index...
TRANSCRIPT
INDEX
Symbols & Numerics
| (pipe), 182
3DES (Data Encryption Standard), 25010Base2, 21, 9110Base5, 21, 9110BaseT, 21, 91100BaseT, 21, 92802.1Q, 26802.11 networks, 881000 GE, 21, 92
A
AAA, 228–229
accounting, 231–232authentication, 230authorization, 230–231
ABRs (Area Border Routers), 63access lists, 353–355
extended, 196–198IP packet debugging, 179–180standard, 190–195wildcard masks, 192
accessing Cisco routers, 187accounting, 228, 231–232ACKs (acknowledgments), 58ACS (Cisco Secure Access Control Server).
See
Cisco SecureActive Directory, 135Active FTP, 116–118adaptive cut-through switching, 23adjacencies, 62administrative distances, 51AES (Advanced Encryption Standard),
250–251
agents (SNMP), 124Aggregator attribute (BGP), 73aggressive mode (IKE), 259AH, 257–258alias command, 175allocating IP addresses, InterNIC, 357ambiguous test questions, decoding, 628–629anomaly-based analysis, 386anomoly-based IDS systems, 305application layer (OSI model), 18applications
NetRanger, 309
Director
, 311
typical network placement
, 309TFTP, 114
applying access lists to interfaces, 193–195areas, 62ARP, 38–39AS (autonomous systems), 62AS_Path attribute (BGP), 73ASA (Adaptive Security Algorithm), 362ASBRs (Autonomous system boundary
routers), 63asynchronous communications, 80–81Atomic Aggregate attribute (BGP), 73attacks
birthday attacks, 421CAM overflow, 201–202chargen, 420CPU-intensive, 420DDoS, 420DHCP starvation, 207–208DNS poisoning, 420DoS, 418, 421E-mail, 420incident response teams, 415–416Land.C, 420MAC spoofing, 205–207
man in the middle, 421methods of, 417motivation for, 413ping of death, 419sacrificial hosts, 419smurf, 421spoof attacks, 421STP manipulation, 204TCP SYN flood, 419teardrop, 420UDP bombs, 420VLAN hopping, 202–203
attributes of RADIUS, 234–235authentication, 228–230
HTTP, 120method lists, 238on TACACAS+ servers, 240PPP, 78
authoritative time sources
configuring, 131–132stratum, 130–131
authorization, 229–231
on TACACAS+ servers, 240–241
AVVID (Cisco Architecture for Voice, Video and Integrated Data), 84
WLAN solutions, 85–88
B
bastion hosts, 419BECN (backward explicit congestion
notification), 79BGP (Border Gateway Protocol), 71
attributes, 72–74characteristics, 72configuring, 74–75messages, 71
birthday attacks, 421
bit-flip attacks, 87Blocking state (spanning tree), 24bootstrap program, 159BPDUs (Bridge Protocol Data Units), 24BRI, 75bridging, 22
port states, 24transparent, 23
broadcast domains, 23buffers, 157
C
calculating hosts per subnet, 30–31CAM tables, 22
overflow, 199–200overflow attacks, 201–202
Catalyst 6500 Series Switch, IDSM-2, 312CBAC (Content-Based Access Control), 378
audit trail messages, enabling, 505configuring, 380–382
CEP (Certificate Enrollment Protocol), 272CERT/CC (Computer Emergency Response
Team Coordination Center), 413–414certification exam, objectives, 627characteristics
of RIP, 52of RIPv1, 52of RIPv2, 53
chargen attacks, 420CIDR (classless inter-domain routing), 32Cisco 7200 routers, switching methods
website, 176Cisco IDS, 422
RDEP, 138–139sensors, 423Signature Engines, 423–424supported products, 422
672
