index...

INDEX

Symbols & Numerics

| (pipe), 182

3DES (Data Encryption Standard), 25010Base2, 21, 9110Base5, 21, 9110BaseT, 21, 91100BaseT, 21, 92802.1Q, 26802.11 networks, 881000 GE, 21, 92

A

AAA, 228–229

accounting, 231–232authentication, 230authorization, 230–231

ABRs (Area Border Routers), 63access lists, 353–355

extended, 196–198IP packet debugging, 179–180standard, 190–195wildcard masks, 192

accessing Cisco routers, 187accounting, 228, 231–232ACKs (acknowledgments), 58ACS (Cisco Secure Access Control Server).

See

Cisco SecureActive Directory, 135Active FTP, 116–118adaptive cut-through switching, 23adjacencies, 62administrative distances, 51AES (Advanced Encryption Standard),

250–251

agents (SNMP), 124Aggregator attribute (BGP), 73aggressive mode (IKE), 259AH, 257–258alias command, 175allocating IP addresses, InterNIC, 357ambiguous test questions, decoding, 628–629anomaly-based analysis, 386anomoly-based IDS systems, 305application layer (OSI model), 18applications

NetRanger, 309

Director

, 311

typical network placement

, 309TFTP, 114

applying access lists to interfaces, 193–195areas, 62ARP, 38–39AS (autonomous systems), 62AS_Path attribute (BGP), 73ASA (Adaptive Security Algorithm), 362ASBRs (Autonomous system boundary

routers), 63asynchronous communications, 80–81Atomic Aggregate attribute (BGP), 73attacks

birthday attacks, 421CAM overflow, 201–202chargen, 420CPU-intensive, 420DDoS, 420DHCP starvation, 207–208DNS poisoning, 420DoS, 418, 421E-mail, 420incident response teams, 415–416Land.C, 420MAC spoofing, 205–207

man in the middle, 421methods of, 417motivation for, 413ping of death, 419sacrificial hosts, 419smurf, 421spoof attacks, 421STP manipulation, 204TCP SYN flood, 419teardrop, 420UDP bombs, 420VLAN hopping, 202–203

attributes of RADIUS, 234–235authentication, 228–230

HTTP, 120method lists, 238on TACACAS+ servers, 240PPP, 78

authoritative time sources

configuring, 131–132stratum, 130–131

authorization, 229–231

on TACACAS+ servers, 240–241

AVVID (Cisco Architecture for Voice, Video and Integrated Data), 84

WLAN solutions, 85–88

B

bastion hosts, 419BECN (backward explicit congestion

notification), 79BGP (Border Gateway Protocol), 71

attributes, 72–74characteristics, 72configuring, 74–75messages, 71

birthday attacks, 421

bit-flip attacks, 87Blocking state (spanning tree), 24bootstrap program, 159BPDUs (Bridge Protocol Data Units), 24BRI, 75bridging, 22

port states, 24transparent, 23

broadcast domains, 23buffers, 157

C

calculating hosts per subnet, 30–31CAM tables, 22

overflow, 199–200overflow attacks, 201–202

Catalyst 6500 Series Switch, IDSM-2, 312CBAC (Content-Based Access Control), 378

audit trail messages, enabling, 505configuring, 380–382

CEP (Certificate Enrollment Protocol), 272CERT/CC (Computer Emergency Response

Team Coordination Center), 413–414certification exam, objectives, 627characteristics

of RIP, 52of RIPv1, 52of RIPv2, 53

chargen attacks, 420CIDR (classless inter-domain routing), 32Cisco 7200 routers, switching methods

website, 176Cisco IDS, 422

RDEP, 138–139sensors, 423Signature Engines, 423–424supported products, 422

672

Cisco IOS, 165

firewall features, 377–379intrusion prevention methods

core dumps

, 430

disabling default services

, 429

disabling DHCP

, 427

disabling TCP/UDP small servers

, 427

enabling sequence numbering

, 428

enabling TCP intercept

, 429

Nagle algorithm

, 425–426modes of operation, 164password recovery, 182–187

Cisco IOS SSH, 135–138Cisco Product Security Incident Response

Team, web site, 414Cisco SDM (Security Device Manager), 328Cisco Secure, 301

AAA features, 302features, 301test topics, 301

Cisco Secure IDS, 309

sensors, 309–310

Cisco Secure VPN Client, 326–328Cisco TFTP, 114Cisco VPN 3000 Series Concentrators,

