Securing end devices

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Securing end devices"

Transcription

1 Securing end devices Securing the network edge is already covered. Infrastructure devices in the LAN Workstations Servers IP phones Access points Storage area networking (SAN) devices.

2 Endpoint Security If users are not practicing security in their desktop operations, no amount of security precautions will guarantee a secure network.

3 Endpoint security applications IronPort security appliances Network admission control (NAC) Cisco Security Agent (CSA).

4 Securing Layer 2 MAC address spoofing STP manipulation attacks. Layer 2 security configurations include: Enabling port security BPDU guard Root guard Storm control Cisco switched port analyzer (SPAN) Remote SPAN (RSPAN).

5 Endpoint security Cisco Network Admission Control (NAC) complies with network security policies Endpoint protection Cisco Security Agent (CSA) IronPort Network infection containment automating key elements of the infection response process SDN ->NAC, CSA, IPS

6 Operating systems Trusted code the operating system code is not compromised Trusted path the system is a genuine one and not a Trojan Horse Privileged context of execution Provides identity authentication and certain privileges based on the identity. Process memory protection and isolation Provides separation from other users and their data. Access control to resources Ensures confidentiality and integrity of data.

7 Operating systems Protect an endpoint from operating system vulnerabilities: Least privilege concept Isolation between processes Reference monitor An access control concept that mediates all access to objects. Small, verifiable pieces of code

8 Endpoint security solution IronPort C-Series - An security appliance for virus and spam control. S-Series - A web security appliance for spyware filtering, URL filtering, and anti-malware. M-Series - A security management appliance that compliments the and web security appliances by managing and monitoring an organization's policy settings and audit information.

9 SenderBase IronPort SenderBase is the world's largest traffic monitoring service. SenderBase collects data from more than 100,000 ISPs, universities, and corporations. It measures more than 120 different parameters for any server on the Internet. This massive database receives more than five billion queries per day, with real-time data streaming in from every continent and both small and large network providers. SenderBase has the most accurate view of the sending patterns of any given mail sender because of the size of the database.

10 NAC With NAC, network security professionals can authenticate, authorize, evaluate, and remediate wired, wireless, and remote users and their machines prior to network access

11 NAC

12 CSA Policy-driven, data-loss prevention with zero-update attack prevention and antivirus detection

13 CSA

14 Other vendors McAfee Symantec Juniper SonicWALL Fortinet.

15 Layer 2 Security Layer 2 attacks typically require internal access, either from an employee or visitor. If the Data Link Layer is hacked, communications are compromised without the other layers being aware of the problem. Security is only as strong as the weakest link. Regarding network security, the Data Link Layer is often the weakest link. When the layer is compromised, other layers are not aware of that fact, Buffer overflows Cisco Security Agent

16 Layer 2 Security

17 MAC address spoofing attacks

18 MAC address overflow attacks MAC address tables are limited in size Macof tool Bombarding the switch with fake source MAC addresses The switch begins to flood all incoming traffic to all ports => a hub

19 MAC address overflow attacks

20 MAC address overflow attacks Mitigated by configuring port security on the switch Statically specify the MAC addresses on a particular switch port Allow the switch to dynamically learn a fixed number of MAC addresses for a switch port.

21 Manipulation attacks

22 STP

23 Manipulation attacks

24 Manipulation attacks Mitigation techniques for STP manipulation include Enabling PortFast Root guard and BPDU guard.

25 LAN Storm attack Errors in the protocol stack implementation Mistakes in network configurations Users issuing a DoS attack can cause a storm. Broadcast storms can also occur on networks. Switches always forward broadcasts out all ports. Some necessary protocols, such as Address Resolution Protocol (ARP) and Dynamic Host Configuration Protocol (DHCP), use broadcasts; therefore, switches must be able to forward broadcast traffic. Storm control prevents traffic on a LAN from being disrupted by a broadcast, multicast, or unicast storm on one of the physical interfaces.

26 LAN Storm attack

27 VLAN hopping attack Spoofing DTP messages from the attacking host to cause the switch to enter trunking mode. From here, the attacker can send traffic tagged with the target VLAN, and the switch then delivers the packets to the destination. Introducing a rogue switch and enabling trunking. The attacker can then access all the VLANs on the victim switch from the rogue switch.

28 VLAN hopping attack Prevent a basic VLAN hopping attack Turn off trunking on all ports, except the ones that specifically require trunking. On the required trunking ports, disable DTP (auto trunking) negotiations Manually enable trunking.

29 VLAN hopping attack

30 Mitigating Layer 2 attacks Enable port security. Statically specify MAC addresses for a port or to permit the switch to dynamically learn a limited number of MAC addresses. Limit the number to one. The port either shuts down until it is administratively enabled (default mode) or drops incoming frames from the insecure host (restrict option). It is recommended that an administrator configure the port security feature to issue a shutdown rather than dropping frames from insecure hosts with the restrict option. The restrict option might fail under the load of an attack.

