SlideShare a Scribd company logo

Cisco Equipment Security

Conferencias FIST
Conferencias FIST
Technology
1 of 34
Download to read offline
Seguridad en los elementos de red Cisco © Rafael Vida, 2004
Index (I) ♦ Introducción – General Situation • Routers • Security Policy • Purpose of a router • Basic Router Functional Architecture – Protecting the Network with the Router
Index (II) ♦ Protecting the Router Itself – Attacks on Routers – Managing the Router • SNMP • SSH – Security Policy for Cisco Routers ♦ Implementing Security: E-Policy – AAA • Remote Access • Logins, Privileges, Passwords, and Accounts
Index (III) ♦ Filtering – ACL – ACR ♦ RAT (Router Audit Tool)
Introduction
Introduction ♦ Purpose of a router – Directing packets, roting protocols – Filtering:ACL – Modifing packet´s headers: NAT, PAT. ♦ Hardware – CPU, Memory: • RAM, NVRAM, Flash, and ROM (PROM, EEPROM) • ROM, NVRAM. – Does Not have Hard disk, floppy, CDROM, etc.
Introduction Network Network Networ Network Network Networ 00 11 ... kknn Interface 0 Interface 1 Interface n ... Routing Fabric CPU Conf Router Consola
Security Policy
Security Policy ♦ Router Security Layers Physical access Electrical Access Physical Integrity Administrative Access Core Static Configuration Software Access Routing Protocolos Dynamic Configuration Management Protocols Access to the networks that the Network traffic router Serves
Security Policy: Checklist ♦ Physical Security – Who is autorized to install, de-instal, move, etc. – Making physical connections to the router • Console and direct ports • Recovery procedures ♦ Static Configuration – Who is authorized to log into the router – Roles – Password Policy – Log policy – Porcedures and limits of use
Security Policy: Checklist ♦ Dynamic Configuration Security – Services permited in the router – Routing protoclos, clock (NTP) – Procedures in key agreement and cryptographic algorithms ♦ Compromise Response – ITO?, Netcool?, ... – Response procedures, authorities, and objectives for response after a successful attack against the network – Law
Security Policy: Checklist ♦ Network Service Security – Procedures and roles for interactions with external service providers and maintenance technicians – Protocols, ports, services, etc Internet DMZ Management
Protecting networks and routers
Protecting the networks ♦ Router Clasification by funcionality – Internal Routers – Backbone – Border (EDCs)
Protecting the router: Attacks ♦ Unauthorized access ♦ Session hijacking ♦ Rerouting ♦ Dos ♦ Ddos (!) ♦ SNMP attacks
Protecting the router: Managing Política de FW por Centro de FW Adminstrado Gestión por Cliente Centro de Gestión local LAN_Cliente FW_Cliente FW_CGP Punto Central EDCs PVCs Servicio Gestión Local EDCs Accounting entre EDCs y CGP TACACS+, Telnet, TFTP,SNMP,... Trafico entre EDCs y FW Gestión Central SNMP, Syslog, ICMP,... Trafico entre CGP y Gestión Central SSH, Ofimática, Vantive,... Centro de Gestión Central
Protecting the router: Managing ♦ Local access only for Emergency. Audit. ♦ Telnet (?!) ó SSH ♦ SNMP access. – Limit the connections, ACLs ♦ AAA: – Logging and Accounting: Tacacs+ – Auditing – Authorizing
Implementing: E-Policy Cisco
Router Access Security ♦ Physical Security ♦ Software Upgrade – Minimun 12.0.* – Recommended 12.0.9 ♦ Virtual interfaces: loopback Central# config t Enter configuration commands, one per line. End with CNTL/Z. Central(config)# interface loopback0 Central(config-if)# description Main loopback interface Central(config-if)# ip address 14.2.11.250 255.255.255.255 Central(config-if)# end Central#
Login Banners and motd ♦ Banner – No Network architecture information and router configuration details – AVISO: ha accedido a un sistema propiedad de TELEFONICA. Necesita tener autorización antes de usarlo, estando usted estrictamente limitado al uso indicado en dicha autorización. El acceso no autorizado a este sistema o el uso indebido del mismo está prohibido y es contrario a la Política Corporativa de Seguridad y a la legislación vigente. Si usted revela información interna de TELEFONICA o de sus clientes sin previa autorización podrá estar incurriendo en una violación de la Normativa Corporativa, que podría incluso suponer la posible comisión de un delito o falta.
Login ♦ Console Central# config t Enter configuration commands, one per line. End with CNTL/Z. Central(config)# line con 0 Central(config-line)# transport input none Central(config-line)# login local Central(config-line)# exec-timeout 5 0 Central(config-line)# exit Central(config)# ♦ VTYs and Remote Administration ♦ Privileges, 16 levels ♦ Diferents Accounts ♦ service password-encryption – ! SNMP, Radius, TACACS+, NTP, PEER auth. Keys. ♦ Auxiliary port disabled
Remote Access 1. No Remote: administration is performed on the console only. 2. Remote Internal only with AAA: administration can be performed on the router from a trusted internal network only, and AAA is used for access control. 3. Remote Internal only: administration can be performed on the router from the internal network only. 4. Remote External with AAA: administration can be performed with both internal and external connections and uses AAA for access control. 5. Remote External: administration can be performed with both internal and external connections.