314–316, 319–325classful addressing, 33classful routing protocols, 33clear conduit command, 372clock sources, 131–132

NTP configuration, 130–131

Cluster-List attribute (BGP), 73collisions, jam signals, 20commands

| (pipe) modifier, 182alias, 175clear conduit, 372conduit, options, 372copy running-config startup-config, 165copy tftp flash, 115debug all, 179global, options, 368HSRP, 43ip http authentication, 120ip route-cache, 176ip subnet-zero, 32ip verify unicast reverse-path, 430logging console debug, 175

service password-encryption, 189service tcp-keepalives-in, 426set vlan, 24shortcuts, creating, 175show accounting, 231–232show debugging, 170show interface, 163show interfaces, 171–172show ip access-lists, 170show ip arp, 39show ip route, 48–50, 169–170show logging, 173show process, 158–159show route-map, 174show startup-config, 185show version, 162–163, 174SMTP, 129snmp-server enable traps config, 126snmp-server host, 126–127static, 371undebug all, 171write terminal, 157

community access strings, 122Community attribute (BGP), 73comparing

HIDS and NIDs, 305preshared keys and manual keys, 268RADIUS and TACACS+, 245–246

conduit command, options, 372configuration files

loading, 165saving, 165

Configuration mode (IOS), 164configuration registers, 160–161

modifying, 184

configuring, 54–56, 130–131

CBAC, 380–382HSRP, 44IPSec, 264–272Nagle algorithm, 426RADIUS, 236–238SGBP, 81SNMP support on Cisco routers, 125SSH on Cisco IOS routers, 136–138TACACAS+, 241–244VPDNs, 278–281VPNs, 385

connectionless protocols, 16

Cisco IOS

673

connection-oriented protocols, 16

TCP, 34

header format

, 34

packets

, 34–35

Telnet requests

, 36–37

copy running-config startup-config commands, 165

copy tftp flash command, 115copying IOS images from TFTP servers, 115core dumps, performing, 430CPU, 158–159CPU-intensive attacks, 420creating

command shortcuts, 175extended access lists, 196–198standard access lists, 190–195VLANs, 23

crypto map entries, 266cryptography

key exchange management, 264–272PKI, 382–383

CSA (Cisco Security Agent), 422, 387

versus pattern-matching, 388

CSACS (Cisco Secure Access Control Server), 239

CSMA/CD, 20CSS (calling search spaces), 83CTA (Cisco Trust Agent), 391CTR (Cisco Threat Response), 391

IDS requirements, 392IOS Authentication 802.1X, 392–393

cut through switching, 23

D

Daemen, Joan, 250DATA command (SMTP), 129data encryption, 255–257

3DES, 250AES, 250–251DES, 248–250Diffie-Hellman, 252–253IPSec, 254MD5, 251–252principles of, 247–248

data link layer.

See

Layer 2 securitydata manipulation, 417

DDOS (Distributed Denial Of Service) attacks, 420

debug all command, 179debug commands, 175, 182

options, 177–178

debugging, turning off, 171default services, disabling, 429defining

HTTP port number, 121TFTP download directory, 115

deploying NAT, 357DES (Data Encryption Standard), 248–250development

of Ethernet, 20of OSI reference model, 14

devices

asynchronous communication, 80–81broadcast domains, 23firewalls, 352VLANs, creating, 23

DHCP, 40

disabling, 427leases, viewing, 40starvation attacks, 207–208

DHCP snooping, 207Diffie-Hellman protocol, 252–253disabled state (spanning tree), 24disabling, 427–429