Cisco IOS, 165
firewall features, 377–379intrusion prevention methods
core dumps
, 430
disabling default services
, 429
disabling DHCP
, 427
disabling TCP/UDP small servers
, 427
enabling sequence numbering
, 428
enabling TCP intercept
, 429
Nagle algorithm
, 425–426modes of operation, 164password recovery, 182–187
Cisco IOS SSH, 135–138Cisco Product Security Incident Response
Team, web site, 414Cisco SDM (Security Device Manager), 328Cisco Secure, 301
AAA features, 302features, 301test topics, 301
Cisco Secure IDS, 309
sensors, 309–310
Cisco Secure VPN Client, 326–328Cisco TFTP, 114Cisco VPN 3000 Series Concentrators,
314–316, 319–325classful addressing, 33classful routing protocols, 33clear conduit command, 372clock sources, 131–132
NTP configuration, 130–131
Cluster-List attribute (BGP), 73collisions, jam signals, 20commands
| (pipe) modifier, 182alias, 175clear conduit, 372conduit, options, 372copy running-config startup-config, 165copy tftp flash, 115debug all, 179global, options, 368HSRP, 43ip http authentication, 120ip route-cache, 176ip subnet-zero, 32ip verify unicast reverse-path, 430logging console debug, 175
service password-encryption, 189service tcp-keepalives-in, 426set vlan, 24shortcuts, creating, 175show accounting, 231–232show debugging, 170show interface, 163show interfaces, 171–172show ip access-lists, 170show ip arp, 39show ip route, 48–50, 169–170show logging, 173show process, 158–159show route-map, 174show startup-config, 185show version, 162–163, 174SMTP, 129snmp-server enable traps config, 126snmp-server host, 126–127static, 371undebug all, 171write terminal, 157
community access strings, 122Community attribute (BGP), 73comparing
HIDS and NIDs, 305preshared keys and manual keys, 268RADIUS and TACACS+, 245–246
conduit command, options, 372configuration files
loading, 165saving, 165
Configuration mode (IOS), 164configuration registers, 160–161
modifying, 184
configuring, 54–56, 130–131
CBAC, 380–382HSRP, 44IPSec, 264–272Nagle algorithm, 426RADIUS, 236–238SGBP, 81SNMP support on Cisco routers, 125SSH on Cisco IOS routers, 136–138TACACAS+, 241–244VPDNs, 278–281VPNs, 385
connectionless protocols, 16
Cisco IOS
673
connection-oriented protocols, 16
TCP, 34
header format
, 34
packets
, 34–35
Telnet requests
, 36–37
copy running-config startup-config commands, 165
copy tftp flash command, 115copying IOS images from TFTP servers, 115core dumps, performing, 430CPU, 158–159CPU-intensive attacks, 420creating
command shortcuts, 175extended access lists, 196–198standard access lists, 190–195VLANs, 23
crypto map entries, 266cryptography
key exchange management, 264–272PKI, 382–383
CSA (Cisco Security Agent), 422, 387
versus pattern-matching, 388
CSACS (Cisco Secure Access Control Server), 239
CSMA/CD, 20CSS (calling search spaces), 83CTA (Cisco Trust Agent), 391CTR (Cisco Threat Response), 391
IDS requirements, 392IOS Authentication 802.1X, 392–393
cut through switching, 23
D
Daemen, Joan, 250DATA command (SMTP), 129data encryption, 255–257
3DES, 250AES, 250–251DES, 248–250Diffie-Hellman, 252–253IPSec, 254MD5, 251–252principles of, 247–248
data link layer.