AAA ♦ Authentication – With SSH or IPsec ♦ Authorization – Command by command. All not allowed is denied. ♦ Acounting – Forensic Analisys ♦ Keep the running configuration and startup configuration syncronized ♦ TFTP is dead
Services
Access Control List ♦ access-list list-number {deny | permit} source [source-wildcard] [log] ♦ access-list list-number {deny | permit} protocol source source-wildcard source-qualifiers destination destination-wildcard destination- qualifiers [ log | log-input]
Defense ♦ Spoofing – ACL ♦ TCP SYN Attack East(config)# ip tcp intercept list 107 East(config)# access-list 107 permit tcp any 14.2.6.0 0.0.0.255 East(config)# access-list 107 deny ip any any log East(config)# interface eth 0/0 East(config-if)# description "External 10mb ethernet interface" East(config-if)# ip access-group 107 in
Defense ♦ LandAttack East(config)# access-list 100 deny ip host 14.1.1.20 host 14.1.1.20 log East(config)# access-list 100 permit ip any any East(config)# interface eth0/0 East(config-if)# description External interface to 14.1.0.0/16 East(config-if)# ip address 14.1.1.20 255.255.0.0 East(config-if)# ip access-group 100 in East(config-if)# exit ♦ Smurf East(config)# access-list 110 deny ip any host 14.2.6.255 log East(config)# access-list 110 deny ip any host 14.2.6.0 log East(config)# interface interface eth0/0 East(config-if)# ip access-group 110 in East(config-if)# exit
Defense ♦ DDOS – ! the TRINOO DDoS systems access-list 170 deny tcp any any eq 27665 log access-list 170 deny udp any any eq 31335 log access-list 170 deny udp any any eq 27444 log – ! the Stacheldraht DDoS system access-list 170 deny tcp any any eq 16660 log access-list 170 deny tcp any any eq 65000 log – ! the TrinityV3 system access-list 170 deny tcp any any eq 33270 log access-list 170 deny tcp any any eq 39168 log – ! the Subseven DDoS system and some variants access-list 170 deny tcp any any range 6711 6712 log access-list 170 deny tcp any any eq 6776 log access-list 170 deny tcp any any eq 6669 log access-list 170 deny tcp any any eq 2222 log access-list 170 deny tcp any any eq 7000 log
Committed Access Rate ♦ rate-limit {input | output} [access-group [rate-limit] acl] token-bit-rate burst-normal-size burst-excess-size conform-action action exceed-action action ♦ north(config)# no access-list 160 north(config)# access-list 160 deny tcp any any established north(config)# access-list 160 permit tcp any any syn north(config)# interface eth0/0 north(config-if)# rate-limit input access-group 160 64000 8000 8000 conform-action transmit exceed-action drop north(config-if)# end
RAT been added to Level 2 ♦SSH has ♦ The user is given a choice between telnet and SSH ♦ Separate Access Control Lists used for telnet and SSH ♦ "exec-timeout" increased to 10 minutes ♦ Comments about password resuse added ♦ Level 2 authentication now requires a local username ♦ The prohibition against local usernames in Level 2 was removed ♦ "no ip proxy-arp" moved to Level 2 ♦ Allow egress filters to be applies on internal interfaces ♦ Documented preference for SNMP V3 if SNMP is used ♦ Rule to forbid SNMP without an ACL moved to Level 1 ♦ Loopback rules refer user to local policy ♦ Timestamp debug rule added to Level 1 ♦ Added a note about line passwords being redundant ♦ User can now specificy AAA name-list variable ("default", "local_auth" ...). This was needed to support 12.3's "auto-secure" feature ♦ Exec timeout is now a maximum value for all lines (con 0, aux 0), not an exact value. This allows the rules to accommodate settings that are shorter/more restrictive without flagging an error
References Books, RFCs, Links
References ♦ Books ♦ Papers – Albritton, J. Cisco IOS Essentials, McGraw-Hill, 1999. – “Internetworking Technology – Ballew, S.M., Managing IP Networks Overview”, Cisco Systems, with Cisco Routers, O’Reilly 1999.http://www.cisco.com/univer Associates, 1997. cd/cc/td/doc/cisintwk/ito_doc/ – Chappell, L. Introduction to Cisco Router Configuration, Cisco Press, – “OSI Layer 3”, Cisco Systems 1998. Brochure, Cisco Systems, – Chappell, L. (ed.) Advanced Cisco 1997.http://www.cisco.com/warp/p Router Configuration, Cisco Press, ublic/535/2.html 1999. – Perlman, R., Interconnections: Bridges – “TCP/IP”, Cisco Product and Routers, McGraw-Hill, 1992. Overview, Cisco Systems, – Sacket, G., Cisco Router Handbook, 1997.http://www.cisco.com/warp/p McGraw-Hill, 1999. ublic/535/4.html – Held, G. and Hundley, K., Cisco Security Architectures, McGraw-Hill, 1999. – Tannenbaum, A., Computer Networks, 2nd edition, Prentice-Hall, 1998.
References ♦ RFCs – Postel, J., “User Datagram Protocol – Fuller, V., Li, T., Varadhan K., and Yu, (UDP)”, RFC 768, 1980. J., “Classless Inter-Domain Routing – Postel, J., “Internet Protocol (IP)”, RFC – (CIDR): an Address Assignment and 791, 1981. Aggregation Strategy”, RFC 1519, – Postel, J., “Transmission Control 1993. Protocol (TCP)”, RFC 793, 1981. – Postel, J. and Braden, R., “Requirements for Internet Gateways”, RFC 1009, 1987. – Socolofsky, T. and Kale, C., “A TCP/IP Tutorial”, RFC 1180, 1991. – Malkin, G. and Parker T.L., “Internet User’s Glossary”, RFC 1392, 1993. – Rekhter, Y. and Li, T., “An Architecture of IP Address Allocation with CIDR”, RFC 1518, 1993.
Fin © Rafael Vida, 2004 Cisco-FIST@mixmail.com

