![Page 1: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/1.jpg)
CCNA 4Chapter 4
Network Security
Rainier Pimentel
![Page 2: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/2.jpg)
Chap 4 – Net Sec – Lab 1
Rainier Pimentel
200.1.3.1/24
200.1.4.100/24
200.1.3.2/24
200.1.4.1/24
200.1.3.1/24
200.1.3.1/24
200.1.1.100/24
200.1.1.1/24
![Page 3: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/3.jpg)
Minimum Password Length
2620-R3(config)#security passwords MIN-length 102620-R3(config)#enable secret cisco
% Password too short - must be at least 10 characters. Password configuration failed
2620-R3(config)#enable secret cisco12345
Rainier Pimentel
CANNOT BE DONE IN PACKET TRACER 5.2
![Page 4: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/4.jpg)
FOUR Primary Classes Of Attacks
1. Reconnaissance2. Access3. Denial of Service4. Worms, Viruses, and Trojan Horses
![Page 5: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/5.jpg)
Reconnaissance
Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities.
Reconnaissance is similar to a thief surveying a neighborhood for vulnerable homes to break into.
It is also known as information gathering.
It is also known as information gathering.
![Page 6: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/6.jpg)
Reconnaissance attacks can consist of the following:
Internet information queries Ping sweeps Port scans Packet sniffers
![Page 7: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/7.jpg)
Reconnaissance : Internet information queries
![Page 8: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/8.jpg)
Reconnaissance : Internet information queries
![Page 9: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/9.jpg)
Reconnaissance : Ping sweeps using Net Tools (IP scanner)
A ping sweep (also known as an ICMP sweep) is a basic network scanning technique used to determine which of a range of IP addresses map to live hosts (computers).
![Page 10: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/10.jpg)
Reconnaissance : Port scans
![Page 11: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/11.jpg)
Reconnaissance : Port scans using Port scanner
![Page 12: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/12.jpg)
Reconnaissance : Packet sniffers
![Page 13: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/13.jpg)
Access System access is the ability for an intruder to
gain access to a device for which the intruder does not have password.
L0phtCrack CAIN
![Page 14: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/14.jpg)
Denial of service Denial of service (DoS) is when an attacker disables or corrupts networks, systems, with the intent to deny services to
intended users. Net Tools (pinger)
C:\> Ping –t 192.168.1.98C:\>fping –n 1000 –a 192.168.1.47-n=number of echo request to send-a=resolve addresses to hostnames-c=continuous ping
![Page 15: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/15.jpg)
Users are unable to access a company server. The system logs show that the server is operating slowly because it is receiving a high level of fake requests for service. Which type of attack is occurring?
a. reconnaissanceb. accessc. DoSd. worme. virusf. Trojan horse
Rainier Pimentel
![Page 16: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/16.jpg)
Users are unable to access a company server. The system logs show that the server is operating slowly because it is receiving a high level of fake requests for service. Which type of attack is occurring?
a. reconnaissanceb. accessc. DoSd. worme. virusf. Trojan horse
Rainier Pimentel
![Page 17: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/17.jpg)
Worms, Viruses, and Trojan Horses Malicious software can be inserted onto a host to damage or corrupt a
system, replicate itself, or deny access to networks, systems, or services
![Page 18: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/18.jpg)
Simulation: VIRUS
• Create a batch file that will automatically restart or shutdown or logoff a computer
• Save the batch file as love.txt_____________________.bat
• Send the file by email
Rainier Pimentel
![Page 19: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/19.jpg)
An IT director has begun a campaign to remind users to avoid opening e-mail messages from suspicious sources. Which type of attack is the IT director trying to protect users from?
a. DoSb. DDoSc. virusd. accesse. reconnaissance
Rainier Pimentel
![Page 20: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/20.jpg)
An IT director has begun a campaign to remind users to avoid opening e-mail messages from suspicious sources. Which type of attack is the IT director trying to protect users from?