See
Layer 2 securitydata manipulation, 417
DDOS (Distributed Denial Of Service) attacks, 420
debug all command, 179debug commands, 175, 182
options, 177–178
debugging, turning off, 171default services, disabling, 429defining
HTTP port number, 121TFTP download directory, 115
deploying NAT, 357DES (Data Encryption Standard), 248–250development
of Ethernet, 20of OSI reference model, 14
devices
asynchronous communication, 80–81broadcast domains, 23firewalls, 352VLANs, creating, 23
DHCP, 40
disabling, 427leases, viewing, 40starvation attacks, 207–208
DHCP snooping, 207Diffie-Hellman protocol, 252–253disabled state (spanning tree), 24disabling, 427–429
DNS lookup on Cisco routers, 112mask replies, 431proxy ARP, 431TCP/UDP small servers, 427Telnet login password, 113
displaying
configured policy routes, 174router home page, 119routing tables, 48–50system log, 173
distance vector protocols
loop avoidance techniques, 53RIP, 52–53
configuring
, 54–56
DLCIs (data-link connection identifiers), 79DMZ, 351DNS, 110–111
disabling lookup on Cisco routers, 112enabling lookup on Cisco routers, 113
DNS poisoning, 420DoS attacks, 418, 421
DoS attacks
674
double tagging, 203DRs (Designated Routers), 63
election process, disabling, 70
DSS (digital signatures), 382dynamic crypto map entries, 266Dynamic NAT, 359–360
E
EAP (Extensible Authentication Protocol), 85, 272, 275–276
EAP-TLS (Extensible Authentication Protocol Transport Layer Security), 272, 275–276
eBGP (external BGP), 74EIGRP (Enhanced Interior Gateway Routing
Protocol), 57–61election process (DRs), disabling, 70e-mail
attacks, 420SMTP, 128–129
enable passwords, setting, 188enabling, 428–429
HSRP, 43Nagle algorithm, 426PortFast on Cisco switches, 25SSH support on Cisco routers,
136–138
encapsulation, 19
HDLC, 76LCP, 78PPP, 77
encryption technologies, 246–247
3DES, 250AES, 250–251DES, 248–250Diffie-Hellman, 252–253IPSec, 254
AH
, 257–258
ESP
, 255–256MD5, 251–252principles of, 247–248
error messages, synchronous logging, 178establishing Telnet connections, 187Ethernet
CSMA/CD, 20intefaces, states of, 173media specification, 21, 92spanning tree, 23
exam
FAQs, 633objectives, 627preparing for, 631study tips, 625–626
extended access lists, 196–198external links, 63
F
FAQs regarding exam, 632–637FC (feasibility condition), 58feasible distance, 58features
of RADIUS, 235of TACACAS+ servers, 241
FEC (Fast EtherChannel), 25–26FECN (forward explicit congestion
notification), 79fields, 34–35, 50filtering TCP services, 353–355firewalls, 352
Cisco IOS features, 377–379PIX, 361, 363–373
Flags field (TCP packets), 35Flash memory, 157–158Forwarding state (spanning tree), 24Frame Relay, 79frames, 15
BPDUs, 24
framing, ISDN, 76FTP, 47–48
Active mode, 116–118Passive mode, 118
G
gateways, HSRP, 41generating keepalive packets, 426global command, options, 368gratuitous ARP, 39
H
hashing algorithms, 251–252HDLC, 76
double tagging
675
Hello packets
EIGRP, 58OSPF, 62
heuristic-based signatures, 386hiding secret passwords, 189HIDS, comparing with NIDS, 305hijacking, 418holdtime, 58host IDSs, 422hosts per subnet, calculating, 30–31HSRP, 41
configuring, 44–45enabling, 43status, viewing, 45
HTTP (Hypertext Transfer Protocol), 119
defining port number, 121SSL, 121user authentication, 120
hybrid routing protocols, EIGRP, 57–58
configuration example, 59–61
I
iBGP (internal BGP), 74iCisco SDM (Security Device Manager), 330ICMP, 46–47IDS Device Manager, 311IDSs (intrusion detection systems), 303
anomoly-based, 305Cisco IDS
Signature Engines
, 423–424
supported products,
422Cisco Inline IDS, 311NetRanger, 309
Director
, 311
typical network placement
