DIT | Network Security Fundamentals

February 21, 2023
NPS


7.1   # SWITCH PORT SECURITY : Remembers the ethernet MAC address connected to the switch port. Allow only the MAC address connected on that port. If any other MAC address tries to communicate through the port, port security will disable the port. Violation to tell the switch what to do when the number of MAC addresses on the port has exceeded the maximum. Various attacks such as Dos attack at layer 2, address spoofing can take place. If the administrator has control over the network then obviously the network is safe. To take total control over the switch ports, the user can use a feature called port-security.

  1. Shutdown mode is the default is to no shutdown the port on the cisco switch.
  2. Protect mode only allow traffic from the secure port and drop packets from other MAC addresses.
  3. Restrict mode to alert the network administrator. It will geerate the log message, increment the counter value, and will also send an SNMP trap.
  4. Sticky mode This is not a violation mode. By using the sticky command, the user provides static Mac address security without typing the absolute Mac address.

Note: - The port security will work on access port only i.e to enable port security, the user first has to make it an access port.

7.2   # CONFIGURATION OF PORT SECURITY
# How to do secure port for sticky security?
Switch (config) #interface fastethernet 0/1
Switch (config-if) #no shutdown
Switch (config-if) #switchport mode access
Switch (config-if) #switchport port-security mac-address sticky 0060.7099.bc89
Switch (config-if) #exit

# How to do secure port for maximum security?
Switch (config) #interface fastethernet 0/1
Switch (config-if) #no shutdown
Switch (config-if) #switchport mode access
Switch (config-if) #switchport port-security maximum < 1-132 >
Switch (config-if) #exit

# How to do secure port for violation security?
Switch (config) #interface fastethernet 0/1
Switch (config-if) #no shutdown
Switch (config-if) #switchport mode access
Switch (config-if) #switchport port-security violation < Protect, Restrict, Shutdown >
Switch (config-if) #exit

# How to do secure port for aging-time security?
Switch (config) #interface fastethernet 0/1
Switch (config-if) #no shutdown
Switch (config-if) #switchport mode ac-cess
Switch (config-if) #switchport port-security aging time 120
Switch (config-if) #storm-control broadcast level 755
Switch (config-if) #storm-control action shutdown
Switch (config-if) #exit

# Troubleshooting:
Q. Which command to show the port status?
Switch #show port-security
Q. Which command to show the individual port status?
Switch #show port-security interface fa 0/1

Q. Which command to clear the port-security?
Switch #clear port-security all

Q. Which command to show the port-security status?
Switch #show port-security address

Q. Which command to remove the port-security status?
Switch #no switchport port-security

Q. Which command to show the port mac-address?
Switch #show mac-address-table

7.3   # DEFINE KEY SECURITY CONCEPTS : Network security is any activity designed to protect the usability and integrity of your network and data.Primary goal of network security include Confidentiality, Integrity and Availability.

Threats: A potential danger to a company's assets, data, network futionality.

Vulnerability: A weakness in a sysytem or its design that could be exploited by a threat.

Exploit: A mechanism that takes advantage of a vulnerability.

Mitigation Techniques: The process of taking countermeasures to reduce the severity of potential threat or risk. B) Describe security program elements (User awareness, training, and physical accesscontrol) USER AWARENESS : End users are becoming the largest security risk in any organization because it can happen anytime. End user Threats - Using of social media, Text Messaging, Apps download, Use of email, Password creation and usages. END USER SECURITY AWARENESS TRAIING : It is better to arrange a cyber security awareness training program on regular basis and should cove the following topic Cyber security and its importance, Different types of Cyber threats, How to use internet, Email phishing and socail engineering attack, Device security, Physical security and Password creation and usages. PHYSICAL ACCESS CONTROL : Physical access control system that provides network infrastructure security with protection of digital assets as well as high priority worldwide. The following access controller CCTV Integration, Server rack and Cabinet Door physical security, Two Door Interlock/Mantrap, Visitor Mangement, Multi-factor Identity Authentication, Multi-site Integration C) Configure the device access control using local password There are three types of line on cisco routers : CON - Provides CLI access via a console cable. AUX - Provide CLI access via a aux cables. VTY - Virtual lines that allow SSH or Telnet access to the device. LAB a) Login into Router via Console b) Set host name C) Set eable password d) Check enable password and Remove enable password e) Set enable secret password and check f) Set console password and check g) Encrypt all password in the router h) Setup IP Address as following topology i) Enable AAA module j) Create a user k) Configure Telent l) Telent into Router from PC m) Configure SSH n) SSH into Router from PC 0) Disable Telnet and allow any SSH and Check The five elements of a successful Security Awareess Program Education on the different types of cyber threats. Spam, Email, Internet, Socail media and Privacy policies. Secure password policies combined with Multifactor Authentication. Threat recognition and response training. Regular vulnerability testing: - Confidentiality, Integrity and Availability also known as the CIA triad is a model desiged to guide policies for information security within an organization. The elements of the triad are considered the three most crucial components of security. Confidentiality is a set of rules that limits access to information, Integrity is the assurance that the information is trustworthy and accurate and Availability is a guarantee of reliable access to the information by authorized people. According to Cisco security solutions for an organization may be broadly devided into three categories. These are :- A) Physical security: The following form physical security 1. Security cameras and other monitoring devices. 2. Security personnel 3. Climatic controls for proper temperature, humididty and etc. 4. Physical barriers. B) Administrative Security: The following form administrative security 1. Maintaining log books. 2. Screening employees and security personnel. 3. Maintaining security policies. 4. Security awareness programs and etc. c) Logical Security: The following form logically security 1. Authentication system, 2. Firewall. 3. Encryption schemes and etc.

NEXT

Be updated into yourself and improve lives through DDZ.

What is example of inbound traffic ?
Inbound Traffic, in this context, is network traffic originating from an untrusted network towards a private host or enclave. For example: An untrusted network host connecting to a internal commercial portal, shopping.example.com. An external mail server connecting to an internal mail server, mail.example.com.

What is an example of outbound traffic ?
Outbound traffic, in this context, is network traffic originating from a private host or enclave destined towards untrusted networks. For example: An enterprise desktop intranet user connecting to www.example.com. An internal mail server connecting to an external mail server, mail.example.com.

Post a Comment

0 Comments