Abstract image of a woman sitting on books and studying on a laptop

Line-Level-Security.pdf--------------------------------

V
VladimirRuiz20

Line-Level-Security

Engineering
1 of 14
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
IOS Security When a Cisco router or switch is received from the factory no security is configured You can access the command line via a console cable with no password required One of the first tasks is to configure security to ensure that only authorised administrators can access the device
IOS Command Hierarchy hostname> User Exec mode hostname# Privileged Exec mode (‘Enable’) hostname(config)# Global Configuration mode (‘Configure Terminal’) hostname(config-if)# Interface Configuration mode (‘Interface x’)
Basic Line Level Security Minimal password security can be configured through the use of static, locally defined passwords at three different levels: Console line – accessing User Exec mode when connecting via a console cable Virtual terminal VTY line – accessing User Exec mode when connecting remotely via Telnet or SSH Secure Shell Privileged Exec Mode – entering the ‘enable’ command
Basic Line Level Security The levels can be used independently or in combination with each other. They can use the same or different passwords.
Basic Console Security Only one administrator can connect over a console cable at a time so the line number is always 0. ‘Login’ with no following keywords requires the administrator to enter the password configured at the line level to log in R1(config)#line console 0 R1(config-line)#password Flackbox1 R1(config-line)#login
Basic Console Security R1 con0 is now available Press RETURN to get started. User Access Verification Password: <wrong password> Password: <correct password> R1>
Basic Telnet Security An administrator can use Telnet to connect to the CLI of a router or switch remotely over an IP connection IOS devices do not accept incoming Telnet sessions by default An IP address and virtual terminal VTY line access must be configured
Switch Management IP Address A Layer 2 Switch is not IP routing aware It does however support a single IP address for management A default gateway also needs to be configured to allow connectivity to other subnets
Switch Management IP Address Switch(config)# interface vlan 1 Switch(config-if)# ip address 192.168.0.10 255.255.255.0 Switch(config-if)# no shutdown Switch(config-if)# exit Switch(config)# ip default-gateway 192.168.0.1
Basic Telnet Security Multiple administrators can connect at the same time. Lines are allocated on a first come first served basis If all configured lines are in use then additional administrators will not be able to login R1(config)#line vty 0 15 R1(config-line)#password Flackbox2 R1(config-line)#login
Basic Telnet Security C:>telnet 10.0.0.1 Trying 10.0.0.1 ...Open User Access Verification Password:<wrong password> Password:<correct password> R1>
Exec Timeout An administrator will be logged out after 10 minutes of inactivity by default. This applies to both the console and VTY lines You can edit this value with the exec-timeout command no exec-timeout or exec-timeout 0 allows an administrator to stay logged in indefinitely R1(config)#line con 0 R1(config-line)#exec-timeout 15 R1(config)#line vty 0 15 R1(config-line)#exec-timeout 5 30
Securing VTY Lines with Access Lists You can apply an Access List to control access to the VTY lines This can be used to limit Telnet and SSH access to only your administrator workstations R1(config)#access-list 1 permit host 10.0.0.10 R1(config)#line vty 0 15 R1(config-line)#login R1(config-line)#password Flackbox3 R1(config-line)#access-class 1 in
Securing VTY Lines with Access Lists Unauthorised source IP address: C:> telnet 10.0.0.1 Trying 10.0.0.1 … % Connection refused by remote host

More Related Content

PDF
Usernames-and-Privilege-Levels.pdf-----------------------
VladimirRuiz20
 
PDF
Securing Switch Access
Netwax Lab
 
DOCX
How to configure port security in cisco switch
IT Tech
 
PPTX
CCNA R&S-09-Configuring Ethernet Switching
Amir Jafari
 
PDF
Ch2 - Securing Network Devices - CCNA Security.pdf
OhmRon
 
PPTX
Ccna sv2 instructor_ppt_ch2
SalmenHAJJI1
 
DOCX
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
galerussel59292
 
PPT
Chapter 2 overview
ali raza
 
Usernames-and-Privilege-Levels.pdf-----------------------
VladimirRuiz20
 
Securing Switch Access
Netwax Lab
 
How to configure port security in cisco switch
IT Tech
 
CCNA R&S-09-Configuring Ethernet Switching
Amir Jafari
 
Ch2 - Securing Network Devices - CCNA Security.pdf
OhmRon
 
Ccna sv2 instructor_ppt_ch2
SalmenHAJJI1
 
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
galerussel59292
 
Chapter 2 overview
ali raza
 

Similar to Line-Level-Security.pdf-------------------------------- (20)

PDF
Network security lab certification 350 018
VISUAL MART - HERBERT PATZAN CARRILLO
 
