lab uses Committed Access Rate (CAR) to classify and police traffic. Although the classification and policing actions
More information642 523 Securing Networks with PIX and ASA
642 523 Securing Networks with PIX and ASA Course Number: 642 523 Length: 1 Day(s) Course Overview This course is part of the training for the Cisco Certified Security Professional and the Cisco Firewall
More informationLab 8.1.10.2 Introduction to the Modular QoS Command-Line Interface
Lab 8.1.10.2 Introduction to the Modular QoS Command-Line Interface Objective Configuring Quality of Service (QoS) involves classifying, marking, and policing traffic flows. It is often necessary to apply
More informationQoS: Color-Aware Policer
QoS: Color-Aware Policer First Published: August 26, 2003 Last Updated: February 28, 2006 The QoS: Color-Aware Policer enables a color-aware method of traffic policing. This feature allows you to police
More informationIPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令
IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令 1 内 容 流 量 分 析 简 介 IPv6 下 的 新 问 题 和 挑 战 协 议 格 式 变 更 用 户 行 为 特 征 变 更 安 全 问 题 演 化 流 量 导 出 手 段 变 化 设 备 参 考 配 置 流 量 工 具 总 结 2 流 量 分 析 简 介 流 量 分 析 目 标 who, what, where,
More informationConfiguring QoS in a Wireless Environment
12 CHAPTER This chapter describes how to configure quality of service (QoS) on your Cisco wireless mobile interface card (WMIC). With this feature, you can provide preferential treatment to certain traffic
More informationHow To Protect Your Network From Attack From A Router (Ip) On A Network (Ip-Net) On An Ip-Net (Ipnet) (Ip Ip) (Net) And Ip-Lan (Ipip) (Lan) (
SERVICE PROVIDER INFRASTRUCTURE SECURITY BEST PRACTICES Yusuf Bhaiji Cisco Systems 1 Agenda Infrastructure Security Overview Preparing the Network Router Security: A Plane Perspective Tools and Techniques
More informationIBM. Tivoli. Netcool Performance Manager. Cisco Class-Based QoS 2.2.0.0 Technology Pack. User Guide. Document Revision R2E1
Tivoli Netcool Performance Manager Document Revision R2E1 IBM Cisco Class-Based QoS 2.2.0.0 Technology Pack User Guide Note Before using this information and the product it supports, read the information
More informationInternetwork Expert s CCNA Security Bootcamp. IOS Firewall Feature Set. Firewall Design Overview
Internetwork Expert s CCNA Security Bootcamp IOS Firewall Feature Set http:// Firewall Design Overview Firewall defines traffic interaction between zones or trust levels e.g. ASA security-level Common
More informationDS3 Performance Scaling on ISRs
This document provides guidelines on scaling the performance of DS3 interface (NM-1T3/E3) for the Cisco 2811/2821/2851/3825/3845 Integrated Services Routers. The analysis provides following test results;
More informationTroubleshooting the Firewall Services Module
25 CHAPTER This chapter describes how to troubleshoot the FWSM, and includes the following sections: Testing Your Configuration, page 25-1 Reloading the FWSM, page 25-6 Performing Password Recovery, page
More informationConfiguring IPS High Bandwidth Using EtherChannel Load Balancing
Configuring IPS High Bandwidth Using EtherChannel Load Balancing This guide helps you to understand and deploy the high bandwidth features available with IPS v5.1 when used in conjunction with the EtherChannel
More informationEnterprise Data Center Topology
CHAPTER 2 This chapter provides a detailed description on how to harden and modify enterprise data center topologies for data center security. It includes the following sections: Overview Network Design
More informationConfiguring Quality of Service
CHAPTER 33 This chapter describes how to configure quality of service (QoS) with either automatic QoS (auto-qos) commands or standard QoS commands on a switch running Supervisor Engine 7-E. It describes
More informationNetwork Analysis Modules
CHAPTER 6 This chapter describes the (NAMs) and contains the following sections: Network Analysis Module (WS-SVC-NAM-1), page 6-2 Network Analysis Module (WS-SVC-NAM-2), page 6-4 NAMs monitor and analyze
More informationFirewall Stateful Inspection of ICMP
The feature categorizes Internet Control Management Protocol Version 4 (ICMPv4) messages as either malicious or benign. The firewall uses stateful inspection to trust benign ICMPv4 messages that are generated
More informationClassic IOS Firewall using CBACs. 2012 Cisco and/or its affiliates. All rights reserved. 1
Classic IOS Firewall using CBACs 2012 Cisco and/or its affiliates. All rights reserved. 1 Although CBAC serves as a good foundation for understanding the revolutionary path toward modern zone based firewalls,
More informationDeploying the Cisco Catalyst 6500 Firewall Services Module in Transparent Mode
CHAPTER 4 Deploying the Cisco Catalyst 6500 Firewall Services Module in Transparent Mode This chapter provides design and implementation recommendations for the use of firewall and load balancers in a
More informationCISCO IOS NETFLOW AND SECURITY
CISCO IOS NETFLOW AND SECURITY INTERNET TECHNOLOGIES DIVISION FEBRUARY 2005 1 Cisco IOS NetFlow NetFlow is a standard for acquiring IP network and operational data Benefits Understand the impact of network
More informationSolarWinds Technical Reference
SolarWinds Technical Reference Configuring Devices for Flow Collection Introduction... 3 Cisco... 3 Cisco Catalyst 3560/3750... 4 Cisco Catalyst 4500... 7 Cisco Catalyst 6500... 9 Cisco Nexus 7000/7010...