Recommended

Packet Tracer Simulation Lab Layer 2 Switching
Packet Tracer Simulation Lab Layer 2 SwitchingPacket Tracer Simulation Lab Layer 2 Switching
Packet Tracer Simulation Lab Layer 2 SwitchingJohnson Liu
 
Olive Introduction for TOI
Olive Introduction for TOIOlive Introduction for TOI
Olive Introduction for TOIJohnson Liu
 
Advanced motion controls dzxcante 008l080
Advanced motion controls dzxcante 008l080Advanced motion controls dzxcante 008l080
Advanced motion controls dzxcante 008l080Electromate
 
Ccna Imp Guide
Ccna Imp GuideCcna Imp Guide
Ccna Imp Guideabhijitgnbbl
 
PLNOG15: VidMon - monitoring video signal quality in Service Provider IP netw...
PLNOG15: VidMon - monitoring video signal quality in Service Provider IP netw...PLNOG15: VidMon - monitoring video signal quality in Service Provider IP netw...
PLNOG15: VidMon - monitoring video signal quality in Service Provider IP netw...PROIDEA
 
Catalyst Smart Operations : Simplify Your Network
Catalyst Smart Operations : Simplify Your NetworkCatalyst Smart Operations : Simplify Your Network
Catalyst Smart Operations : Simplify Your NetworkCisco Russia
 
Advanced motion controls dzxralte 015l080
Advanced motion controls dzxralte 015l080Advanced motion controls dzxralte 015l080
Advanced motion controls dzxralte 015l080Electromate
 
Nemo outdoor-6-0-manual
Nemo outdoor-6-0-manualNemo outdoor-6-0-manual
Nemo outdoor-6-0-manualDuc Nguyen Thanh
 

Recommended

Packet Tracer Simulation Lab Layer 2 Switching
Packet Tracer Simulation Lab Layer 2 SwitchingPacket Tracer Simulation Lab Layer 2 Switching
Packet Tracer Simulation Lab Layer 2 SwitchingJohnson Liu
 
Olive Introduction for TOI
Olive Introduction for TOIOlive Introduction for TOI
Olive Introduction for TOIJohnson Liu
 