, 309network-based, 305–306, 386notification alarms, 303placement, 305–307signature-based, 304tuning, 307–308
IETF (Internet Engineering Task Force), 29
web site, 417
IKE, 258–259
configuring, 264–272phase I message types, 259–260phase II message types, 260–264
images, 157
incident response teams, 415–416inform requests (SNMP), 124Initial configuration mode (IOS), 164inside global addresses, 356inside local addresses, 356Interface configuration mode (IOS), 164interfaces, 163, 193–195
Ethernet states, 173
Internet Domain Survey web site, 417Internet newsgroups, 416–417InterNic, 357intruders, methods of attack, 417IOS images, copying from TFTP servers, 115IP addressing
address classes, 29ARP, 38–39CIDR, 32classful addressing, 33DHCP, 40DNS, 110–113logical AND operation, 30packets, 27–29RARP, 39subnets, 29–30subnetting, 30–32
IP GRE (generic routing encapsulation) tunnels, configuring, 383–385
ip http authentication command, 120IP multicast, 79IP packet debugging, 179–180ip route-cache command, 176IP source guard, 208ip subnet-zero command, 32ip verify unicast reverse-path command, 430IPSec, 254
configuring, 264–272IKE, 258–259
phase I message types
, 259–260
phase II message types
, 260–263
ISDN (Integrated Services Digital Network), 75
commands, 78framing, 76layer 2 protocols, 76
authentication
, 78
HDCL
, 76
LCP
, 78
NCP
, 78
PPP
, 77
ISDN (Integrated Services Digital Network)
676
ISL (Inter-Switch Link), 26ISO (International Organization for
Standardization), 14ISOC (Internet Society) web site, 417
J-K
jam signals, 20
keepalive packets, generating, 426
L
L2F (Layer 2 Forwarding), 276–277L2TP (Layer 2 Tunneling Protocol), 276–277lab exam, 633–635
FAQs, 635–637sample, 639–664
Land.C attacks, 420Layer 2 security, 15
CAM table overflow, 199–202DHCP starvation attacks, 207–208MAC spoofing attacks, 205–207STP manipulation attacks, 204VLAN hopping, 202–203
layers of OSI reference model
application layer, 18data link layer, 15network layer, 16, 22–23, 27–30physical layer, 14presentation layer, 17–18session layer, 17transport layer, 17
LCP, 78LDAP (Lightweight Directory Access
Protocol), 135Learning state (spanning tree), 24leases (DHCP), viewing, 40link-state protocols, OSPF, 61–70
media types, 65
Listening state (spanning tree), 24LLC sublayer, 15loading configuration files, 165Local Preference attribute (BGP), 73log files (PIX Firewall), troubleshooting,
374–375logging console debug command, 175loopback interfaces, 431
loop prevention, split horizon, 53lost passwords, recovering, 182–187LSAs (link-state advertisements), 63
M
MAC spoofing attacks, 205–207MAC sublayer, 15MAIL command (SMTP), 129main mode (IKE), 259man in the middle attacks, 421managed devices, 124manual keys, comparing with preshared
keys, 268mask replies, disabling, 431masquerading, 418MD5 (Message Digest 5), 251–252MED attribute (BGP), 73media specifications of Ethernet, 21, 92memory
NVRAM, 157RAM, 157ROM, 159–160System Flash, 157
method lists, 238methods of attacks, 417metrics, administrative distance, 51MIBs, 123–125MIC (Message Integrity Check), 275modes of IOS operation, 164modifying configuration registers, 184monitoring NAT, 360motivation for attacks, 413multicasting, 79
N
Nagle algorithm, preventing Cisco IOS from attacks, 425–426
Nagle, John, 426name resolution, DNS, 110–113NAT (Network Address Translation), 355–356
deploying, 357Dynamic NAT, configuring, 359monitoring, 360operation on Cisco routers, 358
NCP, 78
ISL (Inter-Switch Link)
677
NetRanger, 309Director, 311typical network placement, 309
network IDS, 422network layer
bridgingBPDUs, 24port states, BPDUs, 24
