Đang tải... (xem toàn văn)
Giáo trình hướng dẫn học tập CCNA chương 2. Giúp người học tìm hiểu cơ bản về CCNA. Trong giáo trình cũng có các ví dụ mình họa để người học hiểu hơn về bài giảng. Kết cấu bài học gồm 11 chương. Mỗi chương sẽ có 1 nội dung phù hợp với thời lượng khoảng 2 tiết.
Chapter 2: Securing Network Devices CCNA Security v2.0 2.0 Introduction 2.1 Securing Device Access 2.2 Assigning Administrative Roles Chapter Outline 2.3 Monitoring and Managing Devices 2.4 Using Automated Security Features 2.5 Securing the Control Plane 2.6 Summary © 2013 Cisco and/or its affiliates All rights reserved Cisco Public Section 2.1: Securing Device Access Upon completion of this section, you should be able to: • Explain how to secure a network perimeter • Configure secure administrative access to Cisco routers • Configure enhanced security for virtual logins • Configure an SSH daemon for secure remote management © 2013 Cisco and/or its affiliates All rights reserved Cisco Public Topic 2.1.1: Securing the Edge Router © 2013 Cisco and/or its affiliates All rights reserved Cisco Public Securing the Network Infrastructure © 2013 Cisco and/or its affiliates All rights reserved Cisco Public Edge Router Security Approaches • Single Router Approach A single router connects the internal LAN to the Internet All security policies are configured on this device Router (R1) Internet LAN 192.168.2.0 • Defense-in-depth Approach Passes everything through to the firewall A set of rules determines what traffic the router will allow or deny R1 Firewall Internet LAN 192.168.2.0 • DMZ Approach The DMZ is set up between two routers Most traffic filtering left to the firewall © 2013 Cisco and/or its affiliates All rights reserved Internet R1 Firewall R2 LAN 192.168.2.0 DMZ Cisco Public Three Areas of Router Security • Physical Security Place router in a secured, locked room Install an uninterruptible power supply • Operating System Security Use the latest stable version that meets network requirements Keep a copy of the O/S and configuration file as a backup • Router Hardening Secure administrative control Disable unused ports and interfaces Disable unnecessary services © 2013 Cisco and/or its affiliates All rights reserved Cisco Public Secure Administrative Access Tasks: • Restrict device accessibility • Log and account for all access • Authenticate access • Authorize actions • Present legal notification • Ensure the confidentiality of data © 2013 Cisco and/or its affiliates All rights reserved Cisco Public Secure Local and Remote Access Local Access Remote Access Using Telnet Remote Access Using Modem and Aux Port © 2013 Cisco and/or its affiliates All rights reserved Cisco Public Secure Local and Remote Access (Cont.) Dedicated Management Network © 2013 Cisco and/or its affiliates All rights reserved Cisco Public 10