Advanced motion controls dzxcante 008l080
Advanced motion controls dzxcante 008l080Advanced motion controls dzxcante 008l080
Advanced motion controls dzxcante 008l080Electromate
 
Ccna Imp Guide
Ccna Imp GuideCcna Imp Guide
Ccna Imp Guideabhijitgnbbl
 
PLNOG15: VidMon - monitoring video signal quality in Service Provider IP netw...
PLNOG15: VidMon - monitoring video signal quality in Service Provider IP netw...PLNOG15: VidMon - monitoring video signal quality in Service Provider IP netw...
PLNOG15: VidMon - monitoring video signal quality in Service Provider IP netw...PROIDEA
 
Catalyst Smart Operations : Simplify Your Network
Catalyst Smart Operations : Simplify Your NetworkCatalyst Smart Operations : Simplify Your Network
Catalyst Smart Operations : Simplify Your NetworkCisco Russia
 
Advanced motion controls dzxralte 015l080
Advanced motion controls dzxralte 015l080Advanced motion controls dzxralte 015l080
Advanced motion controls dzxralte 015l080Electromate
 
Nemo outdoor-6-0-manual
Nemo outdoor-6-0-manualNemo outdoor-6-0-manual
Nemo outdoor-6-0-manualDuc Nguyen Thanh
 
Advanced motion controls dzxralte 008l080
Advanced motion controls dzxralte 008l080Advanced motion controls dzxralte 008l080
Advanced motion controls dzxralte 008l080Electromate
 
ACIT - CCNA Training Course Topic - Switch Stp ACIT
ACIT - CCNA Training Course Topic - Switch Stp ACITACIT - CCNA Training Course Topic - Switch Stp ACIT
ACIT - CCNA Training Course Topic - Switch Stp ACITSleek International
 
Packet Tracer Simulation Lab Layer3 Routing
Packet Tracer Simulation Lab Layer3 RoutingPacket Tracer Simulation Lab Layer3 Routing
Packet Tracer Simulation Lab Layer3 RoutingJohnson Liu
 
SGSN- serving gprs support node - Platform - HW, SW and CLI
SGSN- serving gprs support node - Platform - HW, SW and CLI SGSN- serving gprs support node - Platform - HW, SW and CLI
SGSN- serving gprs support node - Platform - HW, SW and CLI Mustafa Golam
 
Advanced motion controls dzxralte 040l080
Advanced motion controls dzxralte 040l080Advanced motion controls dzxralte 040l080
Advanced motion controls dzxralte 040l080Electromate
 
Openwrt wireless
Openwrt wirelessOpenwrt wireless
Openwrt wireless晓东 杜
 
Wellgate 26xx Series VoIP Gateway
Wellgate 26xx Series VoIP Gateway Wellgate 26xx Series VoIP Gateway
Wellgate 26xx Series VoIP Gateway Long Nguyen
 
Sil dgcis themis_n_specifications_v1.0_beta
Sil dgcis themis_n_specifications_v1.0_betaSil dgcis themis_n_specifications_v1.0_beta
Sil dgcis themis_n_specifications_v1.0_betabonnaudfrederic
 
DVC
DVCDVC
DVCaescotom
 
Switching 2
Switching 2Switching 2
Switching 2Kishore Kumar
 
Um basic config_l2p_rel71_en
Um basic config_l2p_rel71_enUm basic config_l2p_rel71_en
Um basic config_l2p_rel71_enАндрей Бодосов
 
FreeTDM PRI Passive Recording
FreeTDM PRI Passive RecordingFreeTDM PRI Passive Recording
FreeTDM PRI Passive RecordingMoises Silva
 
Dynamic routing EIGRP
Dynamic routing EIGRPDynamic routing EIGRP
Dynamic routing EIGRPKishore Kumar
 
Password Recovery
Password RecoveryPassword Recovery
Password RecoveryKishore Kumar
 
Lab routing protocols eigrp
Lab routing protocols eigrpLab routing protocols eigrp
Lab routing protocols eigrpzafar85
 
106666221 3 g-single-site-verification-report-template-teletalk
106666221 3 g-single-site-verification-report-template-teletalk106666221 3 g-single-site-verification-report-template-teletalk
106666221 3 g-single-site-verification-report-template-teletalkRocky Anderson
 
3 g ssv fc2233
3 g ssv fc22333 g ssv fc2233
3 g ssv fc2233Adeola Ogundele(MNSE)
 