ICMP, 46–47IP, 27
address classes, 29logical AND operation, 30packets, 27–28subnets, 29–30
spanning tree protocol, 23subnetting, 31–32switching, 22
CAM tables, 22cut through, 23store and forward, 23
network layer (OSI model), 16network management, SNMP, 122
community access strings, configuring on Cisco routers, 122
configuring on Cisco routers, 125examples of, 128managed devices, 124MIBs, 123–125notifications, 123–126
network-based IDS systems, 305–306, 386newsgroups, reporting security breaches,
416–417Next Hop attribute (BGP), 73NMSs (network management systems), 124NOOP command (SMTP), 129notification alarms, 303notifications (SNMP), 123–126NSSAs (Not-so-stubby areas), 65NTP (Network Time Protocol), configuring
clock sources, 130–132NVRAM (nonvolatile RAM), 157
OOrigin attribute (BGP), 73Originator ID attribute (BGP), 73
OSI reference modelapplication layer, 18data link layer, 15development of, 14network layer, 16, 27
spanning tree, 23switching, 22–23
peer-to-peer communication, 19physical layer, 14presentation layer, 17–18session layer, 17transport layer, 17versus TCP/IP model, 18
OSPF (Open Shortest Path First), 61–63example configuration, 66–70media types, 65multiple area configuration, 64–65single area configuration, 62–64virtual links, 66
outside global addresses, 356outside local addresses, 356
Ppacket filtering, 353
CBAC, 378configuring, 380–382
extended access lists, 196–198standard access lists, 190–195
packetsEIGRP, Hello, 58IP
debugging, 179–180fields, 28–29
rerouting, 418TCP, 34–35
partitioning System Flash, 157Passive FTP, 118passive IDS modules, 387passwords
authentication, 230method lists, 238
enable passwords, setting, 188recovering, 182–187virtual terminal passwords, setting, 190
PAT (Port Address Translation), 355path vector protocols, BGP, 71–75pattern matching, 386
pattern matching
678
PEAP (Protected EAP), 272–276peer-to-peer communication, 19perimeter routers, 353physical layer (OSI model), 14ping of death attacks, 419ping requests, test characters, 46–47PIX (Private Internet Exchange), 361
commands, 371–373configuring, 364–368DMZs, 361software features, 376–377stateful packet screening, 362–363static routing, 368–369
PIX Firewalllog files, troubleshooting, 374–375NAT support, 363
PKI (Public Key Infrastructure), 382–383placement of IDS systems, 305–307Poison Reverse updates, 53policy routes, displaying, 174PortFast, enabling, 25PPP (Point-to-Point Protocol), 77preparing for exam, 631
FAQs, 633objectives, 627sample lab, 639–664
preparing for qualification exam, 629–630presentation layer (OSI model), 17–18preshared keys, comparing with manual keys,
268, 506preventing Cisco IOS from attacks
disabling default services, 429disabling DHCP, 427disabling TCP/UDP small servers, 427enabling sequence numbering, 428enabling TCP intercept, 429Nagle algorithm, 425–426performing core dumps, 430
PRI, 75privilege levels, authorization, 230–231Privileged EXEC mode (IOS), 164protocol decode-based analysis, 386proxy ARP, disabling, 431proxy servers, 352
Qqualification exam
FAQs, 632–633preparing for, 629–630study tips, 626–627
decoding ambiguity, 628–629QUIT command (SMTP), 129
RRADIUS, 232
attributes, 234–235configuring, 236–238features, 235security protocol support, 234versus TACACAS+, 245–246
RAM, 157NVRAM, 157System Flash, 157–158
RARP, 39RCPT command (SMTP), 129RDEP (Remote Data Exchange Protocol),
138–139read command (SNMP), 125recovering lost or unknown passwords,
182–187redundancy, HSRP, 41–45remote access VPDNs, 276–277
configuring, 278–281remote router access, 187reporting security breaches, Internet