More informationAutoQoS. Prerequisites for AutoQoS CHAPTER
CHAPTER 63 Prerequisites for, page 63-1 Restrictions for, page 63-2 Information About, page 63-2 Default Settings for, page 63-4 How to Configure, page 63-4 For complete syntax and usage information for
More informationConfiguring MPLS QoS
CHAPTER 45 This chapter describes how to configure Multiprotocol Label Switching (MPLS) quality of service (QoS) in Cisco IOS Release 12.2SX. For complete syntax and usage information for the commands
More informationOptimizing Converged Cisco Networks (ONT)
Optimizing Converged Cisco Networks (ONT) Module 5: Implement Cisco AutoQoS Introducing Cisco AutoQoS Objectives Describe the features of Cisco Auto QoS. List the prerequisites when using Cisco Auto QoS.
More informationConfigure Policy-based Routing
How To Note How To Configure Policy-based Routing Introduction Policy-based routing provides a means to route particular packets to their destination via a specific next-hop. Using policy-based routing
More informationConfiguring NetFlow Secure Event Logging (NSEL)
73 CHAPTER This chapter describes how to configure NSEL, a security logging mechanism that is built on NetFlow Version 9 technology, and how to handle events and syslog messages through NSEL. The chapter
More informationConfiguring NetFlow Secure Event Logging (NSEL)
75 CHAPTER This chapter describes how to configure NSEL, a security logging mechanism that is built on NetFlow Version 9 technology, and how to handle events and syslog messages through NSEL. The chapter
More informationCisco Performance Monitor Commands
1 action (policy react and policy inline react) Cisco Performance Monitor Commands action (policy react and policy inline react) To configure which applications which will receive an alarm or notification,
More informationConfiguring NetFlow-lite
CHAPTER 55 Note NetFlow-lite is only supported on Catalyst 4948E Ethernet Switch. This chapter describes how to configure NetFlow-lite on the Catalyst 4948E switch. NetFlow-lite provides traffic monitoring
More informationDeploying ACLs to Manage Network Security
PowerConnect Application Note #3 November 2003 Deploying ACLs to Manage Network Security This Application Note relates to the following Dell PowerConnect products: PowerConnect 33xx Abstract With new system
More informationConfigure IOS Catalyst Switches to Connect Cisco IP Phones Configuration Example
Configure IOS Catalyst Switches to Connect Cisco IP Phones Configuration Example Document ID: 69632 Introduction Prerequisites Requirements Components Used Conventions Background Information Configure
More informationFirewall Technologies. Access Lists Firewalls
Firewall Technologies Access Lists Firewalls ACLs Standard Extended Numbered Named Stateful Tables to track real-time state of end-end sessions Session oriented nature of network traffic TCP established
More informationLab 3.8.3 Configure Cisco IOS Firewall CBAC on a Cisco Router
Lab 3.8.3 Configure Cisco IOS Firewall CBAC on a Cisco Router Objective Scenario Topology Estimated Time: 35 minutes Number of Team Members: Two teams with four students per team In this lab exercise,
More informationRouting. Static Routing. Fairness. Adaptive Routing. Shortest Path First. Flooding, Flow routing. Distance Vector
CSPP 57130 Routing Static Routing Fairness Adaptive Routing Shortest Path First Flooding, Flow routing Distance Vector RIP Distance Vector Sometimes called Bellman-FOrd Original Arpanet, DECNet, Novell,
More informationNetwork security includes the detection and prevention of unauthorized access to both the network elements and those devices attached to the network.
