staff aaa

139

Staff AAA

Upload: kory

Post on 18-Jan-2016

36 views

Category:

Documents

2 download

Report

Download

Tags:

Embed Size (px):

DESCRIPTION

Staff AAA. Radius is not an ISP AAA Option. RADIUS TACACS+ Kerberos. What to Configure?. Simple Staff Authentication and Failsafe. Simple Staff Authentication and Failsafe. Simple Staff Authentication and Failsafe. Staff Authentication. Staff Accountability & Audit. - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Staff AAA

Staff AAA

Page 2: Staff AAA

Radius is not an ISP AAA Option

Page 3: Staff AAA

RADIUS TACACS+ Kerberos

Page 4: Staff AAA

What to Configure?

Page 5: Staff AAA

Simple Staff Authentication and Failsafe

Page 6: Staff AAA

Simple Staff Authentication and Failsafe

Page 7: Staff AAA

Simple Staff Authentication and Failsafe

Page 8: Staff AAA

Staff Authentication

Page 9: Staff AAA

Staff Accountability & Audit

Page 10: Staff AAA

Checkpoint with Authentication and Accounting

Page 11: Staff AAA

Limit Authority – Authorize Commands

Page 12: Staff AAA

Set Privileges

Page 13: Staff AAA

Checkpoint with default Authorization

Page 14: Staff AAA

Note on Privilege Levels and Authorization

Page 15: Staff AAA

One Time Password – Checking the ID

Page 16: Staff AAA

What is One Time Password

Page 17: Staff AAA

DoS the AAA Infrastructure

Page 18: Staff AAA

How to protect the AAA Servers?

Page 19: Staff AAA

Source Routing

Page 20: Staff AAA

ICMP Unreachable Overload

Page 21: Staff AAA

ICMP Unreachable Overload

Page 22: Staff AAA

ICMP Unreachable Overload

Page 23: Staff AAA

ICMP Unreachable Rate-Limiting

Page 24: Staff AAA

Tip: scheduler allocate

Page 25: Staff AAA

Introducing a New Router tothe Network

Page 26: Staff AAA

Introducing a New Router tothe Network

Page 27: Staff AAA

Secure Template Sources

Page 28: Staff AAA

Input Hold Queue

Page 29: Staff AAA

Input Hold Queue

Page 30: Staff AAA

Input Hold Queue

Page 31: Staff AAA

What Ports Are open on the Router?

Page 32: Staff AAA

What Ports Are open on the Router?

Page 33: Staff AAA

What Ports Are open on the Router?

Page 34: Staff AAA

Receive ACL - Overview

Page 35: Staff AAA

Receive Adjacencies

Page 36: Staff AAA

Receive ACL Command

Page 37: Staff AAA

Receive ACL

Page 38: Staff AAA

Receive Path ACL

Page 39: Staff AAA

Packet Flow

Page 40: Staff AAA

Receive ACL – Traffic Flow

Page 41: Staff AAA

rACL Processing

Page 42: Staff AAA

rACL – Required Entries

Page 43: Staff AAA

rACL – Required Entries

Page 44: Staff AAA

rACL – Building Your ACL

Page 45: Staff AAA

Filtering Fragments

Page 46: Staff AAA

rACL – Iterative Deployment

Page 47: Staff AAA

Classification ACL Example

Page 48: Staff AAA

rACL – Iterative Deployment

Page 49: Staff AAA

rACL – Iterative Deployment

Page 50: Staff AAA

rACL – Iterative Deployment

Page 51: Staff AAA

rACL – Sample Entries

Page 52: Staff AAA

rACL – Sample Entries

Page 53: Staff AAA

rACL – Sample Entries

Page 54: Staff AAA

Use Detailed Logging

Page 55: Staff AAA

Core Dumps

Page 56: Staff AAA

Core Dumps

Page 57: Staff AAA

Routing Protocol Security Why to Prefix Filter and Overview? (Threats) How to Prefix Filter? Where to Prefix Filter? Prefix Filter on Customers Egress Filter to Peers Ingress Filter from Peers Protocol Authentication (MD5) BGP BCPs that help add Resistance

Page 58: Staff AAA

Routing Protocol Security

Page 59: Staff AAA

Malicious Route InjectionPerceive Threat

Page 60: Staff AAA

Malicious Route InjectionReality – an Example

Page 61: Staff AAA

Garbage in – Garbage Out: What is it?

