Documente Academic
Documente Profesional
Documente Cultură
Module Introduction
Robert Ludwiniak, Rich Macfarlane
CSN11111
Introduction
Module Introduction
Time Table
Module Admin
Networking Introduction
Cisco Device Configuration
GNS3 Introduction
GNS3 Demo
Network Device Hardening Introduction
CSN11111
Introduction
Teaching Team
Robert Ludwiniak module leader
Office C65; tel 0131 4552780;
email r.ludwiniak@napier.ac.uk
CSN11111
Introduction
CSN11111
Introduction
Reading List
Network Security
Whitman & Mattord, Principles of Information Security (3rd Edition), Thompson, 2009
Pfleeger CP & Pfleeger SL, Security in Computing (4th Edition), Prentice Hall, 2006
Bruce Schneier, Secrets & Lies - Digital Security in a Networked World, John Wiley &
Sons, 2000
Burns et al, Security Power Tools, OReilly, 2007
Cryptography
Ferguson N & Schneier B, Practical Cryptography, John Wiley & Sons, 2003
Bruce Schneier, Applied Cryptography (2nd Edition), John Wiley & Sons, 1996
Networking
Al Anderson, Ryan Benedetti , Head First Networking, 2009
TCP/IP Illustrated, Volume 1: The Protocols, Addison-Wesley, 1994
CCNA Security
CCNA Security Official Exam Certification Guide, Cisco Press, 2009
Introduction
Resources
All the information regarding the module will be
available on Moodle http://moodle.napier.ac.uk
Cisco Academy - CCNA Security
http://cisco.netacad.net
CSN11111
Assessments
Class Test 1 25%
Introduction
CSN11111
Coursework 50%
CSN11111
Introduction
CSN11111
Introduction
CSN11111
Introduction
CSN11111
Introduction
CSN11111
Introduction
CSN11111
Introduction
Slot 3
Slot 1
Module 1
Module 0
Ethernet
Interface
Slot 2
Slot 0
Serial
Interface
(slot 0, 1, 2, 3)
CSN11111
Introduction
CSN11111
Introduction
CSN11111
Introduction
Configuration
A basic router configuration should contain the
following:
Router name - Host name should be unique
Banner - At a minimum, banner should warn against
unauthorized use
Passwords - Use strong passwords
Interface configurations - Specify interface type, IP
address and subnet mask. Describe purpose of
interface. Issue no shutdown command. If DCE
serial interface issue clock rate command.
After entering in the basic configuration the following
tasks should be completed
Verify basic configuration and router operations.
Save the changes on a router
Configuration - verification
CSN11111
Introduction
Python
Introduction
Router>
Router#
Router(config)
CSN11111
Introduction
Introduction
Error notification
Python
Introduction
GNS3
Simulation of Networks
Network Devices actual OSs
Topology
Connection of Hosts Servers/Users
machines
Python
Introduction
GNS3
CSN11111
Introduction
Networking Protocols
CSN11111
Introduction
Example Infrastructure
CSN11111
Introduction
CSN11111
Introduction
Network IP Address
CSN11111
Introduction
TCP Client/Server
CSN11111
Introduction
DNS Operation
CSN11111
Introduction
ARP Operation
CSN11111
Introduction
ICMP Operation
CSN11111
Introduction
HTTP Operation
Introduction
Operating system
Configure the router with the maximum amount of memory possible.
Use the latest stable version of the operating system that meets the feature
requirements of the network.
Keep a secure copy of the router operating system image and router
configuration file as a backup.
Python
Router hardening
Secure administrative control to ensure that only authorized personnel have
access and that their level of access is controlled.
Disable unused ports and interfaces to reduce the number of ways a device can
be accessed.
Disable unnecessary services that can be used by an attacker to gather
information or for exploitation.
Python
Introduction
Python
Introduction
Python
Introduction
perspective.
Intruders have been known to win court cases because they
did not encounter appropriate warning messages.
Choosing what to place in banner messages is extremely
important and should be reviewed by legal counsel before
being implemented.
Never use the word welcome or any other familiar or
similar greeting that may be misconstrued as an invitation to
use the network.
Unnecessary Services
Router Service
Default
Best Practice
Enabled
Disable.
no ip bootp server
Enabled
Configuration autoloading
Disabled
Disabled
Disabled
Disabled
BOOTP server
FTP server
TFTP server
Description
Same as FTP.
When enabled, the router acts as a time server for
other network devices.
If configured insecurely, NTP can be used to corrupt
the router clock and potentially the clock of other
devices that learn time from the router.
If this service is used, restrict which devices have
access to NTP.
Unnecessary Services
Router Service
Description
Default
Best Practice
Packet assembler
and disassembler
(PAD) service
Enabled
Enabled
(pre 11.3)
Disabled
(11.3+)
Maintenance
Operation Protocol
(MOP) service
Enabled
Description
Default
Best Practice
Enabled
Simple Network
Management Protocol
(SNMP)
Device
dependent
Client
Service
Enabled
Description
Default
Best Practice
ICMP redirects
Enabled
IP source routing
Enabled
Description
Default
Best Practice
Finger service
Enabled
ICMP unreachable
notifications
Enabled
Disabled
Description
Default
Best Practice
IP identification
service
Enabled
Disable.
TCP Keepalives
Disabled
Enable.