CCNA 4Chapter 4

Network Security

Rainier Pimentel

Chap 4 – Net Sec – Lab 1

Rainier Pimentel

200.1.3.1/24

200.1.4.100/24

200.1.3.2/24

200.1.4.1/24

200.1.3.1/24

200.1.3.1/24

200.1.1.100/24

200.1.1.1/24

Minimum Password Length

2620-R3(config)#security passwords MIN-length 102620-R3(config)#enable secret cisco

% Password too short - must be at least 10 characters. Password configuration failed

2620-R3(config)#enable secret cisco12345

Rainier Pimentel

CANNOT BE DONE IN PACKET TRACER 5.2

FOUR Primary Classes Of Attacks

1. Reconnaissance2. Access3. Denial of Service4. Worms, Viruses, and Trojan Horses

Reconnaissance

Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities.

Reconnaissance is similar to a thief surveying a neighborhood for vulnerable homes to break into.

It is also known as information gathering.

It is also known as information gathering.

Reconnaissance attacks can consist of the following:

Internet information queries Ping sweeps Port scans Packet sniffers

Reconnaissance : Internet information queries

Reconnaissance : Internet information queries

Reconnaissance : Ping sweeps using Net Tools (IP scanner)

A ping sweep (also known as an ICMP sweep) is a basic network scanning technique used to determine which of a range of IP addresses map to live hosts (computers).

Reconnaissance : Port scans

Reconnaissance : Port scans using Port scanner

Reconnaissance : Packet sniffers

Access System access is the ability for an intruder to

gain access to a device for which the intruder does not have password.

L0phtCrack CAIN

Denial of service Denial of service (DoS) is when an attacker disables or corrupts networks, systems, with the intent to deny services to

intended users. Net Tools (pinger)

C:\> Ping –t 192.168.1.98C:\>fping –n 1000 –a 192.168.1.47-n=number of echo request to send-a=resolve addresses to hostnames-c=continuous ping

Users are unable to access a company server. The system logs show that the server is operating slowly because it is receiving a high level of fake requests for service. Which type of attack is occurring?

a. reconnaissanceb. accessc. DoSd. worme. virusf. Trojan horse

Rainier Pimentel

Users are unable to access a company server. The system logs show that the server is operating slowly because it is receiving a high level of fake requests for service. Which type of attack is occurring?

a. reconnaissanceb. accessc. DoSd. worme. virusf. Trojan horse

Rainier Pimentel

Worms, Viruses, and Trojan Horses Malicious software can be inserted onto a host to damage or corrupt a

system, replicate itself, or deny access to networks, systems, or services

Simulation: VIRUS

• Create a batch file that will automatically restart or shutdown or logoff a computer

• Save the batch file as love.txt_____________________.bat

• Send the file by email

Rainier Pimentel

An IT director has begun a campaign to remind users to avoid opening e-mail messages from suspicious sources. Which type of attack is the IT director trying to protect users from?

a. DoSb. DDoSc. virusd. accesse. reconnaissance

Rainier Pimentel

An IT director has begun a campaign to remind users to avoid opening e-mail messages from suspicious sources. Which type of attack is the IT director trying to protect users from?

a. DoSb. DDoSc. virusd. accesse. reconnaissance

Rainier Pimentel

Stages of an Attack

• Today’s attackers have a abundance of targets. In fact their greatest challenge is to select the most vulnerable victims. This has resulted in very well- planned and structured attacks. These attacks have common logistical and strategic stages. These stages include;

– Reconnaissance– Scanning (addresses, ports, vulnerabilities)– Gaining access– Maintaining Access– Covering Tracks

Tools of the Attacker

• The following are a few of the most popular tools used by network attackers:– Enumeration tools (dumpreg, netview and netuser)– Port/address scanners (AngryIP, nmap, Nessus)– Vulnerability scanners (Meta Sploit, Core Impact, ISS)– Packet Sniffers (Snort, Wire Shark, Air Magnet)– Root kits– Cryptographic cracking tools (Cain, WepCrack)– Malicious codes (worms, Trojan horse, time bombs)– System hijack tools (netcat, MetaSploit, Core Impact)

Password Recovery Procedures

1. Connect to the console port.2. Use the show version command to view and record

the configuration register 3. Use the power switch to turn off the router, and then

turn the router back on.4. Press Break on the terminal keyboard within 60 seconds

of power up to put the router into ROMmon.5. At the rommon 1> prompt Type confreg 0x2142. 6. Type reset at the rommon 2> prompt. The router

reboots, but ignores the saved configuration.7. Type no after each setup question, or press Ctrl-C to

skip the initial setup procedure.8. Type enable at the Router> prompt.

Password Recovery Procedures, 2

9. Type copy startup-config running-config to copy the NVRAM into memory.

10. Type show running-config. 11. Enter global configuration and type the enable secret

command to change the enable secret password. 12. Issue the no shutdown command on every interface to be used.

Once enabled, issue a show ip interface brief command. Every interface to be used should display ‘up up’.

13. Type config-register configuration_register_setting. The configuration_register_setting is either the value recorded in Step 2 or 0x2102 .

14. Save configuration changes using the copy running-config startup-config command.

Password Recovery (summary)

• Press Break on the terminal keyboard within 60 seconds of power up in order to put the router into ROMMON.

• rommon 1> confreg 0x2142• rommon 2> reset• The router reboots, but ignores the saved

configuration.• Type no after each setup question

Rainier Pimentel

Password Recovery: Configuration Register

Rainier Pimentel

15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0

0 0 1 0 0 0 0 1 0 0 0 0 0 0 1 0

Binary Bit Number

Binary Number

Password Recovery: Configuration Register

Rainier Pimentel

15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0

0 0 1 0 0 0 0 1 0 0 0 0 0 0 1 0

2 1 2

2102

0x2102 tells the router to load from flash & NVRAM. It uses bits 13, 8 and 1.

• Ignores break• Boots into ROM if initial boot fails• 9600 console baud rate default value for most platforms

Password Recovery: Configuration Register

Rainier Pimentel

15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0

0 0 1 0 0 0 0 1 0 1 0 0 0 0 1 0

2 1 242142

• Ignores break• Boots into ROM if initial boot fails• 9600 console baud rate• Ignores the contents of Non-Volatile RAM (NVRAM)

(ignores configuration)

Password Recovery: Configuration Register

Rainier Pimentel

15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0

0 0 1 0 0 0 0 1 0 0 0 0 0 0 1 0

2 12100

• configures the router to boot to ROM monitor mode.

The password recovery process begins in which operating mode and using what type of connection? (Choose two.)

a. ROM monitorb. boot ROMc. Cisco IOSd. direct connection through the console porte. network connection through the Ethernet portf. network connection through the serial port

Rainier Pimentel

The password recovery process begins in which operating mode and using what type of connection? (Choose two.)

a. ROM monitorb. boot ROMc. Cisco IOSd. direct connection through the console porte. network connection through the Ethernet portf. network connection through the serial port

Rainier Pimentel

ENDRainier Pimentel

Configure a Router to Support SDM

2620-R3#config t2620-R3(config)#ip http server2620-R3(config)#ip http secure-server2620-R3(config)#ip http authentication local2620-R3(config)#ip http timeout-policy idle 600 life

86400 requests 100002620-R3(config)#exit

Rainier Pimentel

Configure a Router to Support SDM

2620-R3(config)#username admin privilege 15 secret 0 cisco

2620-R3(config)#line vty 0 42620-R3(config-line)#privilege level 152620-R3(config-line)#login local2620-R3(config-line)#transport input telnet ssh2620-R3(config-line)#

Rainier Pimentel