31 Configuring port security Step 1. Sets the interface mode as access If an interface is in the default mode (dynamic auto), it cannot be configured as a secure port.

32 Configuring port security Step 2. Enables port security on the interface

33 Configuring port security Step 3. Sets the maximum number of secure MAC addresses for the interface (optional) The range is 1 to 132. The default is 1.

34 Violation rules for the switch-port Step 1. Sets the violation mode (optional) Default condition (shutdown mode).

35 Violation rules for the switch-port Step 2. Enters a static secure MAC address for the interface (optional)

36 Violation rules for the switch-port Step 3. Enables sticky learning on the interface (optional)

37 Port Fast The spanning-tree PortFast feature causes an interface configured as a Layer 2 access port to transition from the blocking to the forwarding state immediately, bypassing the listening and learning states. Switch(config-if)# spanning-tree portfast Switch(config)# spanning-tree portfast default

38 Port Fast

39 BPDU Guard BPDU guard is used to protect the switched network from the problems caused by receiving BPDUs on ports that should not be receiving them. If a port that is configured with PortFast receives a BPDU, STP can put the port into the disabled state by using BPDU guard. Use this command to enable BPDU guard on all ports with PortFast enabled. Switch(config)# spanning-tree portfast bpduguard default

40 Root Guard Root guard is best deployed toward ports that connect to switches that should not be the root bridge. Switch(config-if)# spanning-tree guard root

41 Storm control Enables broadcast storm protection. Enables multicast storm protection. Specifies the action that should take place when the threshold (level) is reached.

42 VLAN Trunk Security Be sure to disable DTP (auto trunking) negotiations Manually enable trunking. To prevent a VLAN hopping attack that uses double 802.1Q encapsulation, the switch must look further into the frame to determine whether more than one VLAN tag is attached to it. One of the more important elements is to use a dedicated native VLAN for all trunk ports. Disable all unused switch ports and place them in an unused VLAN.

43 VLAN Trunk Security

44 VLAN Trunk Security Step 1. Specifies an interface as a trunk link

45 VLAN Trunk Security Step 2. Prevents the generation of DTP frames

46 VLAN Trunk Security Step 3. Set the native VLAN on the trunk to an unused VLAN The default native VLAN is VLAN 1.

47 SPAN Switched Port Analyzer A SPAN port mirrors traffic to another port where a monitoring device is connected. Without this, it can be difficult to track hackers after they have entered the network. RSPAN

48 Summary Layer2 Manage switches in secure a manner (SSH, out-of-band management, ACLs, etc.). Much like routers. Set all user ports to non-trunking ports (unless you are using Cisco VoIP). Use port security where possible for access ports. Enable STP attack mitigation (BPDU guard, root guard).

49 Summary Layer2 Use Cisco Discovery Protocol only where necessary with phones it is useful. Configure PortFast on all non-trunking ports. Configure root guard on STP root ports. Configure BPDU guard on all non-trunking ports. Always use a dedicated, unused native VLAN ID for trunk ports

50 Summary Layer2 Do not use VLAN 1 for anything. Disable all unused ports and put them in an unused VLAN. Manually configure all trunk ports and disable DTP on trunk ports. Configure all non-trunking ports with switchport mode access.

51 Wireless security WAR-Driving

52 Threats to wireless Network Stumbler software finds wireless networks. Kismet software displays wireless networks that do not broadcast their SSIDs. AirSnort software sniffs and cracks WEP keys. CoWPAtty cracks WPA-PSK (WPA1). ASLEAP gathers authentication data. Wireshark can scan wireless Ethernet data and SSIDs.

53 Mitigating threats to wireless Wireless networks using WEP or WPA/TKIP (Wi Fi Protected Acccess) (Temporal Key Integrity Protocol) are not very secure and are vulnerable to hacking attacks. Wireless networks using WPA2/AES (Advanced Encryption Standard) should have a pass phrase of at least 21 characters and this is the state of the art. If an IPsec VPN is available, use it on any public wireless LAN. If wireless access is not needed, disable the wireless radio or wireless NIC.