newsgroups, 416–417rerouting packets, 418resolving IP addresses to MAC addresses,
ARP, 38–39Rijmen, Vincent, 250ROM (read-only memory), 159–160ROM boot mode (IOS), 164root bridge elections, 24root bridges, 24router hardware
configuration registers, 160–161CPU, 158interfaces, 163NVRAM, 157
PEAP (Protected EAP)
679
RAM, 157ROM, 159–160System Flash, 157
routers, remote access, 187routing protocols, 48
BGP, 71attributes, 72–74configuring, 74–75messages, 71
default administrative distances, 51EIGRP, 57–58
example configuration, 59–61OSPF, 61–63
example configuration, 66–70multiple area configuration, 64–65single area configuration, 62–64virtual links, 66
RIP, 52–53configuring, 54–56
routing tables, viewing, 48–50RSET command (SMTP), 129RTO (Retransmission Timeout), 58
Ssacrificial hosts, 419SAFE blueprints, security best practices,
208–209SAML command (SMTP), 129sample lab. See self-study labSAs (security associations), 254–259saving configuration files, 165sCSA ( Cisco Security Agent), 387SDM (Security Device Manager), 328–330secret passwords, hiding, 189security, 353, 380–382
AAA, 228–229accounting, 231–232authentication, 230authorization, 230–231
Cisco IOS SSH, 135–138encryption technologies, 246–247
3DES, 250AES, 250–251DES, 248–250Diffie-Hellman, 252–253IPSec, 254–258MD5, 251–252principles of, 247–248
firewalls, 352Cisco IOS features, 377–379
HTTP, 119–120IKE
configuring, 264–272phase II, 264
NAT, 355–356configuring Dynamic NAT, 359deploying, 357monitoring, 360operation on Cisco routers, 358
packet filtering, TCP services, 353–355PAT, 355PIX, 361
commands, 371–373configuring, 364–368DMZs, 361software features, 376–377stateful packet screening, 362–363static routing, 368–369
PKI, 382–383RADIUS, 232
attributes, 234–235configuring, 236–238features, 235security protocol support, 234
SSH, 133–135SSL, 121TACACS+, 239
authentication, 240authorization, 240–241configuring, 241–244features, 241versus RADIUS, 245–246
VPDNs, 276–277configuring, 278–281
VPNs, 383configuring, 385
security server protocols, 232self-study lab
ACS configuration, 514–524advanced PIX configuration, 511–514BGP routing configuration, 491–495Catalyst Ethernet switch setup, 457–464DHCP configuration, 490dynamic ACL/lock and key feature
configuration, 501–502final configurations, 538–558Frame Relay setup, 450–456
self-study lab
680
IDS configuration, 525, 530, 538IGP routing, 470–475
OSPF configuration, 475–484IOS firewall configuration, 505IP access list configuration, 495–497IPSec configuration, 505–511ISDN configuration, 484–490local IP host address configuration,
464–466physical connectivity, 456PIX configuration, 465–470setup, 445–448
communications server, 448–449TCP intercept configuration, 497–499time-based access list configuration,
499–500SEND command (SMTP), 129Sendmail, 129sensors, Cisco IDSs, 309–310, 423sequence numbering, enabling, 428servers, RADIUS, 232service password-encryption command, 189service tcp keepalive command, enabling
Nagle algorithm, 426service tcp-keepalives-in command, 426session hijacking, 418session layer (OSI model), 17session replay, 418set vlan command, 24SGBP (Stack Group Bidding Protocol), 81SHA (Secure Hash Algorithm), 251–252show accounting command, 231–232show commands, 166–168show debugging command, 170show interface command, 163show interfaces command, 171–172show ip access-lists command, 170show ip arp command, 39show ip route command, 48, 50, 169–170show logging command, 173show process command, 158–159show route-map command, 174show startup-config command, 185show version command, 162–163, 174SIA (Stuck in Active), 58Signature Engines, 423–424signature-based IDS systems, 304signatures, 386sliding windows, 37