By: Ziad Zubidah CCNP Security IT Security Officer National Information Technology Center Network security includes the detection and prevention of unauthorized access to both the network elements and
More informationSolarWinds Technical Reference
SolarWinds Technical Reference Configuring Devices for Flow Collection Introduction... 3 Cisco... 3 Cisco Catalyst 3560/3750... 4 Cisco Catalyst 4500... 7 Cisco Catalyst 6500... 9 Cisco Nexus 7000/7010...
More informationEnabling NetFlow and NetFlow Data Export (NDE) on Cisco Catalyst Switches
Enabling NetFlow and NetFlow Data Export (NDE) on Cisco Catalyst Switches Revised 2/1/2007 Introduction...2 Requirements...2 Catalyst 4500 Series...2 Enabling NetFlow...2 Configuring a NetFlow Destination...3
More informationCCNA Access List Sim
1 P a g e CCNA Access List Sim Question An administrator is trying to ping and telnet from Switch to Router with the results shown below: Switch> Switch> ping 10.4.4.3 Type escape sequence to abort. Sending
More informationAlliedWare Plus OS How To. Configure QoS to prioritize SSH, Multicast, and VoIP Traffic. Introduction
AlliedWare Plus OS How To Configure QoS to prioritize SSH, Multicast, and VoIP Traffic Introduction This How To Note explains how to create a QoS policy that prioritizes SSH, multicast, and VoIP traffic
More informationTroubleshooting the Firewall Services Module
CHAPTER 25 This chapter describes how to troubleshoot the FWSM, and includes the following sections: Testing Your Configuration, page 25-1 Reloading the FWSM, page 25-6 Performing Password Recovery, page
More informationConfiguring Denial of Service Protection
CHAPTER 52 This chapter contains information on how to protect your switch against Denial of Service (DoS) attacks. The information covered in this chapter is unique to Cisco IOS Release 12.2SX, and it
More informationWiNG 5.X How To. Policy Based Routing Cache Redirection. Part No. TME-05-2012-01 Rev. A
WiNG 5.X How To Policy Based Routing Cache Redirection Part No. TME-05-2012-01 Rev. A MOTOROLA, MOTO, MOTOROLA SOLUTIONS and the Stylized M Logo are trademarks or registered trademarks of Motorola Trademark
More informationCisco - Catalyst 2950 Series Switches Quality of Service (QoS) FAQ
Page 1 of 8 Catalyst 2950 Series Switches Quality of Service (QoS) FAQ Document ID: 46523 TAC Notice: What's C han g i n g o n T A C We b H el p u s h el p y ou. Questions Introduction What is the software
More informationConfiguring QoS and Per Port Per VLAN QoS
27 CHAPTER This chapter describes how to configure quality of service (QoS) by using automatic QoS (auto-qos) commands or by using standard QoS commands on a Catalyst 45 series switch. It also describes
More informationCISCO IOS FIREWALL DESIGN GUIDE
CISCO IOS FIREWALL DESIGN GUIDE http://www.cisco.com/en/us/prod/collateral/vpndevc/ps5708/ps5710/ps1018/product_implement ation_design_guide09186a00800fd670.html I'm going to go through this document now..i'll
More informationConfiguring Network Address Translation
CHAPTER5 Configuring Network Address Translation The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. This chapter contains the following major sections
More informationNetflow Overview. PacNOG 6 Nadi, Fiji
Netflow Overview PacNOG 6 Nadi, Fiji Agenda Netflow What it is and how it works Uses and Applications Vendor Configurations/ Implementation Cisco and Juniper Flow-tools Architectural issues Software, tools
More informationHow To Configure InterVLAN Routing on Layer 3 Switches
How To Configure InterVLAN Routing on Layer 3 Switches Document ID: 41860 Contents Introduction Prerequisites Requirements Components Used Conventions Configure InterVLAN Routing Task Step by Step Instructions
More informationConfiguring EtherChannels
CHAPTER 12 This chapter describes how to configure EtherChannels on the Cisco 7600 series router Layer 2 or Layer 3 LAN ports. For complete syntax and usage information for the commands used in this chapter,
More informationConfiguring Flexible NetFlow
CHAPTER 62 Note Flexible NetFlow is only supported on Supervisor Engine 7-E, Supervisor Engine 7L-E, and Catalyst 4500X. Flow is defined as a unique set of key fields attributes, which might include fields
More informationConfiguring Class Maps and Policy Maps
CHAPTER 4 Configuring Class Maps and Policy Maps This chapter describes how to configure class maps and policy maps to provide a global level of classification for filtering traffic received by or passing
More informationChapter 3 Using Access Control Lists (ACLs)
Chapter 3 Using Access Control Lists (ACLs) Access control lists (ACLs) enable you to permit or deny packets based on source and destination IP address, IP protocol information, or TCP or UDP protocol
More informationFirewall Introduction Several Types of Firewall. Cisco PIX Firewall
Firewall Introduction Several Types of Firewall. Cisco PIX Firewall What is a Firewall? Non-computer industries: a wall that controls the spreading of a fire. Networks: a designed device that controls
