SDM Security Audit

Please wait while Security Audit checks if the recommended security settings are configured on the router. Enable TCP Keepallves for inbound telnet sessions Enable TCP Keepalives for outbound telnet sessions Enable Sequence Numbers and Time Stamps on Debugs Set Minimum Password length to less than 6 characters Set Authentication Failure Rate to less than 3 retries Click Close to continue fixing the identified security problems or undoing the configured security configurations in the router....

Combining Access Functions

This topic describes how to combine many ACL functions into two or three larger ACLs. This is an example of a possible configuration for Router R2 in the reference network. This partial configuration file contains several ACLs that contain most of the ACL features explained in this lesson. View this partial configuration as an example of how to integrate multiple ACL policies into a few main router ACLs. The partial configuration file in the table shows how to combine many ACL functions into...

How Cisco IOS Firewall Works

Access-list 101 permit tcp any any eq 23 interface fastethernet0 0 ip access-group 101 in ip inspect FWRULE in access-list 102 deny ip any any interface fastethernetO 1 ip access-group 102 in access-list 101 permit tcp any any eq 23 interface fastethernet0 0 ip access-group 101 in ip inspect FWRULE in access-list 102 deny ip any any interface fastethernetO 1 ip access-group 102 in Control traffic Is inspected by the firewall rule. '2 Firewall creates a dynamic ACL allowing return traffic back...

Module Self Check

Use the questions here to review what you learned in this module. The correct answers and solutions are found in the Module Self-Check Answer Key. Q1) What is a major difficulty that a hacker would encounter when performing an IP spoofing attack (Source Mitigating Network Attacks) A) It is difficult to source packets using the IP address of someone else. B) Antispoofing ACLs usually block such attacks. C) Return traffic typically does not go back to the attacker. D) uRPF always blocks such...

Port Scan and Ping Sweep Mitigation

Port scans and ping sweeps cannot be prevented without compromising network capabilities. However, damage can be mitigated using intrusion prevention systems at network and host levels. Ping sweeps can be stopped if ICMP echo and echo-reply are turned off on edge routers. However, network diagnostic data is lost. Port scans can easily be run without full ping sweeps they simply take longer because they need to scan IP addresses that might not be live. Network-based IPS and host-based IPS (HIPS)...

SNMP Security Models and Levels

Security model is a security strategy used by the SNMP agent Security level is the permitted level of security within a security model Security model is a security strategy used by the SNMP agent Security level is the permitted level of security within a security model Authenticates with a community string match Authenticates with a community string match Provides HMAC MD5 or SHA algorithms for authentication Provides HMAC MD5 or SHA algorithms for authentication Provides DES 56-bit encryption...

Using Traffic Filtering with ACLs

This topic explains the use of traffic filtering with ACLs to mitigate threats in a network. Use ACLs to filter ingress and egress from routers and firewall appliances. Use ACLs to disable and limit services, ports, and protocols. Always apply the following general rules when deciding how to handle router services, ports, and protocols Disable unused services, ports, or protocols. In the case where no one, including the router itself, needs to use an enabled service, port, or protocol, disable...

Cisco IOS Resilient Configuration Feature Verification

This printout shows a sample output of the show secure bootset command. Cisco IOS Resilient Configuration Feature Verification IOS resilience router id JMX0704L5GH IOS image resilience version 12.3 activated at 08 16 51 UTC Sun Secure archive slot0 c3745-js2-mz type is image (elf) file size is 25469248 bytes, run size is 25634900 bytes Runnable image, entry point 0x80008000, run from ram IOS configuration resilience version 12.3 activated at 08 17 02 Secure archive slot0...

IP Spoofing in DoS and Distributed DoS

IP spoofing occurs when a hacker inside or outside a network impersonates the conversations of a trusted computer. IP spoofing can use either a trusted IP address in the network or a trusted external IP address. Uses for IP spoofing include - Injecting malicious data or commands into an existing data stream - Diverting all network packets to the hacker who can then reply as a trusted user by changing the routing tables IP spoofing may only be one step in a larger attack. Routers determine the...

Microsoft Baseline Security Analyzer

The Automatic Updates feature is not installed on this computer. Please upgrade to the latest Service Pack to obtain this feature and then use the Control Panel to configure Automatic Updates. What was scanned How to correct this Computer is running with RestrictAnonymous 0. This level allows basic enumeration of user accounts, account policies, and system information. Set RestrictAnonymous 2 to ensure maximum security. What was scanned How to correct this Some user accounts (2 of 5) have...

Distributed DoS Attack Mitigation TRIN00

TRIN00 is a distributed SYN DoS attack. The attack method is a UDP flood. Distributed DoS Attack Mitigation TRIN00 R2(config) access-list 190 deny tcp any any eq 1524 log R2(config) access-list 190 deny tcp any any eq 27665 log R2(config) access-list 190 deny udp any any eq 31335 log R2(config) access-list 190 deny udp any any eq 27444 log R2(config-if) ip access-group 190 in R2(config-if) ip access-group 190 in The TRIN00 attack sets up communications between clients, handlers, and agents...

Secure Management and Reporting Planning Considerations

This topic explains the factors you must consider when planning the secure management and reporting configuration of network devices. Secure Management and Reporting Planning Considerations Which are the most important logs How are important messages separated from routine notifications How do you prevent tampering with logs How do you make sure time stamps match What log data is needed in criminal investigations How do you deal with the volume of log messages How do you manage all the devices...

Vulnerable Router Services

Disable unnecessary services and interfaces (BOOTP, CDP, FTP, TFTP, NTP, PAD, and TCP UDP minor services) Disable commonly configured management services (SNMP, HTTP, and DNS) Ensure path integrity (ICMP redirects and IP source routing) Disable probes and scans (finger, ICMP unreachables, and ICMP mask replies) Ensure terminal access security (ident and TCP keepalives) Disable gratuitous and proxy ARP Disable IP directed broadcast The services listed in the figure have been chosen for their...