GGM8000-FIPs-Certification
GGM8000-FIPs-CertificationGGM8000-FIPs-Certification
GGM8000-FIPs-CertificationDavid Kiefer
 
Ccna2 mod3-configuring a-router
Ccna2 mod3-configuring a-routerCcna2 mod3-configuring a-router
Ccna2 mod3-configuring a-router97148881557
 
Kannad 406 af compact
Kannad 406 af compactKannad 406 af compact
Kannad 406 af compactgelbyson
 
Events Logging Markup Language
Events Logging Markup LanguageEvents Logging Markup Language
Events Logging Markup LanguageConferencias FIST
 
Google as a Hacking Tool
Google as a Hacking ToolGoogle as a Hacking Tool
Google as a Hacking ToolConferencias FIST
 

More Related Content

What's hot

Advanced motion controls dzxralte 008l080
Advanced motion controls dzxralte 008l080Advanced motion controls dzxralte 008l080
Advanced motion controls dzxralte 008l080Electromate
 
ACIT - CCNA Training Course Topic - Switch Stp ACIT
ACIT - CCNA Training Course Topic - Switch Stp ACITACIT - CCNA Training Course Topic - Switch Stp ACIT
ACIT - CCNA Training Course Topic - Switch Stp ACITSleek International
 
Packet Tracer Simulation Lab Layer3 Routing
Packet Tracer Simulation Lab Layer3 RoutingPacket Tracer Simulation Lab Layer3 Routing
Packet Tracer Simulation Lab Layer3 RoutingJohnson Liu
 
SGSN- serving gprs support node - Platform - HW, SW and CLI
SGSN- serving gprs support node - Platform - HW, SW and CLI SGSN- serving gprs support node - Platform - HW, SW and CLI
SGSN- serving gprs support node - Platform - HW, SW and CLI Mustafa Golam
 
Advanced motion controls dzxralte 040l080
Advanced motion controls dzxralte 040l080Advanced motion controls dzxralte 040l080
Advanced motion controls dzxralte 040l080Electromate
 
Openwrt wireless
Openwrt wirelessOpenwrt wireless
Openwrt wireless晓东 杜
 
Wellgate 26xx Series VoIP Gateway
Wellgate 26xx Series VoIP Gateway Wellgate 26xx Series VoIP Gateway
Wellgate 26xx Series VoIP Gateway Long Nguyen
 
Sil dgcis themis_n_specifications_v1.0_beta
Sil dgcis themis_n_specifications_v1.0_betaSil dgcis themis_n_specifications_v1.0_beta
Sil dgcis themis_n_specifications_v1.0_betabonnaudfrederic
 
FreeTDM PRI Passive Recording
FreeTDM PRI Passive RecordingFreeTDM PRI Passive Recording
FreeTDM PRI Passive RecordingMoises Silva
 
Dynamic routing EIGRP
Dynamic routing EIGRPDynamic routing EIGRP
Dynamic routing EIGRPKishore Kumar
 
Lab routing protocols eigrp
Lab routing protocols eigrpLab routing protocols eigrp
Lab routing protocols eigrpzafar85
 
106666221 3 g-single-site-verification-report-template-teletalk
106666221 3 g-single-site-verification-report-template-teletalk106666221 3 g-single-site-verification-report-template-teletalk
106666221 3 g-single-site-verification-report-template-teletalkRocky Anderson
 
GGM8000-FIPs-Certification
GGM8000-FIPs-CertificationGGM8000-FIPs-Certification
GGM8000-FIPs-CertificationDavid Kiefer
 
Ccna2 mod3-configuring a-router
Ccna2 mod3-configuring a-routerCcna2 mod3-configuring a-router
Ccna2 mod3-configuring a-router97148881557
 
Kannad 406 af compact
Kannad 406 af compactKannad 406 af compact
Kannad 406 af compactgelbyson
 

What's hot (20)

Advanced motion controls dzxralte 008l080
Advanced motion controls dzxralte 008l080Advanced motion controls dzxralte 008l080
Advanced motion controls dzxralte 008l080
 
ACIT - CCNA Training Course Topic - Switch Stp ACIT
ACIT - CCNA Training Course Topic - Switch Stp ACITACIT - CCNA Training Course Topic - Switch Stp ACIT
ACIT - CCNA Training Course Topic - Switch Stp ACIT
 
Packet Tracer Simulation Lab Layer3 Routing
Packet Tracer Simulation Lab Layer3 RoutingPacket Tracer Simulation Lab Layer3 Routing
Packet Tracer Simulation Lab Layer3 Routing
 