DNS lookup on Cisco routers, 112mask replies, 431proxy ARP, 431TCP/UDP small servers, 427Telnet login password, 113

displaying

configured policy routes, 174router home page, 119routing tables, 48–50system log, 173

distance vector protocols

loop avoidance techniques, 53RIP, 52–53

configuring

, 54–56

DLCIs (data-link connection identifiers), 79DMZ, 351DNS, 110–111

disabling lookup on Cisco routers, 112enabling lookup on Cisco routers, 113

DNS poisoning, 420DoS attacks, 418, 421

DoS attacks

674

double tagging, 203DRs (Designated Routers), 63

election process, disabling, 70

DSS (digital signatures), 382dynamic crypto map entries, 266Dynamic NAT, 359–360

E

EAP (Extensible Authentication Protocol), 85, 272, 275–276

EAP-TLS (Extensible Authentication Protocol Transport Layer Security), 272, 275–276

eBGP (external BGP), 74EIGRP (Enhanced Interior Gateway Routing

Protocol), 57–61election process (DRs), disabling, 70e-mail

attacks, 420SMTP, 128–129

enable passwords, setting, 188enabling, 428–429

HSRP, 43Nagle algorithm, 426PortFast on Cisco switches, 25SSH support on Cisco routers,

136–138

encapsulation, 19

HDLC, 76LCP, 78PPP, 77

encryption technologies, 246–247

3DES, 250AES, 250–251DES, 248–250Diffie-Hellman, 252–253IPSec, 254

AH

, 257–258

ESP

, 255–256MD5, 251–252principles of, 247–248

error messages, synchronous logging, 178establishing Telnet connections, 187Ethernet

CSMA/CD, 20intefaces, states of, 173media specification, 21, 92spanning tree, 23

exam

FAQs, 633objectives, 627preparing for, 631study tips, 625–626

extended access lists, 196–198external links, 63

F

FAQs regarding exam, 632–637FC (feasibility condition), 58feasible distance, 58features

of RADIUS, 235of TACACAS+ servers, 241

FEC (Fast EtherChannel), 25–26FECN (forward explicit congestion

notification), 79fields, 34–35, 50filtering TCP services, 353–355firewalls, 352

Cisco IOS features, 377–379PIX, 361, 363–373

Flags field (TCP packets), 35Flash memory, 157–158Forwarding state (spanning tree), 24Frame Relay, 79frames, 15

BPDUs, 24

framing, ISDN, 76FTP, 47–48

Active mode, 116–118Passive mode, 118

G

gateways, HSRP, 41generating keepalive packets, 426global command, options, 368gratuitous ARP, 39

H

hashing algorithms, 251–252HDLC, 76

double tagging

675

Hello packets

EIGRP, 58OSPF, 62

heuristic-based signatures, 386hiding secret passwords, 189HIDS, comparing with NIDS, 305hijacking, 418holdtime, 58host IDSs, 422hosts per subnet, calculating, 30–31HSRP, 41

configuring, 44–45enabling, 43status, viewing, 45

HTTP (Hypertext Transfer Protocol), 119

defining port number, 121SSL, 121user authentication, 120

hybrid routing protocols, EIGRP, 57–58

configuration example, 59–61

I

iBGP (internal BGP), 74iCisco SDM (Security Device Manager), 330ICMP, 46–47IDS Device Manager, 311IDSs (intrusion detection systems), 303

anomoly-based, 305Cisco IDS

Signature Engines

, 423–424

supported products,

422Cisco Inline IDS, 311NetRanger, 309

Director

, 311

typical network placement

, 309network-based, 305–306, 386notification alarms, 303placement, 305–307signature-based, 304tuning, 307–308