More informationWhatsUpGold. v14.4. Flow Monitor User Guide
WhatsUpGold v14.4 Flow Monitor User Guide Contents ingress egress egress ingress enable configure terminal ip flow-export version ip flow-export destination interface
More informationAlliedWare Plus TM OS How To. Configure QoS to Conform to Standard Marking Schemes. Introduction. Contents
AlliedWare Plus TM OS How To Configure QoS to Conform to Standard Marking Schemes Introduction This How To Note describes how to deploy a QoS solution across an entire network. It explains how to define
More informationCisco Nexus 1000V Switch for Microsoft Hyper-V
Data Sheet Cisco Nexus 1000V Switch for Microsoft Hyper-V Product Overview Cisco Nexus 1000V Switches provide a comprehensive and extensible architectural platform for virtual machine and cloud networking.
More informationMonitoring and analyzing audio, video, and multimedia traffic on the network
Monitoring and analyzing audio, video, and multimedia traffic on the network Slavko Gajin slavko.gajin@rcub.bg.ac.rs AMRES Academic Network of Serbia AMRES Academic Network of Serbia RCUB - Belgrade University
More informationIntroduction to Cisco IOS Flexible NetFlow
Introduction to Cisco IOS Flexible NetFlow Last updated: September 2008 The next-generation in flow technology allowing optimization of the network infrastructure, reducing operation costs, improving capacity
More informationCisco Configuring Commonly Used IP ACLs
Table of Contents Configuring Commonly Used IP ACLs...1 Introduction...1 Prerequisites...2 Hardware and Software Versions...3 Configuration Examples...3 Allow a Select Host to Access the Network...3 Allow
More informationStrategies to Protect Against Distributed Denial of Service (DD
Strategies to Protect Against Distributed Denial of Service (DD Table of Contents Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks...1 Introduction...1 Understanding the Basics
More informationImproving Quality of Service
Improving Quality of Service Using Dell PowerConnect 6024/6024F Switches Quality of service (QoS) mechanisms classify and prioritize network traffic to improve throughput. This article explains the basic
More informationBest Practice Recommendations for VLANs and QoS with ShoreTel
Application Note ST AppNote 10325 (AN 10325) August 17, 2011 Best Practice Recommendations for VLANs and QoS with ShoreTel Description: This application note discusses the use of Virtual LANs, DHCP scopes
More informationAppendix A Remote Network Monitoring
Appendix A Remote Network Monitoring This appendix describes the remote monitoring features available on HP products: Remote Monitoring (RMON) statistics All HP products support RMON statistics on the
More informationCisco PIX. Upgrade-Workshop PixOS 7. Dipl.-Ing. Karsten Iwen CCIE #14602 (Seccurity) http://security-planet.de
Cisco PIX Upgrade-Workshop PixOS 7 http://security-planet.de 22 March, 2007 Agenda Basics Access-Control Inspections Transparent Firewalls Virtual Firewalls Failover VPNs Sec. 6-5 P. 343 Modular Policy
More informationNetwork Management & Monitoring
Network Management & Monitoring NetFlow Overview These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)
More informationNetwork Security 2. Module 2 Configure Network Intrusion Detection and Prevention
1 1 Network Security 2 Module 2 Configure Network Intrusion Detection and Prevention 2 Learning Objectives 2.1 Cisco IOS Intrusion Prevention System 2.2 Configure Attack Guards on the PIX Security Appliance
More informationThe Basics. Configuring Campus Switches to Support Voice
Configuring Campus Switches to Support Voice BCMSN Module 7 1 The Basics VoIP is a technology that digitizes sound, divides that sound into packets, and transmits those packets over an IP network. VoIP
More informationFIREWALLS & CBAC. philip.heimer@hh.se
FIREWALLS & CBAC philip.heimer@hh.se Implementing a Firewall Personal software firewall a software that is installed on a single PC to protect only that PC All-in-one firewall can be a single device that
More informationConfiguring QoS in a Wireless Environment
Configuring QoS in a Wireless Environment This chapter describes how to configure quality of service (QoS) on your Cisco wireless interface. With this feature, you can provide preferential treatment to
More informationConfiguring Server Load Balancing
CHAPTER 6 This chapter describes how to configure server load balancing (SLB) on the Cisco Application Control Engine (ACE) module. This chapter contains the following sections: Information About Server
More informationINTRODUCTION TO FIREWALL SECURITY
INTRODUCTION TO FIREWALL SECURITY SESSION 1 Agenda Introduction to Firewalls Types of Firewalls Modes and Deployments Key Features in a Firewall Emerging Trends 2 Printed in USA. What Is a Firewall DMZ
More informationEnabling Remote Access to the ACE
CHAPTER 2 This chapter describes how to configure remote access to the Cisco Application Control Engine (ACE) module by establishing a remote connection by using the Secure Shell (SSH) or Telnet protocols.