SGSN- serving gprs support node - Platform - HW, SW and CLI
SGSN- serving gprs support node - Platform - HW, SW and CLI SGSN- serving gprs support node - Platform - HW, SW and CLI
SGSN- serving gprs support node - Platform - HW, SW and CLI
 
Advanced motion controls dzxralte 040l080
Advanced motion controls dzxralte 040l080Advanced motion controls dzxralte 040l080
Advanced motion controls dzxralte 040l080
 
Openwrt wireless
Openwrt wirelessOpenwrt wireless
Openwrt wireless
 
Wellgate 26xx Series VoIP Gateway
Wellgate 26xx Series VoIP Gateway Wellgate 26xx Series VoIP Gateway
Wellgate 26xx Series VoIP Gateway
 
Sil dgcis themis_n_specifications_v1.0_beta
Sil dgcis themis_n_specifications_v1.0_betaSil dgcis themis_n_specifications_v1.0_beta
Sil dgcis themis_n_specifications_v1.0_beta
 
DVC
DVCDVC
DVC
 
Switching 2
Switching 2Switching 2
Switching 2
 
Um basic config_l2p_rel71_en
Um basic config_l2p_rel71_enUm basic config_l2p_rel71_en
Um basic config_l2p_rel71_en
 
FreeTDM PRI Passive Recording
FreeTDM PRI Passive RecordingFreeTDM PRI Passive Recording
FreeTDM PRI Passive Recording
 
Dynamic routing EIGRP
Dynamic routing EIGRPDynamic routing EIGRP
Dynamic routing EIGRP
 
Password Recovery
Password RecoveryPassword Recovery
Password Recovery
 
Lab routing protocols eigrp
Lab routing protocols eigrpLab routing protocols eigrp
Lab routing protocols eigrp
 
106666221 3 g-single-site-verification-report-template-teletalk
106666221 3 g-single-site-verification-report-template-teletalk106666221 3 g-single-site-verification-report-template-teletalk
106666221 3 g-single-site-verification-report-template-teletalk
 
3 g ssv fc2233
3 g ssv fc22333 g ssv fc2233
3 g ssv fc2233
 
GGM8000-FIPs-Certification
GGM8000-FIPs-CertificationGGM8000-FIPs-Certification
GGM8000-FIPs-Certification
 
Ccna2 mod3-configuring a-router
Ccna2 mod3-configuring a-routerCcna2 mod3-configuring a-router
Ccna2 mod3-configuring a-router
 
Kannad 406 af compact
Kannad 406 af compactKannad 406 af compact
Kannad 406 af compact
 

Viewers also liked

Events Logging Markup Language
Events Logging Markup LanguageEvents Logging Markup Language
Events Logging Markup LanguageConferencias FIST
 
Challenges and Benefits of Information Security Management
Challenges and Benefits of Information Security ManagementChallenges and Benefits of Information Security Management
Challenges and Benefits of Information Security ManagementConferencias FIST
 
Forensics of a Windows Systems
Forensics of a Windows SystemsForensics of a Windows Systems
Forensics of a Windows SystemsConferencias FIST
 
Ataque a un sistema en entorno wireless fist
Ataque a un sistema en entorno wireless fistAtaque a un sistema en entorno wireless fist
Ataque a un sistema en entorno wireless fistConferencias FIST
 
Proteccion Contra Hacking con Google
Proteccion Contra Hacking con GoogleProteccion Contra Hacking con Google
Proteccion Contra Hacking con GoogleConferencias FIST
 
GoriFederica 2012-2013_es4a
GoriFederica 2012-2013_es4aGoriFederica 2012-2013_es4a
GoriFederica 2012-2013_es4aFedericafuz
 
Implantación y Control de un Modelo de Gestión
Implantación y Control de un Modelo de GestiónImplantación y Control de un Modelo de Gestión
Implantación y Control de un Modelo de GestiónConferencias FIST
 
как формировался характер юрия гагарина в семье
как формировался характер юрия гагарина в семьекак формировался характер юрия гагарина в семье
как формировался характер юрия гагарина в семьеSvetlana Chucha
 
Type of speeches
Type of speechesType of speeches
Type of speechescarlostunon
 

Viewers also liked (19)

Events Logging Markup Language
Events Logging Markup LanguageEvents Logging Markup Language
Events Logging Markup Language
 
Google as a Hacking Tool
Google as a Hacking ToolGoogle as a Hacking Tool
Google as a Hacking Tool
 