CCNA Security - Implementing Network Security 6 Securing the Local Area Network 6.0 Chapter Introduction 6.0.1 Chapter Introduction

CCNA Security - Implementing Network Security 6 Securing the Local Area Network 6.0 Chapter Introduction 6.0.1 Chapter Introduction 1 di 25 19/01/2010 23.28 Search Glossary Course Index: CCNA Security - Implementing Network Security 6 Securing the Local Area Network 6.0 Chapter Introduction 6.0.1 Chapter Introduction A secure network

More information

CCT vs. CCENT Skill Set Comparison

CCT vs. CCENT Skill Set Comparison Operation of IP Data Networks Recognize the purpose and functions of various network devices such as Routers, Switches, Bridges and Hubs Select the components required to meet a given network specification

More information

Configure IOS Catalyst Switches to Connect Cisco IP Phones Configuration Example

Configure IOS Catalyst Switches to Connect Cisco IP Phones Configuration Example Configure IOS Catalyst Switches to Connect Cisco IP Phones Configuration Example Document ID: 69632 Introduction Prerequisites Requirements Components Used Conventions Background Information Configure

More information

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline Course Number: SEC 150 Course Title: Security Concepts Hours: 2 Lab Hours: 2 Credit Hours: 3 Course Description: This course provides an overview of current technologies used to provide secure transport

More information

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0 ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0 Module 1: Vulnerabilities, Threats, and Attacks 1.1 Introduction to Network Security

More information

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0 ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0 Module 1: Vulnerabilities, Threats, and Attacks 1.1 Fundamental Principles of a Secure Network

More information

QUESTION 15 Which two values are used by Spanning Tree Protocol to elect a root bridge? (Choose two.)

QUESTION 15 Which two values are used by Spanning Tree Protocol to elect a root bridge? (Choose two.) Chapter 9: Switching QUESTION 15 Which two values are used by Spanning Tree Protocol to elect a root bridge? (Choose two.) A. amount of RAM B. bridge priority C. IOS version D. IP address E. MAC address

More information

Network security includes the detection and prevention of unauthorized access to both the network elements and those devices attached to the network.

Network security includes the detection and prevention of unauthorized access to both the network elements and those devices attached to the network. By: Ziad Zubidah CCNP Security IT Security Officer National Information Technology Center Network security includes the detection and prevention of unauthorized access to both the network elements and

More information

Cisco Certified Network Associate Exam. Operation of IP Data Networks. LAN Switching Technologies. IP addressing (IPv4 / IPv6)

Cisco Certified Network Associate Exam. Operation of IP Data Networks. LAN Switching Technologies. IP addressing (IPv4 / IPv6) Cisco Certified Network Associate Exam Exam Number 200-120 CCNA Associated Certifications CCNA Routing and Switching Operation of IP Data Networks Operation of IP Data Networks Recognize the purpose and

More information

642 552 Securing Cisco Network Devices (SND)

642 552 Securing Cisco Network Devices (SND) 642 552 Securing Cisco Network Devices (SND) Course Number: 642 552 Length: 1 Day(s) Course Overview This course is part of the training for the Cisco Certified Security Professional, Cisco Firewall Specialist,

More information

Objectives. The Role of Redundancy in a Switched Network. Layer 2 Loops. Broadcast Storms. More problems with Layer 2 loops

Objectives. The Role of Redundancy in a Switched Network. Layer 2 Loops. Broadcast Storms. More problems with Layer 2 loops ITE I Chapter 6 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Implement Spanning Tree Protocols LAN Switching and Wireless Chapter 5 Explain the role of redundancy in a converged

More information

Switching in an Enterprise Network

Switching in an Enterprise Network Switching in an Enterprise Network Introducing Routing and Switching in the Enterprise Chapter 3 Version 4.0 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Compare the types of

More information

Ten Deadly Sins in Wireless Security

Ten Deadly Sins in Wireless Security Ten Deadly Sins in Wireless Security The emergence and popularity of wireless devices and wireless networks has provided a platform for real time communication and collaboration. This emergence has created

More information

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer Managing and Securing Computer Networks Guy Leduc Chapter 7: Securing LANs Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section 8.8) Also

More information

Exploiting First Hop Protocols to Own the Network. Rocket City TakeDownCon 2015. Paul Coggin Senior Principal Cyber Security Analyst @PaulCoggin

Exploiting First Hop Protocols to Own the Network. Rocket City TakeDownCon 2015. Paul Coggin Senior Principal Cyber Security Analyst @PaulCoggin Exploiting First Hop Protocols to Own the Network Rocket City TakeDownCon 2015 Paul Coggin Senior Principal Cyber Security Analyst @PaulCoggin www.dynetics.com V## Goes Here 1 OSI and TCP/IP Model OSI

More information

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief ForeScout CounterACT Device Host and Detection Methods Technology Brief Contents Introduction... 3 The ForeScout Approach... 3 Discovery Methodologies... 4 Passive Monitoring... 4 Passive Authentication...