More informationand reporting Slavko Gajin slavko.gajin@rcub.bg.ac.rs
ICmyNet.Flow: NetFlow based traffic investigation, analysis, and reporting Slavko Gajin slavko.gajin@rcub.bg.ac.rs AMRES Academic Network of Serbia RCUB - Belgrade University Computer Center ETF Faculty
More informationFlow Monitor for WhatsUp Gold v16.2 User Guide
Flow Monitor for WhatsUp Gold v16.2 User Guide Contents Table of Contents Flow Monitor Overview Welcome to WhatsUp Gold Flow Monitor... 1 What is Flow Monitor?... 2 How does Flow Monitor work?... 2 System
More informationConfiguring the Switch for the Firewall Services Module
CHAPTER 2 Configuring the Switch for the Firewall Services Module This chapter describes how to configure the Catalyst 6500 series switch or the Cisco 7600 series router for use with the FWSM. Before completing
More informationIntroduction to Netflow
Introduction to Netflow Mike Jager Network Startup Resource Center mike.jager@synack.co.nz These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)
More informationFirewall Defaults and Some Basic Rules
Firewall Defaults and Some Basic Rules ProSecure UTM Quick Start Guide This quick start guide provides the firewall defaults and explains how to configure some basic firewall rules for the ProSecure Unified
More informationAbout Firewall Protection
1. This guide describes how to configure basic firewall rules in the UTM to protect your network. The firewall then can provide secure, encrypted communications between your local network and a remote
More informationImplementing Secure Converged Wide Area Networks (ISCW)
Implementing Secure Converged Wide Area Networks (ISCW) 1 Mitigating Threats and Attacks with Access Lists Lesson 7 Module 5 Cisco Device Hardening 2 Module Introduction The open nature of the Internet
More informationLAB II: Securing The Data Path and Routing Infrastructure
LAB II: Securing The Data Path and Routing Infrastructure 8. Create Packet Filters a. Create a packet filter which will deny packets that have obviously bogus IP source addresses but permit everything
More information2. Are explicit proxy connections also affected by the ARM config?
Achieving rapid success with WCCP and Web Security Gateway October 2011 Webinar Q/A 1. What if you are already using WCCP for Cisco waas on the same routers that you need to use WCCP for websense? Using
More informationNetwork Monitoring and Management NetFlow Overview
Network Monitoring and Management NetFlow Overview These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)
More informationHow-To Configure NetFlow v5 & v9 on Cisco Routers
How-To Configure NetFlow v5 & v9 on Cisco Routers Share: Visibility into the network is an indispensable tool for network administrators. Network visibility can be achieved through daily troubleshooting,
More informationConfiguring DHCP Snooping
CHAPTER 19 This chapter describes how to configure Dynamic Host Configuration Protocol (DHCP) snooping on Catalyst 4500 series switches. It provides guidelines, procedures, and configuration examples.
More informationConfiguring WCCP v2 with Websense Content Gateway the Web proxy for Web Security Gateway
Configuring WCCP v2 with Websense Content Gateway the Web proxy for Web Security Gateway Webinar December 2011 web security data security email security 2011 Websense, Inc. All rights reserved. Webinar
More information