PPT
Curso de Seguridad de Redes Inalambricas CCNA
VictorTonio
 
PPT
CCNA_Security_02.ppt
veracru1
 
PPT
Managing Network Device Security
Arnold Derrick Kinney
 
DOCX
TitleABC123 Version X1Film ListPSYCH650 Version 2.docx
juliennehar
 
PPTX
CCNASv2_InstructorPPT_CH2.pptx
mohamedabdelwahed68
 
PDF
Cisco Router and Switch Security Hardening Guide
Harris Andrea
 
PPT
network security
Dayanna Moyano
 
PPTX
ITN_instructorPPT_Chapter2.pptx
AbdisayidkhalifTahir
 
PPTX
lab2_2.pptx
RobelTsada
 
PPT
04- Module Operating & Configuring IOS.ppt
qaiserfareedjadoon2
 
PPTX
Ccna v5-S1-Chapter 2
Hamza Malik
 
PDF
Router security-configuration-guide-executive-summary
moonmanik
 
DOCX
8 steps to protect your cisco router
IT Tech
 
PPTX
1627478708347_Chapter 1.pptx
TesfaMinuyelet
 
PPTX
CCNA RS_NB - Chapter 2
Irsandi Hasan
 
PDF
5.3.1.2 packet tracer skills integration challenge instructions
Jose Luis Heredia
 
PDF
ccna1 v5 cap2
lvstarodub
 
PPT
04 module operating & configuring ios
Asif
 
PPT
CCNA Security - Chapter 2
Irsandi Hasan
 
Network security lab certification 350 018
VISUAL MART - HERBERT PATZAN CARRILLO
 
Curso de Seguridad de Redes Inalambricas CCNA
VictorTonio
 
CCNA_Security_02.ppt
veracru1
 
Managing Network Device Security
Arnold Derrick Kinney
 
TitleABC123 Version X1Film ListPSYCH650 Version 2.docx
juliennehar
 
CCNASv2_InstructorPPT_CH2.pptx
mohamedabdelwahed68
 
Cisco Router and Switch Security Hardening Guide
Harris Andrea
 
network security
Dayanna Moyano
 
ITN_instructorPPT_Chapter2.pptx
AbdisayidkhalifTahir
 
lab2_2.pptx
RobelTsada
 
04- Module Operating & Configuring IOS.ppt
qaiserfareedjadoon2
 
Ccna v5-S1-Chapter 2
Hamza Malik
 
Router security-configuration-guide-executive-summary
moonmanik
 
8 steps to protect your cisco router
IT Tech
 
1627478708347_Chapter 1.pptx
TesfaMinuyelet
 
CCNA RS_NB - Chapter 2
Irsandi Hasan
 
5.3.1.2 packet tracer skills integration challenge instructions
Jose Luis Heredia
 
ccna1 v5 cap2
lvstarodub
 
04 module operating & configuring ios
Asif
 
CCNA Security - Chapter 2
Irsandi Hasan
 
Ad

Recently uploaded (20)

PPTX
Information Storage and Retrieval Techniques Unit III
jeyamohan2519
 
PPTX
Principal presentation for NAAC (1).pptx
GMKosgiker
 
PPTX
AUTOMOTIVE ENGINE MANAGEMENT (MECHATRONICS).pptx
joanaabban6
 
PDF
Computer System Architecture 3rd Edition-M Morris Mano.pdf
Nune SrinivasRao
 
PPTX
Amdahl’s law is explained in the above power point presentations
sangeetha952248
 
PPTX
Chapter 2 -Technology and Enginerring Materials + Composites.pptx
garciajeremiah070
 
PDF
Unit1 - AIML Chapter 1 concept and ethics
muthusamyvijay762
 
PDF
Java Basics-Introduction and program control
lohithsrikarb719
 
PPTX
"Array and Linked List in Data Structures with Types, Operations, Implementat...
usham61
 
PDF
MLpara ingenieira CIVIL, meca Y AMBIENTAL
MarceloArielTisera
 
PPTX
Sorting and Hashing in Data Structures with Algorithms, Techniques, Implement...
usham61
 
PPTX
PRASUNET_20240614003_231416_0000[1].pptx
singlagaurav1311
 
PPTX
ai_satellite_crop_management_20250815030350.pptx
kathiravanh1919
 
PPTX
Software Engineering and software moduleing
deepikame6
 
PPTX
Graph Data Structures with Types, Traversals, Connectivity, and Real-Life App...
usham61
 
PPT
Chapter 1 - Introduction to Manufacturing Technology_2.ppt
garciajeremiah070
 
PPTX
CyberSecurity Mobile and Wireless Devices
RobinRohit2
 
PPTX
tack Data Structure with Array and Linked List Implementation, Push and Pop O...
usham61
 
PPTX
CONTRACTS IN CONSTRUCTION PROJECTS: TYPES
Surabhi794944
 
PDF
Influence of Green Infrastructure on Residents’ Endorsement of the New Ecolog...
Journal of Contemporary Urban Affairs
 