IETF (Internet Engineering Task Force), 29

web site, 417

IKE, 258–259

configuring, 264–272phase I message types, 259–260phase II message types, 260–264

images, 157

incident response teams, 415–416inform requests (SNMP), 124Initial configuration mode (IOS), 164inside global addresses, 356inside local addresses, 356Interface configuration mode (IOS), 164interfaces, 163, 193–195

Ethernet states, 173

Internet Domain Survey web site, 417Internet newsgroups, 416–417InterNic, 357intruders, methods of attack, 417IOS images, copying from TFTP servers, 115IP addressing

address classes, 29ARP, 38–39CIDR, 32classful addressing, 33DHCP, 40DNS, 110–113logical AND operation, 30packets, 27–29RARP, 39subnets, 29–30subnetting, 30–32

IP GRE (generic routing encapsulation) tunnels, configuring, 383–385

ip http authentication command, 120IP multicast, 79IP packet debugging, 179–180ip route-cache command, 176IP source guard, 208ip subnet-zero command, 32ip verify unicast reverse-path command, 430IPSec, 254

configuring, 264–272IKE, 258–259

phase I message types

, 259–260

phase II message types

, 260–263

ISDN (Integrated Services Digital Network), 75

commands, 78framing, 76layer 2 protocols, 76

authentication

, 78

HDCL

, 76

LCP

, 78

NCP

, 78

PPP

, 77

ISDN (Integrated Services Digital Network)

676

ISL (Inter-Switch Link), 26ISO (International Organization for

Standardization), 14ISOC (Internet Society) web site, 417

J-K

jam signals, 20

keepalive packets, generating, 426

L

L2F (Layer 2 Forwarding), 276–277L2TP (Layer 2 Tunneling Protocol), 276–277lab exam, 633–635

FAQs, 635–637sample, 639–664

Land.C attacks, 420Layer 2 security, 15

CAM table overflow, 199–202DHCP starvation attacks, 207–208MAC spoofing attacks, 205–207STP manipulation attacks, 204VLAN hopping, 202–203

layers of OSI reference model

application layer, 18data link layer, 15network layer, 16, 22–23, 27–30physical layer, 14presentation layer, 17–18session layer, 17transport layer, 17

LCP, 78LDAP (Lightweight Directory Access

Protocol), 135Learning state (spanning tree), 24leases (DHCP), viewing, 40link-state protocols, OSPF, 61–70

media types, 65

Listening state (spanning tree), 24LLC sublayer, 15loading configuration files, 165Local Preference attribute (BGP), 73log files (PIX Firewall), troubleshooting,

374–375logging console debug command, 175loopback interfaces, 431

loop prevention, split horizon, 53lost passwords, recovering, 182–187LSAs (link-state advertisements), 63

M

MAC spoofing attacks, 205–207MAC sublayer, 15MAIL command (SMTP), 129main mode (IKE), 259man in the middle attacks, 421managed devices, 124manual keys, comparing with preshared

keys, 268mask replies, disabling, 431masquerading, 418MD5 (Message Digest 5), 251–252MED attribute (BGP), 73media specifications of Ethernet, 21, 92memory

NVRAM, 157RAM, 157ROM, 159–160System Flash, 157

method lists, 238methods of attacks, 417metrics, administrative distance, 51MIBs, 123–125MIC (Message Integrity Check), 275modes of IOS operation, 164modifying configuration registers, 184monitoring NAT, 360motivation for attacks, 413multicasting, 79

N

Nagle algorithm, preventing Cisco IOS from attacks, 425–426

Nagle, John, 426name resolution, DNS, 110–113NAT (Network Address Translation), 355–356

deploying, 357Dynamic NAT, configuring, 359monitoring, 360operation on Cisco routers, 358

NCP, 78

ISL (Inter-Switch Link)