Challenges and Benefits of Information Security Management
Challenges and Benefits of Information Security ManagementChallenges and Benefits of Information Security Management
Challenges and Benefits of Information Security Management
 
Forensics of a Windows Systems
Forensics of a Windows SystemsForensics of a Windows Systems
Forensics of a Windows Systems
 
Ataque a un sistema en entorno wireless fist
Ataque a un sistema en entorno wireless fistAtaque a un sistema en entorno wireless fist
Ataque a un sistema en entorno wireless fist
 
Malware RADA
Malware RADAMalware RADA
Malware RADA
 
Spanish Honeynet Project
Spanish Honeynet ProjectSpanish Honeynet Project
Spanish Honeynet Project
 
Standards
StandardsStandards
Standards
 
Security Metrics
Security MetricsSecurity Metrics
Security Metrics
 
Proteccion Contra Hacking con Google
Proteccion Contra Hacking con GoogleProteccion Contra Hacking con Google
Proteccion Contra Hacking con Google
 
GoriFederica 2012-2013_es4a
GoriFederica 2012-2013_es4aGoriFederica 2012-2013_es4a
GoriFederica 2012-2013_es4a
 
Implantación y Control de un Modelo de Gestión
Implantación y Control de un Modelo de GestiónImplantación y Control de un Modelo de Gestión
Implantación y Control de un Modelo de Gestión
 
La jungla de las redes Wifi
La jungla de las redes WifiLa jungla de las redes Wifi
La jungla de las redes Wifi
 
как формировался характер юрия гагарина в семье
как формировался характер юрия гагарина в семьекак формировался характер юрия гагарина в семье
как формировался характер юрия гагарина в семье
 
WAFEC
WAFECWAFEC
WAFEC
 
Access Control Management
Access Control ManagementAccess Control Management
Access Control Management
 
CERT Certification
CERT CertificationCERT Certification
CERT Certification
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Type of speeches
Type of speechesType of speeches
Type of speeches
 

Similar to Cisco Equipment Security

IRATI: an open source RINA implementation for Linux/OS
IRATI: an open source RINA implementation for Linux/OSIRATI: an open source RINA implementation for Linux/OS
IRATI: an open source RINA implementation for Linux/OSICT PRISTINE
 
Network Design on cisco packet tracer 6.0
Network Design on cisco packet tracer 6.0Network Design on cisco packet tracer 6.0
Network Design on cisco packet tracer 6.0Saurav Pandey
 
CampusSDN2017 - Jawdat: SDN Technology Evolvement
CampusSDN2017 - Jawdat: SDN Technology EvolvementCampusSDN2017 - Jawdat: SDN Technology Evolvement
CampusSDN2017 - Jawdat: SDN Technology EvolvementJawdatTI
 
PLNOG16: Bezpieczeństwo w sieci operatora, Sebastian Pasternacki
PLNOG16: Bezpieczeństwo w sieci operatora, Sebastian PasternackiPLNOG16: Bezpieczeństwo w sieci operatora, Sebastian Pasternacki
PLNOG16: Bezpieczeństwo w sieci operatora, Sebastian PasternackiPROIDEA
 
Network State Awareness & Troubleshooting
Network State Awareness & TroubleshootingNetwork State Awareness & Troubleshooting
Network State Awareness & TroubleshootingAPNIC
 
DPDK layer for porting IPS-IDS
DPDK layer for porting IPS-IDSDPDK layer for porting IPS-IDS
DPDK layer for porting IPS-IDSVipin Varghese
 
Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1Joel W. King
 
Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Yongyoon Shin
 
Cisco Router Security
Cisco Router SecurityCisco Router Security
Cisco Router Securitykktamang
 
Cloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPFCloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPFRaphaël PINSON
 
NFV Orchestration for Optimal Performance
NFV Orchestration for Optimal PerformanceNFV Orchestration for Optimal Performance
NFV Orchestration for Optimal Performancedfilppi
 
High availability deep dive high-end srx series
High availability deep dive high-end srx seriesHigh availability deep dive high-end srx series
High availability deep dive high-end srx seriesMuhammad Denis Iqbal
 
OSN days 2019 - Open Networking and Programmable Switch
OSN days 2019 - Open Networking and Programmable SwitchOSN days 2019 - Open Networking and Programmable Switch
OSN days 2019 - Open Networking and Programmable SwitchChun Ming Ou
 
Intro to router_config
Intro to router_configIntro to router_config
Intro to router_config97148881557
 
Cisco ios order of operation
Cisco ios order of operationCisco ios order of operation
Cisco ios order of operationIT Tech
 