Page 62: Staff AAA

Garbage in – Garbage Out: Results

Page 63: Staff AAA

Garbage in – Garbage Out: Impact

Page 64: Staff AAA

Garbage in – Garbage Out: What to do?

Page 65: Staff AAA

Malicious Route InjectionAttack Methods

Page 66: Staff AAA

Malicious Route InjectionImpact

Page 67: Staff AAA

What is a prefix hijack?

Page 68: Staff AAA

Malicious Route InjectionWhat can ISPs Do?

Page 69: Staff AAA

Malicious Route InjectionWhat can ISPs Do?

Page 70: Staff AAA

Malicious Route InjectionWhat can ISPs Do?

Page 71: Staff AAA

What can ISPs Do?Containment Egress Prefix Filters

Page 72: Staff AAA

What can ISPs Do?Containment Egress Prefix Filters

Page 73: Staff AAA

What can ISPs Do?Containment Egress Prefix Filters

Page 74: Staff AAA

Malicious Route InjectionWhat can ISPs Do?

Page 75: Staff AAA

How to Prefix Filter?Ingress and Egress Route Filtering

Page 76: Staff AAA

Ingress and Egress Route Filtering

Page 77: Staff AAA

Ingress and Egress Route Filtering

Page 78: Staff AAA

Ingress and Egress Route Filtering

Page 79: Staff AAA

Ingress and Egress Route Filtering

Page 80: Staff AAA

Two Filtering Techniques

Page 81: Staff AAA

Ideal Customer Ingress/Egress Route Filtering ….

Page 82: Staff AAA

BGP Peering Fundamental

Page 83: Staff AAA

Guarded Trust

Page 84: Staff AAA

Where to Prefix Filter?

Page 85: Staff AAA

Where to Prefix Filter?

Page 86: Staff AAA

What to Prefix Filter? Documenting Special Use Addresses (DUSA) and Bo

gons

Page 87: Staff AAA

Documenting Special Use Addresses (DUSA)

Page 88: Staff AAA

Documenting Special Use Addresses (DUSA)

Page 89: Staff AAA

Documenting Special Use Addresses (DUSA)

Page 90: Staff AAA

Bogons

Page 91: Staff AAA

Ingress Prefix Filter Template

Page 92: Staff AAA

Ingress Prefix Filter Template

Page 93: Staff AAA

Prefix Filters on Customers

Page 94: Staff AAA

BGP with Customer Infers Multihoming

Page 95: Staff AAA

Receiving Customer Prefixes

Page 96: Staff AAA

Receiving Customer Prefixes

Page 97: Staff AAA

Excuses – Why providers are not prefix filtering customers.

Page 98: Staff AAA

What if you do not filter your customer?

Page 99: Staff AAA

What if you do not filter your customer?

Page 100: Staff AAA

Prefixes to Peers

Page 101: Staff AAA

Prefixes to Peers

Page 102: Staff AAA

Egress Filter to ISP Peers - Issues

Page 103: Staff AAA

Policy Questions

Page 104: Staff AAA

Ingress Prefix Filtering fromPeers

Page 105: Staff AAA

Ingress Routes from Peers or Upstream

Page 106: Staff AAA

Receiving Prefixes from Upstream & Peers (ideal case)