More information

Configuring SPAN and RSPAN

Configuring SPAN and RSPAN CHAPTER 23 This chapter describes how to configure Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) on the Catalyst 2960 switch. Note For complete syntax and usage information for the commands used

More information

Configuring VLANs. Understanding VLANs CHAPTER

Configuring VLANs. Understanding VLANs CHAPTER CHAPTER 12 This chapter describes how to configure normal-range VLANs (VLAN IDs 1 to 1005) and extended-range VLANs (VLAN IDs 1006 to 4094) on the Catalyst 2960 switch. It includes information about VLAN

More information

Implementing Cisco IOS Network Security

Implementing Cisco IOS Network Security Implementing Cisco IOS Network Security IINS v3.0; 5 Days, Instructor-led Course Description Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles

More information

Tim Bovles WILEY. Wiley Publishing, Inc.

Tim Bovles WILEY. Wiley Publishing, Inc. Tim Bovles WILEY Wiley Publishing, Inc. Contents Introduction xvii Assessment Test xxiv Chapter 1 Introduction to Network Security 1 Threats to Network Security 2 External Threats 3 Internal Threats 5

More information

Interconnecting Cisco Networking Devices Part 2

Interconnecting Cisco Networking Devices Part 2 Interconnecting Cisco Networking Devices Part 2 Course Number: ICND2 Length: 5 Day(s) Certification Exam This course will help you prepare for the following exam: 640 816: ICND2 Course Overview This course

More information

Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance

Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance CHAPTER 5 Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance This chapter describes how to configure the switch ports and VLAN interfaces of the ASA 5505 adaptive

More information

Solutions for LAN Protection

Solutions for LAN Protection Solutions Guide Solutions for LAN Protection Allied Telesis security features safeguard networks and mitigate attacks Introduction The increasing number of connected devices in today s networks has created

More information

Cisco Certified Network Associate ( )

Cisco Certified Network Associate ( ) Cisco Certified Network Associate (200-125) Exam Description: The Cisco Certified Network Associate (CCNA) Routing and Switching composite exam (200-125) is a 90-minute, 50 60 question assessment that

More information

640-816: Interconnecting Cisco Networking Devices Part 2 v1.1

640-816: Interconnecting Cisco Networking Devices Part 2 v1.1 640-816: Interconnecting Cisco Networking Devices Part 2 v1.1 Course Introduction Course Introduction Chapter 01 - Small Network Implementation Introducing the Review Lab Cisco IOS User Interface Functions

More information

CCNA R&S: Introduction to Networks. Chapter 5: Ethernet

CCNA R&S: Introduction to Networks. Chapter 5: Ethernet CCNA R&S: Introduction to Networks Chapter 5: Ethernet 5.0.1.1 Introduction The OSI physical layer provides the means to transport the bits that make up a data link layer frame across the network media.

More information

CHAPTER 10 LAN REDUNDANCY. Scaling Networks

CHAPTER 10 LAN REDUNDANCY. Scaling Networks CHAPTER 10 LAN REDUNDANCY Scaling Networks CHAPTER 10 10.0 Introduction 10.1 Spanning Tree Concepts 10.2 Varieties of Spanning Tree Protocols 10.3 Spanning Tree Configuration 10.4 First-Hop Redundancy

More information

Network Test 3 Study Guide

Network Test 3 Study Guide Name: Class: Date: Network Test 3 Study Guide Multiple Choice Identify the choice that best completes the statement or answers the question. 1. When a frame is received, which component reads the source

More information

VLANs. Application Note

VLANs. Application Note VLANs Application Note Table of Contents Background... 3 Benefits... 3 Theory of Operation... 4 IEEE 802.1Q Packet... 4 Frame Size... 5 Supported VLAN Modes... 5 Bridged Mode... 5 Static SSID to Static

More information

Recommended IP Telephony Architecture

Recommended IP Telephony Architecture Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings

More information

CCNA Security v1.0 Scope and Sequence

CCNA Security v1.0 Scope and Sequence CCNA Security v1.0 Scope and Sequence Last updated April 7, 2011 Target Audience The Cisco CCNA Security course is designed for Cisco Networking Academy students seeking career-oriented, entry-level security

More information

University of Khartuom. Switch port security

University of Khartuom. Switch port security University of Khartuom Information technology & Network Administrator Switch port security Presented: by Ali Jbraldar National Security Telecommunications and Information Systems Security Committee (NSTISSC)

More information

Apple Airport Extreme Base Station V4.0.8 Firmware: Version 5.4

Apple Airport Extreme Base Station V4.0.8 Firmware: Version 5.4 1. APPLE AIRPORT EXTREME 1.1 Product Description The following are device specific configuration settings for the Apple Airport Extreme. Navigation through the management screens will be similar but may

More information

Course Contents CCNP (CISco certified network professional)

Course Contents CCNP (CISco certified network professional) Course Contents CCNP (CISco certified network professional) CCNP Route (642-902) EIGRP Chapter: EIGRP Overview and Neighbor Relationships EIGRP Neighborships Neighborship over WANs EIGRP Topology, Routes,