677

NetRanger, 309Director, 311typical network placement, 309

network IDS, 422network layer

bridgingBPDUs, 24port states, BPDUs, 24

ICMP, 46–47IP, 27

address classes, 29logical AND operation, 30packets, 27–28subnets, 29–30

spanning tree protocol, 23subnetting, 31–32switching, 22

CAM tables, 22cut through, 23store and forward, 23

network layer (OSI model), 16network management, SNMP, 122

community access strings, configuring on Cisco routers, 122

configuring on Cisco routers, 125examples of, 128managed devices, 124MIBs, 123–125notifications, 123–126

network-based IDS systems, 305–306, 386newsgroups, reporting security breaches,

416–417Next Hop attribute (BGP), 73NMSs (network management systems), 124NOOP command (SMTP), 129notification alarms, 303notifications (SNMP), 123–126NSSAs (Not-so-stubby areas), 65NTP (Network Time Protocol), configuring

clock sources, 130–132NVRAM (nonvolatile RAM), 157

OOrigin attribute (BGP), 73Originator ID attribute (BGP), 73

OSI reference modelapplication layer, 18data link layer, 15development of, 14network layer, 16, 27

spanning tree, 23switching, 22–23

peer-to-peer communication, 19physical layer, 14presentation layer, 17–18session layer, 17transport layer, 17versus TCP/IP model, 18

OSPF (Open Shortest Path First), 61–63example configuration, 66–70media types, 65multiple area configuration, 64–65single area configuration, 62–64virtual links, 66

outside global addresses, 356outside local addresses, 356

Ppacket filtering, 353

CBAC, 378configuring, 380–382

extended access lists, 196–198standard access lists, 190–195

packetsEIGRP, Hello, 58IP

debugging, 179–180fields, 28–29

rerouting, 418TCP, 34–35

partitioning System Flash, 157Passive FTP, 118passive IDS modules, 387passwords

authentication, 230method lists, 238

enable passwords, setting, 188recovering, 182–187virtual terminal passwords, setting, 190

PAT (Port Address Translation), 355path vector protocols, BGP, 71–75pattern matching, 386

pattern matching

678

PEAP (Protected EAP), 272–276peer-to-peer communication, 19perimeter routers, 353physical layer (OSI model), 14ping of death attacks, 419ping requests, test characters, 46–47PIX (Private Internet Exchange), 361

commands, 371–373configuring, 364–368DMZs, 361software features, 376–377stateful packet screening, 362–363static routing, 368–369

PIX Firewalllog files, troubleshooting, 374–375NAT support, 363

PKI (Public Key Infrastructure), 382–383placement of IDS systems, 305–307Poison Reverse updates, 53policy routes, displaying, 174PortFast, enabling, 25PPP (Point-to-Point Protocol), 77preparing for exam, 631

FAQs, 633objectives, 627sample lab, 639–664

preparing for qualification exam, 629–630presentation layer (OSI model), 17–18preshared keys, comparing with manual keys,

268, 506preventing Cisco IOS from attacks

disabling default services, 429disabling DHCP, 427disabling TCP/UDP small servers, 427enabling sequence numbering, 428enabling TCP intercept, 429Nagle algorithm, 425–426performing core dumps, 430

PRI, 75privilege levels, authorization, 230–231Privileged EXEC mode (IOS), 164protocol decode-based analysis, 386proxy ARP, disabling, 431proxy servers, 352

Qqualification exam

FAQs, 632–633preparing for, 629–630study tips, 626–627

decoding ambiguity, 628–629QUIT command (SMTP), 129

RRADIUS, 232

attributes, 234–235configuring, 236–238features, 235security protocol support, 234versus TACACAS+, 245–246

RAM, 157NVRAM, 157System Flash, 157–158

RARP, 39RCPT command (SMTP), 129RDEP (Remote Data Exchange Protocol),

138–139read command (SNMP), 125recovering lost or unknown passwords,

182–187redundancy, HSRP, 41–45remote access VPDNs, 276–277

configuring, 278–281remote router access, 187reporting security breaches, Internet

newsgroups, 416–417rerouting packets, 418resolving IP addresses to MAC addresses,