Page 107: Staff AAA

Receiving Prefixes — Cisco IOS

Page 108: Staff AAA

Net Police Route Filtering

Page 109: Staff AAA

Net Police Route Filtering

Page 110: Staff AAA

Net Police Filter Technique #1

Page 111: Staff AAA

Technique #1 Net Police Prefix List

Page 112: Staff AAA

Net Police Prefix List Deployment Issues

Page 113: Staff AAA

Technique #2 Net Police Prefix List Alternative

Page 114: Staff AAA

Technique #2 Net Police Prefix List Alternative

Page 115: Staff AAA

Net Police Filter – Technique #3

Page 116: Staff AAA

Technique #3 Net Police Prefix List

Page 117: Staff AAA

Net Police Filter – Technique #3

Page 118: Staff AAA

Bottom Line

Page 119: Staff AAA

Secure RoutingRoute Authentication

Page 120: Staff AAA

Plain-text neighbor authentication

Page 121: Staff AAA

MD-5 Neighbor Authentication: Originating Router

Page 122: Staff AAA

MD-5 Neighbor Authentication: Originating Router

Page 123: Staff AAA

Peer Authentication

Page 124: Staff AAA

Peer Authentication

Page 125: Staff AAA

OSPF Peer Authentication

Page 126: Staff AAA

OSPF and ISIS Authentication Example

Page 127: Staff AAA

BGP Peer Authentication

Page 128: Staff AAA

BGP Peer Authentication

Page 129: Staff AAA

BGP MD5’s Problem

Page 130: Staff AAA

BGP BCPs That Help Build Security Resistance

Page 131: Staff AAA

BGP Maximum Prefix Tracking

Page 132: Staff AAA

BGP Maximum Prefix Tracking

Page 133: Staff AAA

BGP Maximum Prefix Tracking

Page 134: Staff AAA

Avoid Default Routes

Page 135: Staff AAA

Network with Default Route – Pointing to Upstream A

Page 136: Staff AAA

Network with Default Route – But not Pointing to Upstream

Page 137: Staff AAA

Network with No Default Route

Page 138: Staff AAA

Default Route and ISP Security - Guidance

Page 139: Staff AAA

Default to a Sink-Hole Router/Network

Risk Management Series - faculty.fuqua.duke.educharvey/Teaching/IntesaBci_2001/GS_Managing_market...AAAA A AAA A AAA A AAA A AAA A AAA A AAA A AAA A AAA A AAA AAAA AAAA AAAA AAAA AAAA

a—aa —aaa —aaa —aaa —aaa —aaa —aaa aaa— aaa— aaa— aaa— aaa— aaaaa … · aaaaa aaa— Title: Untitled-1 Author: Siddiq Created Date: 8/21/2014 6:21:01 PM

eeeeeee a. AAA AAA a a · eeeeeee a. AAA AAA a a . Created Date: 5/14/2015 5:20:42 PM

· aunts & uncles siblings FRIENDS cousins friends . additional stories from pregnancy . AAA A AAA AA AA A AA AAA AAA AAA AAA AAA AAA AA AA A ... weat her price of a gallon of milk

Why’Can’t’This’Be’Love? aaa Van’Halen’ · Why’Can’t’This’Be’Love?!!!!!Difficulty!=!aaa’ Van’Halen’ CHORDS’USED’INTHIS’SONG!!

AAA · 2020. 7. 21. · AAA ... aaa

2017 0401 m6A supp fig merge - Nature Research · ACT GGA AAC GAC AAA AAA ACT GGA AAC GAC AAA AAA ACT GGA AAC GAC AAA AAA ACT GGA AAC GAC AAA AAA ACT GGA AAC GAC AAA AAA ACT GGA Supplementary

Secure Reversible Passwords for AAA - Cisco · Secure Reversible Passwords for AAA TheSecureReversiblePasswordsforAAAfeatureenablessecurereversibleencryptionforauthentication, authorization,andaccounting(AAA

AAA Destination Guide: Official AAA maps, Essentials travel

1231 1+1 1+1 1+1 No. No. 75 1 I aaa aaa aaa aaa aaa aaa

travel.sogoseikyo.jpaaa aa abb bbb aa bbb a b aaa baaaaaabaaaaaabaaaÅab c p aaa aaa aaa aaa cara aaa aaaaacaaaaaacaaaaa .iii ioÊa aacaaaaaaodbbbbbcbbbbbbdbbbbb 11b bbb a b b b a

AAA ENGLISH AAA - KG Electronic

AAA Destination Guide: Official AAA maps, Essentials ...tdr.aaa.com/tdr-images/images/articles/000/013/292/Originals/... · AAA Destination Guide: Official AAA maps, ... Mountain

Association...2020 EGUE TES sdas Ma aaa Ma Monona Ma aaa Ma Monona n aaa n Monona n aaa n Monona n aaa o in, TBA aaa Monona aaa s Monona s aaa s

arranged by tom wallace percussion by tony mccutchen 11 a a 10 aaa > e] aa aaa 6 aaa aaa aaa aaa aaa aaa 13 > 19 — 18 15 a a aa 16 a a 12 20 23 a > 24 aaa > 25 a > 26 aaa > 27 gÆ4k