More information

Chapter 1 The Principles of Auditing 1

Chapter 1 The Principles of Auditing 1 Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls

More information

Interconnecting Cisco Networking Devices Part 2 (ICND2) Course 01 - Implementing Scalable Medium-Sized Networks

Interconnecting Cisco Networking Devices Part 2 (ICND2) Course 01 - Implementing Scalable Medium-Sized Networks Interconnecting Cisco Networking Devices Part 2 (ICND2) Course 01 - Implementing Scalable Medium-Sized Networks Slide 1 Lesson 1 Troubleshooting VLAN Connectivity Slide 2 VLAN Review A VLAN represents:

More information

Inter-VLAN Routing Malin Bornhager Halmstad University

Inter-VLAN Routing Malin Bornhager Halmstad University Inter-VLAN Routing Malin Bornhager Halmstad University Session Number 2002, Svenska-CNAP Halmstad University 1 Objectives Inter-VLAN Routing Router-on-a-Stick Subinterface configuration Switch Security

More information

Network Security. Ensuring Information Availability. Security

Network Security. Ensuring Information Availability. Security Ensuring Information Availability Security - Ensuring Information Availability Introduction The advent of the Internet and the huge array of connected devices has led to an insatiable demand for access

More information

Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance

Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance CHAPTER 4 Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance This chapter describes how to configure the switch ports and VLAN interfaces of the ASA 5505 adaptive

More information

Configuring SPAN and RSPAN

Configuring SPAN and RSPAN CHAPTER 51 This chapter describes how to configure the Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) on the Catalyst 4500 series switches. SPAN selects network traffic for analysis by a network

More information

Security Considerations in IP Telephony Network Configuration

Security Considerations in IP Telephony Network Configuration Security Considerations in IP Telephony Network Configuration Abstract This Technical Report deals with fundamental security settings in networks to provide secure VoIP services. Example configurations

More information

CompTIA Network+ N Official Cert Guide Mapping Guide to CompTIA Network+ Simulator Labs

CompTIA Network+ N Official Cert Guide Mapping Guide to CompTIA Network+ Simulator Labs CompTIA Network+ N10 005 Official Cert Guide Mapping Guide to CompTIA Network+ Simulator Labs Domain 1.0: Network Concepts 1.1 Compare the layers of the OSI and TCP/IP Models TCP/IP Model Layer Matching

More information

Cisco Certified Network Associate Version 2 ( )

Cisco Certified Network Associate Version 2 ( ) Cisco Certified Network Associate Version 2 (200-120) Exam Description: The 200-120 composite CCNA v2 exam is a 1-½ hour test with 50 60 questions. The 200-120 CCNA exam is the composite exam associated

More information

Local Area Networks. LAN Security and local attacks. TDC 363 Winter 2008 John Kristoff - DePaul University 1

Local Area Networks. LAN Security and local attacks. TDC 363 Winter 2008 John Kristoff - DePaul University 1 Local Area Networks LAN Security and local attacks TDC 363 Winter 2008 John Kristoff - DePaul University 1 Overview Local network attacks target an internal network Some attacks can be launched remotely

More information

Configure Workgroup Bridge on the WAP351

Configure Workgroup Bridge on the WAP351 Article ID: 5047 Configure Workgroup Bridge on the WAP351 Objective The Workgroup Bridge feature enables the Wireless Access Point (WAP) to bridge traffic between a remote client and the wireless LAN that

More information

Best Practices for Outdoor Wireless Security

Best Practices for Outdoor Wireless Security Best Practices for Outdoor Wireless Security This paper describes security best practices for deploying an outdoor wireless LAN. This is standard body copy, style used is Body. Customers are encouraged

More information

CCNA is a well renowned international certification by Cisco Systems in the field of computer networking.

CCNA is a well renowned international certification by Cisco Systems in the field of computer networking. CCNA - Cisco Certified Network Associates [International Certification Exam Code 200-120 CCNA] What is CCNA? CCNA is a well renowned international certification by Cisco Systems in the field of computer

More information

Configuring IEEE 802.1ak MVRP and MRP

Configuring IEEE 802.1ak MVRP and MRP CHAPTER 21 This chapter describes how to configure the IEEE 802.1ak Multiple VLAN Registration Protocol () and Multiple Registration Protocol (MRP) as implemented in accordance with the IEEE 802.1ak standard.