SMTP (Simple Mail Transfer Protocol), 128–129
smurf attacks, 421SNMP (Simple Network Management
Protocol), 122community access strings, configuring on
Cisco routers, 122configuring on Cisco routers, 125examples of, 128managed devices, 124MIBs, 123–125notifications, 123–126
snmp-server enable traps config command, 126
snmp-server host command, 126–127social engineering, 414software
Cisco Secure, 301AAA features, 302features, 301test topics, 301
PIX, features of, 376–377SOML command (SMTP), 129spanning tree, 23–24SPI (Security Parameters Index), 256split horizon, 53spoof attacks, 421spoofing, 203
MAC spoofing attacks, 205–207SRTT (Smooth Route Trip Time), 58SSH (Secure Shell), 133–135SSL (Secure Socket Layer), 121standard access lists, 190–195standard IP access lists, 191–192standards bodies, CERT/CC, 413–414startup config, viewing, 185stateful pattern matching, 386stateful security, 362states of Ethernet interfaces, 173static command, 371static NAT, 360store and forward switching, 23STP manipulation attacks, 204stratum, 130–132stubby areas, 65study tips for exam, 625–631subnetting
calculating host per subnet, 30–31CIDR, 32–33VLSM, 31–32
self-study lab
681
successors (EIGRP), 58summary links, 63switching, enabling PortFast, 25synchronous logging, 178System Flash, 157–158system log, displaying, 173
TTACACS+, 239
authentication, 240authorization, 240–241configuring, 241–244features, 241versus RADIUS, 245–246
TCP, 34ARP, 38–39DHCP, 40FTP, 47–48header format, 34HSRP, 41
configuring, 44–45enabling, 43
ICMP, 46–47packets, 34–35RARP, 39services, filtering, 353–355Telnet, 36–37, 47TFTP, 47–48
TCP half close, 37TCP intercept, enabling, 429TCP load distribution, 360TCP SYN Flood attacks, 419TCP three-way handshake, 37TCP/IP
FTP protocolActive mode, 116–118Passive mode, 118
vulnerabilities of, 417–418TCP/IP model, comparing with OSI reference
model, 18teardrop attacks, 420
Telnet, 47connections, establishing, 187disabling login password, 113requests, 36–37
test characters (ping), 46–47
TFTP, 47–48, 114defining download directory, 115
time sources (NTP)configuring, 131–132stratum, 130–131
TKIP (Temporal Key Integrity Protocol), 272, 275–276
topology table (EIGRP), 58Totally stubby areas, 65transform sets (IKE), defining, 266transparent bridging, 23transport layer (OSI model), 17Transport mode (IPSec), 254trap command (SNMP), 125traps (SNMP), 124triggered updates, 53troubleshooting PIX Firewall log files,
374–375trunks, 26tuning IDS systems, 307–308Tunnel mode (IPSec), 254tunneling
IP GRE, 383–385VPDNs, 276–277
configuring, 278–281turning off debugging, 171
UUDP bombs, 420undebug all command, 171unknown passwords, recovering, 182–187UOS (Intrusion Prevention System), 311user authentication, HTTP, 120User EXEC mode (IOS), 164
Vversions of SNMP, 122viewing
configuration register, 162DHCP leases, 40home pages, 119HSRP status, 45interfaces, 163routing tables, 48–50startup config, 185
virtual terminal passwords, setting, 190
virtual terminal passwords, setting
682
VLAN hopping, 202–203VLANs (virtual LANs), creating, 23VLSM (Variable-Length Subnet Masking),
31–32VMS (CiscoWorks VPN/Security
Management Solution), 313–314VPDNs, 276–277
configuring, 278–281VPNs, 383
configuring, 385VRFY command (SMTP), 129vulnerabilities of TCP/IP, 417–418
Wweb sites
Cisco Product Security Incident Response Team, 414
IETF, 417Internet Domain Survey, 417ISOC, 417
Weight attribute (BGP), 73wildcard masks, 192Windows Active Directory, 135wireless networks, 84–85
deploying, best practices, 86–88write command (SNMP), 125write terminal command, 157
VLAN hopping