ARP, 38–39Rijmen, Vincent, 250ROM (read-only memory), 159–160ROM boot mode (IOS), 164root bridge elections, 24root bridges, 24router hardware

configuration registers, 160–161CPU, 158interfaces, 163NVRAM, 157

PEAP (Protected EAP)

679

RAM, 157ROM, 159–160System Flash, 157

routers, remote access, 187routing protocols, 48

BGP, 71attributes, 72–74configuring, 74–75messages, 71

default administrative distances, 51EIGRP, 57–58

example configuration, 59–61OSPF, 61–63

example configuration, 66–70multiple area configuration, 64–65single area configuration, 62–64virtual links, 66

RIP, 52–53configuring, 54–56

routing tables, viewing, 48–50RSET command (SMTP), 129RTO (Retransmission Timeout), 58

Ssacrificial hosts, 419SAFE blueprints, security best practices,

208–209SAML command (SMTP), 129sample lab. See self-study labSAs (security associations), 254–259saving configuration files, 165sCSA ( Cisco Security Agent), 387SDM (Security Device Manager), 328–330secret passwords, hiding, 189security, 353, 380–382

AAA, 228–229accounting, 231–232authentication, 230authorization, 230–231

Cisco IOS SSH, 135–138encryption technologies, 246–247

3DES, 250AES, 250–251DES, 248–250Diffie-Hellman, 252–253IPSec, 254–258MD5, 251–252principles of, 247–248

firewalls, 352Cisco IOS features, 377–379

HTTP, 119–120IKE

configuring, 264–272phase II, 264

NAT, 355–356configuring Dynamic NAT, 359deploying, 357monitoring, 360operation on Cisco routers, 358

packet filtering, TCP services, 353–355PAT, 355PIX, 361

commands, 371–373configuring, 364–368DMZs, 361software features, 376–377stateful packet screening, 362–363static routing, 368–369

PKI, 382–383RADIUS, 232

attributes, 234–235configuring, 236–238features, 235security protocol support, 234

SSH, 133–135SSL, 121TACACS+, 239

authentication, 240authorization, 240–241configuring, 241–244features, 241versus RADIUS, 245–246

VPDNs, 276–277configuring, 278–281

VPNs, 383configuring, 385

security server protocols, 232self-study lab

ACS configuration, 514–524advanced PIX configuration, 511–514BGP routing configuration, 491–495Catalyst Ethernet switch setup, 457–464DHCP configuration, 490dynamic ACL/lock and key feature

configuration, 501–502final configurations, 538–558Frame Relay setup, 450–456

self-study lab

680

IDS configuration, 525, 530, 538IGP routing, 470–475

OSPF configuration, 475–484IOS firewall configuration, 505IP access list configuration, 495–497IPSec configuration, 505–511ISDN configuration, 484–490local IP host address configuration,

464–466physical connectivity, 456PIX configuration, 465–470setup, 445–448

communications server, 448–449TCP intercept configuration, 497–499time-based access list configuration,

499–500SEND command (SMTP), 129Sendmail, 129sensors, Cisco IDSs, 309–310, 423sequence numbering, enabling, 428servers, RADIUS, 232service password-encryption command, 189service tcp keepalive command, enabling

Nagle algorithm, 426service tcp-keepalives-in command, 426session hijacking, 418session layer (OSI model), 17session replay, 418set vlan command, 24SGBP (Stack Group Bidding Protocol), 81SHA (Secure Hash Algorithm), 251–252show accounting command, 231–232show commands, 166–168show debugging command, 170show interface command, 163show interfaces command, 171–172show ip access-lists command, 170show ip arp command, 39show ip route command, 48, 50, 169–170show logging command, 173show process command, 158–159show route-map command, 174show startup-config command, 185show version command, 162–163, 174SIA (Stuck in Active), 58Signature Engines, 423–424signature-based IDS systems, 304signatures, 386sliding windows, 37