More information

IINS Implementing Cisco Network Security 3.0 (IINS)

IINS Implementing Cisco Network Security 3.0 (IINS) IINS Implementing Cisco Network Security 3.0 (IINS) COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using

More information

Configuring EtherChannels

Configuring EtherChannels 25 CHAPTER This chapter describes how to configure EtherChannel interfaces. For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 2950 Desktop Switch Command

More information

Configuring Interfaces

Configuring Interfaces CHAPTER 10 Configuring Interfaces This chapter defines the types of interfaces on the Cisco ME 3400E Ethernet Access switch and describes how to configure them. Understanding Interface Types, page 10-1

More information

Voice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005

Voice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005 Voice over IP VoIP (In) Security Presented by Darren Bilby NZISF 14 July 2005 Security-Assessment.com Who We Are NZ s only pure-play security firm Largest team of security professionals in NZ Offices in

More information

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006 WIRELESS SECURITY Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Wireless LAN Security Learning Objectives Students should be able

More information

CCNA : Cisco Certified Network Associate

CCNA : Cisco Certified Network Associate CCNA : Cisco Certified Network Associate The CCNA certification indicates a foundation in and apprentice knowledge of networking. CCNA certified professionals can install, configure, and operate LAN, WAN,

More information

Configure WorkGroup Bridge on the WAP131 Access Point

Configure WorkGroup Bridge on the WAP131 Access Point Article ID: 5036 Configure WorkGroup Bridge on the WAP131 Access Point Objective The Workgroup Bridge feature enables the Wireless Access Point (WAP) to bridge traffic between a remote client and the wireless

More information

IMPLEMENTING CISCO SWITCHED NETWORKS V2.0 (SWITCH)

IMPLEMENTING CISCO SWITCHED NETWORKS V2.0 (SWITCH) IMPLEMENTING CISCO SWITCHED NETWORKS V2.0 (SWITCH) COURSE OVERVIEW: Implementing Cisco Switched Networks (SWITCH) v2.0 is a five-day instructor-led training course developed to help students prepare for

More information

http://www.it-exams.com

http://www.it-exams.com -The fastest and guaranteed way to certy now! http://www.it-exams.com Exam Number : SY0-301 Exam Name : Security+ Certification Exam 2011 version Version : Demo QUESTION NO: 1 Actively monitoring data

More information

Configuring DHCP Snooping

Configuring DHCP Snooping CHAPTER 19 This chapter describes how to configure Dynamic Host Configuration Protocol (DHCP) snooping on Catalyst 4500 series switches. It provides guidelines, procedures, and configuration examples.

More information

Tools for Attacking Layer 2 Network Infrastructure

Tools for Attacking Layer 2 Network Infrastructure Tools for Attacking Layer 2 Network Infrastructure Kai-Hau Yeung, Dereck Fung, and Kin-Yeung Wong Abstract Data Link layer is considered as the weakest link in a secured network. If an initial attack comes

More information

Configuring the Transparent or Routed Firewall

Configuring the Transparent or Routed Firewall 5 CHAPTER This chapter describes how to set the firewall mode to routed or transparent, as well as how the firewall works in each firewall mode. This chapter also includes information about customizing

More information

"Charting the Course...

Charting the Course... Description "Charting the Course... Course Summary Interconnecting Cisco Networking Devices: Accelerated (CCNAX), is a course consisting of ICND1 and ICND2 content in its entirety, but with the content

More information

TABLE OF CONTENTS NETWORK SECURITY 1...1

TABLE OF CONTENTS NETWORK SECURITY 1...1 Network Security 1 This document is the exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors

More information

Using the Command-Line Interface

Using the Command-Line Interface CHAPTER 1 Using the Command-Line Interface The 2900 XL switches and 3500 XL switches are supported by Cisco IOS software. These switches currently support Cisco IOS Release 11.2(8)SA6. This chapter describes

More information

9 Simple steps to secure your Wi-Fi Network.

9 Simple steps to secure your Wi-Fi Network. 9 Simple steps to secure your Wi-Fi Network. Step 1: Change the Default Password of Modem / Router After opening modem page click on management - access control password. Select username, confirm old password

More information

Network Security. Topology. Spring 2014. This is the logical topology of the network environment used for testing.

Network Security. Topology. Spring 2014. This is the logical topology of the network environment used for testing. Course: 1DV447 Advanced LAN Technologies Network Security Spring 2014 Topology This is the logical topology of the network environment used for testing. 1/ Introduction The area i want to focus on is network

More information

If security were all that mattered, computers would never be turned on, let alone hooked into a network with literally millions of potential intruders. Dan Farmer, System Administrators Guide to Cracking

More information

The Network Level in Local Area Networks. Fulvio Risso Politecnico di Torino

The Network Level in Local Area Networks. Fulvio Risso Politecnico di Torino The Network Level in Local Area Networks Fulvio Risso Politecnico di Torino 1 LANs and Routers Routers are a fundamental part of a LAN We cannot imagine a network without access to the Internet and/or

More information

Configuring the Transparent or Routed Firewall

Configuring the Transparent or Routed Firewall CHAPTER 4 This chapter describes how to configure the firewall mode, routed or transparent, and how to customize transparent firewall operation. Note In multiple context mode, you cannot set the firewall