a. DoSb. DDoSc. virusd. accesse. reconnaissance
Rainier Pimentel
![Page 21: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/21.jpg)
Stages of an Attack
• Today’s attackers have a abundance of targets. In fact their greatest challenge is to select the most vulnerable victims. This has resulted in very well- planned and structured attacks. These attacks have common logistical and strategic stages. These stages include;
– Reconnaissance– Scanning (addresses, ports, vulnerabilities)– Gaining access– Maintaining Access– Covering Tracks
![Page 22: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/22.jpg)
Tools of the Attacker
• The following are a few of the most popular tools used by network attackers:– Enumeration tools (dumpreg, netview and netuser)– Port/address scanners (AngryIP, nmap, Nessus)– Vulnerability scanners (Meta Sploit, Core Impact, ISS)– Packet Sniffers (Snort, Wire Shark, Air Magnet)– Root kits– Cryptographic cracking tools (Cain, WepCrack)– Malicious codes (worms, Trojan horse, time bombs)– System hijack tools (netcat, MetaSploit, Core Impact)
![Page 23: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/23.jpg)
Password Recovery Procedures
1. Connect to the console port.2. Use the show version command to view and record
the configuration register 3. Use the power switch to turn off the router, and then
turn the router back on.4. Press Break on the terminal keyboard within 60 seconds
of power up to put the router into ROMmon.5. At the rommon 1> prompt Type confreg 0x2142. 6. Type reset at the rommon 2> prompt. The router
reboots, but ignores the saved configuration.7. Type no after each setup question, or press Ctrl-C to
skip the initial setup procedure.8. Type enable at the Router> prompt.
![Page 24: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/24.jpg)
Password Recovery Procedures, 2
9. Type copy startup-config running-config to copy the NVRAM into memory.
10. Type show running-config. 11. Enter global configuration and type the enable secret
command to change the enable secret password. 12. Issue the no shutdown command on every interface to be used.
Once enabled, issue a show ip interface brief command. Every interface to be used should display ‘up up’.
13. Type config-register configuration_register_setting. The configuration_register_setting is either the value recorded in Step 2 or 0x2102 .
14. Save configuration changes using the copy running-config startup-config command.
![Page 25: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/25.jpg)
Password Recovery (summary)
• Press Break on the terminal keyboard within 60 seconds of power up in order to put the router into ROMMON.
• rommon 1> confreg 0x2142• rommon 2> reset• The router reboots, but ignores the saved
configuration.• Type no after each setup question
Rainier Pimentel
![Page 26: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/26.jpg)
Password Recovery: Configuration Register
Rainier Pimentel
15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
0 0 1 0 0 0 0 1 0 0 0 0 0 0 1 0
Binary Bit Number
Binary Number
![Page 27: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/27.jpg)
Password Recovery: Configuration Register
Rainier Pimentel
15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
0 0 1 0 0 0 0 1 0 0 0 0 0 0 1 0
2 1 2
2102
0x2102 tells the router to load from flash & NVRAM. It uses bits 13, 8 and 1.
• Ignores break• Boots into ROM if initial boot fails• 9600 console baud rate default value for most platforms
![Page 28: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/28.jpg)
Password Recovery: Configuration Register
Rainier Pimentel
15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
0 0 1 0 0 0 0 1 0 1 0 0 0 0 1 0
2 1 242142
• Ignores break• Boots into ROM if initial boot fails• 9600 console baud rate• Ignores the contents of Non-Volatile RAM (NVRAM)
(ignores configuration)
![Page 29: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/29.jpg)
Password Recovery: Configuration Register
Rainier Pimentel
15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
0 0 1 0 0 0 0 1 0 0 0 0 0 0 1 0
2 12100
• configures the router to boot to ROM monitor mode.
![Page 30: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/30.jpg)
The password recovery process begins in which operating mode and using what type of connection? (Choose two.)
a. ROM monitorb. boot ROMc. Cisco IOSd. direct connection through the console porte. network connection through the Ethernet portf. network connection through the serial port
Rainier Pimentel
![Page 31: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/31.jpg)
The password recovery process begins in which operating mode and using what type of connection? (Choose two.)
a. ROM monitorb. boot ROMc. Cisco IOSd. direct connection through the console porte. network connection through the Ethernet portf. network connection through the serial port
Rainier Pimentel
![Page 32: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/32.jpg)
ENDRainier Pimentel
![Page 33: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/33.jpg)
Configure a Router to Support SDM
2620-R3#config t2620-R3(config)#ip http server2620-R3(config)#ip http secure-server2620-R3(config)#ip http authentication local2620-R3(config)#ip http timeout-policy idle 600 life
86400 requests 100002620-R3(config)#exit
Rainier Pimentel
![Page 34: CCNA 4 - Chap 4 - Network Security for Students #1](https://reader033.vdocument.in/reader033/viewer/2022051211/552674404a7959e6488b50aa/html5/thumbnails/34.jpg)
Configure a Router to Support SDM
2620-R3(config)#username admin privilege 15 secret 0 cisco
2620-R3(config)#line vty 0 42620-R3(config-line)#privilege level 152620-R3(config-line)#login local2620-R3(config-line)#transport input telnet ssh2620-R3(config-line)#
Rainier Pimentel