Information Storage and Retrieval Techniques Unit III
jeyamohan2519
 
Principal presentation for NAAC (1).pptx
GMKosgiker
 
AUTOMOTIVE ENGINE MANAGEMENT (MECHATRONICS).pptx
joanaabban6
 
Computer System Architecture 3rd Edition-M Morris Mano.pdf
Nune SrinivasRao
 
Amdahl’s law is explained in the above power point presentations
sangeetha952248
 
Chapter 2 -Technology and Enginerring Materials + Composites.pptx
garciajeremiah070
 
Unit1 - AIML Chapter 1 concept and ethics
muthusamyvijay762
 
Java Basics-Introduction and program control
lohithsrikarb719
 
"Array and Linked List in Data Structures with Types, Operations, Implementat...
usham61
 
MLpara ingenieira CIVIL, meca Y AMBIENTAL
MarceloArielTisera
 
Sorting and Hashing in Data Structures with Algorithms, Techniques, Implement...
usham61
 
PRASUNET_20240614003_231416_0000[1].pptx
singlagaurav1311
 
ai_satellite_crop_management_20250815030350.pptx
kathiravanh1919
 
Software Engineering and software moduleing
deepikame6
 
Graph Data Structures with Types, Traversals, Connectivity, and Real-Life App...
usham61
 
Chapter 1 - Introduction to Manufacturing Technology_2.ppt
garciajeremiah070
 
CyberSecurity Mobile and Wireless Devices
RobinRohit2
 
tack Data Structure with Array and Linked List Implementation, Push and Pop O...
usham61
 
CONTRACTS IN CONSTRUCTION PROJECTS: TYPES
Surabhi794944
 
Influence of Green Infrastructure on Residents’ Endorsement of the New Ecolog...
Journal of Contemporary Urban Affairs
 
Ad

Line-Level-Security.pdf--------------------------------

  • 1. IOS Security When a Cisco router or switch is received from the factory no security is configured You can access the command line via a console cable with no password required One of the first tasks is to configure security to ensure that only authorised administrators can access the device
  • 2. IOS Command Hierarchy hostname> User Exec mode hostname# Privileged Exec mode (‘Enable’) hostname(config)# Global Configuration mode (‘Configure Terminal’) hostname(config-if)# Interface Configuration mode (‘Interface x’)
  • 3. Basic Line Level Security Minimal password security can be configured through the use of static, locally defined passwords at three different levels: Console line – accessing User Exec mode when connecting via a console cable Virtual terminal VTY line – accessing User Exec mode when connecting remotely via Telnet or SSH Secure Shell Privileged Exec Mode – entering the ‘enable’ command
  • 4. Basic Line Level Security The levels can be used independently or in combination with each other. They can use the same or different passwords.
  • 5. Basic Console Security Only one administrator can connect over a console cable at a time so the line number is always 0. ‘Login’ with no following keywords requires the administrator to enter the password configured at the line level to log in R1(config)#line console 0 R1(config-line)#password Flackbox1 R1(config-line)#login
  • 6. Basic Console Security R1 con0 is now available Press RETURN to get started. User Access Verification Password: <wrong password> Password: <correct password> R1>
  • 7. Basic Telnet Security An administrator can use Telnet to connect to the CLI of a router or switch remotely over an IP connection IOS devices do not accept incoming Telnet sessions by default An IP address and virtual terminal VTY line access must be configured
  • 8. Switch Management IP Address A Layer 2 Switch is not IP routing aware It does however support a single IP address for management A default gateway also needs to be configured to allow connectivity to other subnets
  • 9. Switch Management IP Address Switch(config)# interface vlan 1 Switch(config-if)# ip address 192.168.0.10 255.255.255.0 Switch(config-if)# no shutdown Switch(config-if)# exit Switch(config)# ip default-gateway 192.168.0.1
  • 10. Basic Telnet Security Multiple administrators can connect at the same time. Lines are allocated on a first come first served basis If all configured lines are in use then additional administrators will not be able to login R1(config)#line vty 0 15 R1(config-line)#password Flackbox2 R1(config-line)#login
  • 11. Basic Telnet Security C:>telnet 10.0.0.1 Trying 10.0.0.1 ...Open User Access Verification Password:<wrong password> Password:<correct password> R1>
  • 12. Exec Timeout An administrator will be logged out after 10 minutes of inactivity by default. This applies to both the console and VTY lines You can edit this value with the exec-timeout command no exec-timeout or exec-timeout 0 allows an administrator to stay logged in indefinitely R1(config)#line con 0 R1(config-line)#exec-timeout 15 R1(config)#line vty 0 15 R1(config-line)#exec-timeout 5 30
  • 13. Securing VTY Lines with Access Lists You can apply an Access List to control access to the VTY lines This can be used to limit Telnet and SSH access to only your administrator workstations R1(config)#access-list 1 permit host 10.0.0.10 R1(config)#line vty 0 15 R1(config-line)#login R1(config-line)#password Flackbox3 R1(config-line)#access-class 1 in
  • 14. Securing VTY Lines with Access Lists Unauthorised source IP address: C:> telnet 10.0.0.1 Trying 10.0.0.1 … % Connection refused by remote host