More information

Interconnecting Cisco Networking Devices: Accelerated Course CCNAX v2.0; 5 Days, Instructor-led

Interconnecting Cisco Networking Devices: Accelerated Course CCNAX v2.0; 5 Days, Instructor-led Interconnecting Cisco Networking Devices: Accelerated Course CCNAX v2.0; 5 Days, Instructor-led Course Description Interconnecting Cisco Networking Devices: Accelerated (CCNAX) v2.0 is a 60-hour instructor-led

More information

Cisco CME Network Parameters

Cisco CME Network Parameters Cisco CME Network Parameters Auxiliary VLANs This topic describes auxiliary VLANs. Auxiliary VLANs Prevent unnecessary IP address renumbering Simplifies Quality of Service (QoS) configurations Separates

More information

Chapter 3. Enterprise Campus Network Design

Chapter 3. Enterprise Campus Network Design Chapter 3 Enterprise Campus Network Design 1 Overview The network foundation hosting these technologies for an emerging enterprise should be efficient, highly available, scalable, and manageable. This

More information

VLANs on Aironet Access Points Configuration Example

VLANs on Aironet Access Points Configuration Example VLANs on Aironet Access Points Configuration Example Document ID: 69773 Contents Introduction Prerequisites Requirements Components Used Conventions Network Diagram Configure Configure the Native VLAN

More information

Lab VI Capturing and monitoring the network traffic

Lab VI Capturing and monitoring the network traffic Lab VI Capturing and monitoring the network traffic 1. Goals To gain general knowledge about the network analyzers and to understand their utility To learn how to use network traffic analyzer tools (Wireshark)

More information

Secure Network Access System (SNAS) Indigenous Next Generation Network Security Solutions

Secure Network Access System (SNAS) Indigenous Next Generation Network Security Solutions Secure Network Access System (SNAS) Indigenous Next Generation Network Security Solutions Gigi Joseph, Computer Division,BARC. Gigi@barc.gov.in Intranet Security Components Network Admission Control (NAC)

More information

Chapter 1 - Configure, Verify, and Troubleshoot a Switch with VLANs and Interswitch Communications

Chapter 1 - Configure, Verify, and Troubleshoot a Switch with VLANs and Interswitch Communications ExamForce.com 640-816 CCNA ICND2 Study Guide 4 Chapter 1 - Configure, Verify, and Troubleshoot a Switch with VLANs and Interswitch Communications Chapter 1 Quick Jump To: Describe enhanced switching technologies

More information

WLAN Information Security Best Practice Document

WLAN Information Security Best Practice Document WLAN Information Security Best Practice Document Produced by FUNET led working group on wireless systems and mobility (MobileFunet) (WLAN security) Author: Wenche Backman Contributors: Ville Mattila/CSC

More information

CCNA Security v1.0 Scope and Sequence

CCNA Security v1.0 Scope and Sequence CCNA Security v1.0 Scope and Sequence Last updated June 18, 2009 Note: The English version of this course is scheduled to be generally available in July 2009. Target Audience The Cisco CCNA Security course

More information

Building Secure Network Infrastructure For LANs

Building Secure Network Infrastructure For LANs Building Secure Network Infrastructure For LANs Yeung, K., Hau; and Leung, T., Chuen Abstract This paper discusses the building of secure network infrastructure for local area networks. It first gives

More information

Section 12 MUST BE COMPLETED BY: 4/22

Section 12 MUST BE COMPLETED BY: 4/22 Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege

More information

- Virtual LANs (VLANs) and VTP -

- Virtual LANs (VLANs) and VTP - 1 - Virtual LANs (VLANs) and VTP - Collision vs. Broadcast Domains A collision domain is simply defined as any physical segment where a collision can occur. Hubs can only operate at half-duplex, and thus

More information

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches print email Article ID: 4941 Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches Objective In an ever-changing business environment, your

More information

Configuring Dynamic ARP Inspection

Configuring Dynamic ARP Inspection 21 CHAPTER This chapter describes how to configure dynamic Address Resolution Protocol inspection (dynamic ARP inspection) on the Catalyst 3560 switch. This feature helps prevent malicious attacks on the

More information

This Lecture. The Internet and Sockets. The Start 1969. If everyone just sends a small packet of data, they can all use the line at the same.