AAA Reading-Berks with your AAA Rewards Visa® Card!ww2.aaa.com/aaa/219/static/TICKET_BROCHURE_DISNEY.pdf · AAA Reading-Berks with your AAA Rewards Visa® Card! 1 & 2 Day tickets

AAA Destination Guide: Official AAA maps, …tdr.aaa.com/tdr-images/images/articles/000/013/260/...1 AAA Destination Guide: Official AAA maps, travel information and top picks AAA

AAA;-*AAA**************************** - files.eric.ed.gov · PDF fileunder Batas Pambansa Bilang 232 otherwise known as the Education Act. of 1982, BTVE, a staff bureau of the DECS,

Covered Bond Investor Report 20200630|Nationwide...28/11/2025 14/03/2011 AAA/Aaa/AAA AAA/Aaa/AAA EUR 50,000,000 0.8583690988 42,918,455 50,000,000 50,000,000 1.00000 1.00000 14/3/2023

AAA Automated Testing… For AAA Games

Class AAA Standard Solar Simulator - OAI AAA Certification and Final Test Report: OAI Solar Simulators are manufactured and certified by OAI’s engineering staff. All Solar Simulators

Cross Stitch Chart - 365 Days of Dana · 2020. 8. 8. · Cross Stitch Chart SymbolType No Name DMC 310 Black DMC 321 Red (DMC BLANC BLANC) 10 20 30 AAA A AAA AAA AA A AAA AAA AAA

Aging & Adult Services Agency · 1A: Detroit AAA 1B: AAA-1B 1C: The Senior Alliance 2: Region 2 AAA 3A: 3A AAA 3B: 3B AAA 3C: Branch-St. Joseph AAA 4: Region IV AAA 5: Valley AAA

(Un-)Certainties in SABR · Dose (cGy) Volume (%) AAA Acuros AAA Acuros AAA Acuros AAA Acuros AAA Acuros AAA Acuros AAA Acuros AAA Acuros 9.3 cm3 7.1 cm3 1.6 cm3 11.4 cm 3 5.5 cm3

S6C12 - AAA AAA Facts. AAA Defined Authentication, Authorization, and Accounting Central Management of AAA –Information in a single, centralized, secure

Understanding AAA & The AAA Market - nccommerce.com · 2012-03-26 · Understanding AAA & The AAA Market . ... auto travel, travel agency, member communication, ... • World’s

FRONT 11 11 BODY CONIC assn dOOO BODY CYLINDER FWD ... · apollo soyuz test project command module 1:144 free model d conics (2) aaa aaa aaa aaa aaa aaa aa united states service module

AAA and Fuel Conservation - AAA Newsroomnewsroom.aaa.com/wp-content/uploads/2013/03/AAA-Gas-Watchers-Guide...AAA Association Communication 1000 AAA Drive, Heathrow, FL 32746-5063 Contents

AAA Destination Guide: Official AAA maps, …tdr.aaa.com/tdr-images/images/articles/000/013/266/...1 AAA Destination Guide: Official AAA maps, travel information and top picks AAA

Home - IC Corropoli, Colonnella, Controguerra · o o o AAA AAA AAA AAA AAA AAA AAA 00 0 00 00 00 00 00 00 00 00 oo oo oo oo oo 00 00 . o o o o CD o o O O D (D o O o O co O AAA AAA

repositorio.ingemmet.gob.pe · 2019. 3. 27. · 16g-002 aaa 160 aaa 70 aaa 80 aaa 90 HUVILCA( BUENO (Cu,W) aaa 200 Rio Càhu aaa 200 I aaa 20 1m b m aye aaa 220 Loreto J am arc San

Index [ptgmedia.pearsoncmg.com] · CLI (Command Line Interface) AAA configuration aaa accounting command, 503-504 aaa authentication ppp command, 501 aaa authorization command, 502

CQAUTELEC DL-294 aaa aaa aaa ums — AUTELEC Filling machine ...€¦ · CQAUTELEC DL-294 aaa aaa aaa ums — AUTELEC Filling machine Envasadora de Aceite por Peso [email protected]

Bibliography - heuristscholar.orgheuristscholar.org/APPLICATIONS/understanding_mapinfo/Bibliography... · Bibliography AAAA A AAA A AAA A AAA A AAA A AAA A AAA A ... MapInfo Inc

Pennsylvania’s Guide to Agency-Based Voter Registration Programs Online Training for AAA Staff October 2013