CCNA 4Chapter 4
Network Security
Rainier Pimentel
Chap 4 – Net Sec – Lab 1
Rainier Pimentel
200.1.3.1/24
200.1.4.100/24
200.1.3.2/24
200.1.4.1/24
200.1.3.1/24
200.1.3.1/24
200.1.1.100/24
200.1.1.1/24
Minimum Password Length
2620-R3(config)#security passwords MIN-length 102620-R3(config)#enable secret cisco
% Password too short - must be at least 10 characters. Password configuration failed
2620-R3(config)#enable secret cisco12345
Rainier Pimentel
CANNOT BE DONE IN PACKET TRACER 5.2
FOUR Primary Classes Of Attacks
1. Reconnaissance2. Access3. Denial of Service4. Worms, Viruses, and Trojan Horses
Reconnaissance
Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities.
Reconnaissance is similar to a thief surveying a neighborhood for vulnerable homes to break into.
It is also known as information gathering.
It is also known as information gathering.
Reconnaissance attacks can consist of the following:
Internet information queries Ping sweeps Port scans Packet sniffers
Reconnaissance : Internet information queries
Reconnaissance : Internet information queries
Reconnaissance : Ping sweeps using Net Tools (IP scanner)
A ping sweep (also known as an ICMP sweep) is a basic network scanning technique used to determine which of a range of IP addresses map to live hosts (computers).
Reconnaissance : Port scans
Reconnaissance : Port scans using Port scanner
Reconnaissance : Packet sniffers
Access System access is the ability for an intruder to
gain access to a device for which the intruder does not have password.
L0phtCrack CAIN
Denial of service Denial of service (DoS) is when an attacker disables or corrupts networks, systems, with the intent to deny services to
intended users. Net Tools (pinger)
C:\> Ping –t 192.168.1.98C:\>fping –n 1000 –a 192.168.1.47-n=number of echo request to send-a=resolve addresses to hostnames-c=continuous ping
Users are unable to access a company server. The system logs show that the server is operating slowly because it is receiving a high level of fake requests for service. Which type of attack is occurring?
a. reconnaissanceb. accessc. DoSd. worme. virusf. Trojan horse
Rainier Pimentel
Users are unable to access a company server. The system logs show that the server is operating slowly because it is receiving a high level of fake requests for service. Which type of attack is occurring?
a. reconnaissanceb. accessc. DoSd. worme. virusf. Trojan horse
Rainier Pimentel
Worms, Viruses, and Trojan Horses Malicious software can be inserted onto a host to damage or corrupt a
system, replicate itself, or deny access to networks, systems, or services
Simulation: VIRUS
• Create a batch file that will automatically restart or shutdown or logoff a computer
• Save the batch file as love.txt_____________________.bat
• Send the file by email
Rainier Pimentel
An IT director has begun a campaign to remind users to avoid opening e-mail messages from suspicious sources. Which type of attack is the IT director trying to protect users from?
a. DoSb. DDoSc. virusd. accesse. reconnaissance
Rainier Pimentel
An IT director has begun a campaign to remind users to avoid opening e-mail messages from suspicious sources. Which type of attack is the IT director trying to protect users from?
a. DoSb. DDoSc. virusd. accesse. reconnaissance
Rainier Pimentel
Stages of an Attack
• Today’s attackers have a abundance of targets. In fact their greatest challenge is to select the most vulnerable victims. This has resulted in very well- planned and structured attacks. These attacks have common logistical and strategic stages. These stages include;
– Reconnaissance– Scanning (addresses, ports, vulnerabilities)– Gaining access– Maintaining Access– Covering Tracks
Tools of the Attacker
• The following are a few of the most popular tools used by network attackers:– Enumeration tools (dumpreg, netview and netuser)– Port/address scanners (AngryIP, nmap, Nessus)– Vulnerability scanners (Meta Sploit, Core Impact, ISS)– Packet Sniffers (Snort, Wire Shark, Air Magnet)– Root kits– Cryptographic cracking tools (Cain, WepCrack)– Malicious codes (worms, Trojan horse, time bombs)– System hijack tools (netcat, MetaSploit, Core Impact)
Password Recovery Procedures
1. Connect to the console port.2. Use the show version command to view and record
the configuration register 3. Use the power switch to turn off the router, and then
turn the router back on.4. Press Break on the terminal keyboard within 60 seconds
of power up to put the router into ROMmon.5. At the rommon 1> prompt Type confreg 0x2142. 6. Type reset at the rommon 2> prompt. The router
reboots, but ignores the saved configuration.7. Type no after each setup question, or press Ctrl-C to
skip the initial setup procedure.8. Type enable at the Router> prompt.
Password Recovery Procedures, 2
9. Type copy startup-config running-config to copy the NVRAM into memory.
10. Type show running-config. 11. Enter global configuration and type the enable secret
command to change the enable secret password. 12. Issue the no shutdown command on every interface to be used.
Once enabled, issue a show ip interface brief command. Every interface to be used should display ‘up up’.
13. Type config-register configuration_register_setting. The configuration_register_setting is either the value recorded in Step 2 or 0x2102 .
14. Save configuration changes using the copy running-config startup-config command.
Password Recovery (summary)
• Press Break on the terminal keyboard within 60 seconds of power up in order to put the router into ROMMON.
• rommon 1> confreg 0x2142• rommon 2> reset• The router reboots, but ignores the saved
configuration.• Type no after each setup question
Rainier Pimentel
Password Recovery: Configuration Register
Rainier Pimentel
15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
0 0 1 0 0 0 0 1 0 0 0 0 0 0 1 0
Binary Bit Number
Binary Number
Password Recovery: Configuration Register
Rainier Pimentel
15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
0 0 1 0 0 0 0 1 0 0 0 0 0 0 1 0
2 1 2
2102
0x2102 tells the router to load from flash & NVRAM. It uses bits 13, 8 and 1.
• Ignores break• Boots into ROM if initial boot fails• 9600 console baud rate default value for most platforms
Password Recovery: Configuration Register
Rainier Pimentel
15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
0 0 1 0 0 0 0 1 0 1 0 0 0 0 1 0
2 1 242142
• Ignores break• Boots into ROM if initial boot fails• 9600 console baud rate• Ignores the contents of Non-Volatile RAM (NVRAM)
(ignores configuration)
Password Recovery: Configuration Register
Rainier Pimentel
15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
0 0 1 0 0 0 0 1 0 0 0 0 0 0 1 0
2 12100
• configures the router to boot to ROM monitor mode.
The password recovery process begins in which operating mode and using what type of connection? (Choose two.)
a. ROM monitorb. boot ROMc. Cisco IOSd. direct connection through the console porte. network connection through the Ethernet portf. network connection through the serial port
Rainier Pimentel
The password recovery process begins in which operating mode and using what type of connection? (Choose two.)
a. ROM monitorb. boot ROMc. Cisco IOSd. direct connection through the console porte. network connection through the Ethernet portf. network connection through the serial port
Rainier Pimentel
ENDRainier Pimentel
Configure a Router to Support SDM
2620-R3#config t2620-R3(config)#ip http server2620-R3(config)#ip http secure-server2620-R3(config)#ip http authentication local2620-R3(config)#ip http timeout-policy idle 600 life
86400 requests 100002620-R3(config)#exit
Rainier Pimentel
Configure a Router to Support SDM
2620-R3(config)#username admin privilege 15 secret 0 cisco
2620-R3(config)#line vty 0 42620-R3(config-line)#privilege level 152620-R3(config-line)#login local2620-R3(config-line)#transport input telnet ssh2620-R3(config-line)#
Rainier Pimentel