This Lecture. The Internet and Sockets. The Start 1969. If everyone just sends a small packet of data, they can all use the line at the same. This Lecture The Internet and Sockets Computer Security Tom Chothia How the Internet works. Some History TCP/IP Some useful network tools: Nmap, WireShark Some common attacks: The attacker controls the

More information

How To Understand and Configure Your Network for IntraVUE

How To Understand and Configure Your Network for IntraVUE How To Understand and Configure Your Network for IntraVUE Summary This document attempts to standardize the methods used to configure Intrauve in situations where there is little or no understanding of

More information

Configuring LLDP, LLDP-MED, and Location Service

Configuring LLDP, LLDP-MED, and Location Service 27 CHAPTER Configuring LLDP, LLDP-MED, and Location Service This chapter describes how to configure the Link Layer Discovery Protocol (LLDP), LLDP Media Endpoint Discovery (LLDP-MED), and Location Service

More information

CCNA Security. IINS v2.0 Implementing Cisco IOS Network Security (640-554)

CCNA Security. IINS v2.0 Implementing Cisco IOS Network Security (640-554) CCNA Security Öngereksinimler: CCNA http://www.cliguru.com/ccna Kurs Tanımı: CCNA Security network'ün temellerini anlamış olan katılımcılara network güvenliği hakkında temel bilgi sağlamaya yönelik hazırlanmış

More information

Bypassing Network Access Control Systems

Bypassing Network Access Control Systems 1 Bypassing Network Access Control Systems Ofir Arkin, CTO Blackhat USA 2006 ofir.arkin@insightix.com http://www.insightix.com 2 What this talk is about? Introduction to NAC The components of a NAC solution

More information

WLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd.

WLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd. Wireless LAN Attacks and Protection Tools (Section 3 contd.) WLAN Attacks Passive Attack unauthorised party gains access to a network and does not modify any resources on the network Active Attack unauthorised

More information

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)

More information

Network Virtualization Network Admission Control Deployment Guide

Network Virtualization Network Admission Control Deployment Guide Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus

More information

IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region

IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region IPv6 SECURITY May 2011 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the express

More information

Own your LAN with Arp Poison Routing

Own your LAN with Arp Poison Routing Own your LAN with Arp Poison Routing By: Rorik Koster April 17, 2006 Security is a popular buzzword heard every day throughout our American culture and possibly even more so in our global economy. From

More information

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

PASS4TEST. IT Certification Guaranteed, The Easy Way!  We offer free update service for one year PASS4TEST IT Certification Guaranteed, The Easy Way! \ http://www.pass4test.com We offer free update service for one year Exam : 200-101 Title : Interconnecting Cisco Networking Devices Part 2 (ICND2)

More information

Configuring Port Security

Configuring Port Security CHAPTER 62 This chapter describes how to configure the port security feature. For complete syntax and usage information for the commands used in this chapter, see the Cisco IOS Master List, at this URL:

More information

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version 1.0.0. 613-001339 Rev.

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version 1.0.0. 613-001339 Rev. Management Software AT-S106 Web Browser User s Guide For the AT-GS950/48 Gigabit Ethernet Smart Switch Version 1.0.0 613-001339 Rev. A Copyright 2010 Allied Telesis, Inc. All rights reserved. No part of

More information

CISCO IOS NETWORK SECURITY (IINS)

CISCO IOS NETWORK SECURITY (IINS) CISCO IOS NETWORK SECURITY (IINS) SEVENMENTOR TRAINING PVT.LTD [Type text] Exam Description The 640-553 Implementing Cisco IOS Network Security (IINS) exam is associated with the CCNA Security certification.

More information

CHAPTER 6 DESIGNING A NETWORK TOPOLOGY

CHAPTER 6 DESIGNING A NETWORK TOPOLOGY CHAPTER 6 DESIGNING A NETWORK TOPOLOGY Expected Outcomes Able to identify terminology that will help student discuss technical goals with customer. Able to introduce a checklist that can be used to determine

More information

Wireless LAN Controller Module Configuration Examples

Wireless LAN Controller Module Configuration Examples Wireless LAN Controller Module Configuration Examples Document ID: 70530 Introduction Prerequisites Requirements Components Used Conventions Basic Configuration Example 1 Basic Configuration with an AP

More information

Data Networking and Architecture. Delegates should have some basic knowledge of Internet Protocol and Data Networking principles.

Data Networking and Architecture. Delegates should have some basic knowledge of Internet Protocol and Data Networking principles. Data Networking and Architecture The course focuses on theoretical principles and practical implementation of selected Data Networking protocols and standards. Physical network architecture is described

More information

Contents. Monitoring, Auditing, Intrusion Detection, Intrusion Prevention, and Penetration Testing CSEC 640

Contents. Monitoring, Auditing, Intrusion Detection, Intrusion Prevention, and Penetration Testing CSEC 640 Contents Topic 1: Analogy... 2 Analogy: Network Traffic... 2 Topic 2: Module Introduction... 4 Topic 3: Layer 2 and Switch Basics... 5 Layer 2 Technology: Ethernet... 5 Layer 2 Switch Operation... 7 Topic

More information