SMTP (Simple Mail Transfer Protocol), 128–129

smurf attacks, 421SNMP (Simple Network Management

Protocol), 122community access strings, configuring on

Cisco routers, 122configuring on Cisco routers, 125examples of, 128managed devices, 124MIBs, 123–125notifications, 123–126

snmp-server enable traps config command, 126

snmp-server host command, 126–127social engineering, 414software

Cisco Secure, 301AAA features, 302features, 301test topics, 301

PIX, features of, 376–377SOML command (SMTP), 129spanning tree, 23–24SPI (Security Parameters Index), 256split horizon, 53spoof attacks, 421spoofing, 203

MAC spoofing attacks, 205–207SRTT (Smooth Route Trip Time), 58SSH (Secure Shell), 133–135SSL (Secure Socket Layer), 121standard access lists, 190–195standard IP access lists, 191–192standards bodies, CERT/CC, 413–414startup config, viewing, 185stateful pattern matching, 386stateful security, 362states of Ethernet interfaces, 173static command, 371static NAT, 360store and forward switching, 23STP manipulation attacks, 204stratum, 130–132stubby areas, 65study tips for exam, 625–631subnetting

calculating host per subnet, 30–31CIDR, 32–33VLSM, 31–32

self-study lab

681

successors (EIGRP), 58summary links, 63switching, enabling PortFast, 25synchronous logging, 178System Flash, 157–158system log, displaying, 173

TTACACS+, 239

authentication, 240authorization, 240–241configuring, 241–244features, 241versus RADIUS, 245–246

TCP, 34ARP, 38–39DHCP, 40FTP, 47–48header format, 34HSRP, 41

configuring, 44–45enabling, 43

ICMP, 46–47packets, 34–35RARP, 39services, filtering, 353–355Telnet, 36–37, 47TFTP, 47–48

TCP half close, 37TCP intercept, enabling, 429TCP load distribution, 360TCP SYN Flood attacks, 419TCP three-way handshake, 37TCP/IP

FTP protocolActive mode, 116–118Passive mode, 118

vulnerabilities of, 417–418TCP/IP model, comparing with OSI reference

model, 18teardrop attacks, 420

Telnet, 47connections, establishing, 187disabling login password, 113requests, 36–37

test characters (ping), 46–47

TFTP, 47–48, 114defining download directory, 115

time sources (NTP)configuring, 131–132stratum, 130–131

TKIP (Temporal Key Integrity Protocol), 272, 275–276

topology table (EIGRP), 58Totally stubby areas, 65transform sets (IKE), defining, 266transparent bridging, 23transport layer (OSI model), 17Transport mode (IPSec), 254trap command (SNMP), 125traps (SNMP), 124triggered updates, 53troubleshooting PIX Firewall log files,

374–375trunks, 26tuning IDS systems, 307–308Tunnel mode (IPSec), 254tunneling

IP GRE, 383–385VPDNs, 276–277

configuring, 278–281turning off debugging, 171

UUDP bombs, 420undebug all command, 171unknown passwords, recovering, 182–187UOS (Intrusion Prevention System), 311user authentication, HTTP, 120User EXEC mode (IOS), 164

Vversions of SNMP, 122viewing

configuration register, 162DHCP leases, 40home pages, 119HSRP status, 45interfaces, 163routing tables, 48–50startup config, 185

virtual terminal passwords, setting, 190

virtual terminal passwords, setting

682

VLAN hopping, 202–203VLANs (virtual LANs), creating, 23VLSM (Variable-Length Subnet Masking),

31–32VMS (CiscoWorks VPN/Security

Management Solution), 313–314VPDNs, 276–277

configuring, 278–281VPNs, 383

configuring, 385VRFY command (SMTP), 129vulnerabilities of TCP/IP, 417–418

Wweb sites

Cisco Product Security Incident Response Team, 414

IETF, 417Internet Domain Survey, 417ISOC, 417

Weight attribute (BGP), 73wildcard masks, 192Windows Active Directory, 135wireless networks, 84–85

deploying, best practices, 86–88write command (SNMP), 125write terminal command, 157

VLAN hopping

index...

Documents