How to convert your Linux box into Security Gateway - Part 1
How to convert your Linux box into Security Gateway - Part 1How to convert your Linux box into Security Gateway - Part 1
How to convert your Linux box into Security Gateway - Part 1n|u - The Open Security Community
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data planeNetProtocol Xpert
 

Similar to Cisco Equipment Security (20)

IRATI: an open source RINA implementation for Linux/OS
IRATI: an open source RINA implementation for Linux/OSIRATI: an open source RINA implementation for Linux/OS
IRATI: an open source RINA implementation for Linux/OS
 
Network Design on cisco packet tracer 6.0
Network Design on cisco packet tracer 6.0Network Design on cisco packet tracer 6.0
Network Design on cisco packet tracer 6.0
 
CampusSDN2017 - Jawdat: SDN Technology Evolvement
CampusSDN2017 - Jawdat: SDN Technology EvolvementCampusSDN2017 - Jawdat: SDN Technology Evolvement
CampusSDN2017 - Jawdat: SDN Technology Evolvement
 
PLNOG16: Bezpieczeństwo w sieci operatora, Sebastian Pasternacki
PLNOG16: Bezpieczeństwo w sieci operatora, Sebastian PasternackiPLNOG16: Bezpieczeństwo w sieci operatora, Sebastian Pasternacki
PLNOG16: Bezpieczeństwo w sieci operatora, Sebastian Pasternacki
 
Network State Awareness & Troubleshooting
Network State Awareness & TroubleshootingNetwork State Awareness & Troubleshooting
Network State Awareness & Troubleshooting
 
DPDK layer for porting IPS-IDS
DPDK layer for porting IPS-IDSDPDK layer for porting IPS-IDS
DPDK layer for porting IPS-IDS
 
Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1
 
Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1
 
Chapter14ccna
Chapter14ccnaChapter14ccna
Chapter14ccna
 
AAA Implementation
AAA ImplementationAAA Implementation
AAA Implementation
 
Cisco Router Security
Cisco Router SecurityCisco Router Security
Cisco Router Security
 
Cloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPFCloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPF
 
Contrail Enabler for agile cloud services
Contrail Enabler for agile cloud servicesContrail Enabler for agile cloud services
Contrail Enabler for agile cloud services
 
NFV Orchestration for Optimal Performance
NFV Orchestration for Optimal PerformanceNFV Orchestration for Optimal Performance
NFV Orchestration for Optimal Performance
 
High availability deep dive high-end srx series
High availability deep dive high-end srx seriesHigh availability deep dive high-end srx series
High availability deep dive high-end srx series
 
OSN days 2019 - Open Networking and Programmable Switch
OSN days 2019 - Open Networking and Programmable SwitchOSN days 2019 - Open Networking and Programmable Switch
OSN days 2019 - Open Networking and Programmable Switch
 
Intro to router_config
Intro to router_configIntro to router_config
Intro to router_config
 
Cisco ios order of operation
Cisco ios order of operationCisco ios order of operation
Cisco ios order of operation
 
How to convert your Linux box into Security Gateway - Part 1
How to convert your Linux box into Security Gateway - Part 1How to convert your Linux box into Security Gateway - Part 1
How to convert your Linux box into Security Gateway - Part 1
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data plane
 

More from Conferencias FIST

Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceConferencias FIST
 
Las Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseLas Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseConferencias FIST
 
Evolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiEvolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiConferencias FIST
 
El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security ForumConferencias FIST
 
Inseguridad en Redes Wireless
Inseguridad en Redes WirelessInseguridad en Redes Wireless
Inseguridad en Redes WirelessConferencias FIST
 
Mas allá de la Concienciación
Mas allá de la ConcienciaciónMas allá de la Concienciación
Mas allá de la ConcienciaciónConferencias FIST
 
Riesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloRiesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloConferencias FIST
 
Demostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseDemostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseConferencias FIST
 
IDS with Artificial Intelligence
IDS with Artificial IntelligenceIDS with Artificial Intelligence
IDS with Artificial IntelligenceConferencias FIST
 

More from Conferencias FIST (20)

Seguridad en Open Solaris
Seguridad en Open SolarisSeguridad en Open Solaris
Seguridad en Open Solaris
 
Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open Source
 
Seguridad en Windows Mobile
Seguridad en Windows MobileSeguridad en Windows Mobile
Seguridad en Windows Mobile
 
SAP Security
SAP SecuritySAP Security
SAP Security
 
Que es Seguridad
Que es SeguridadQue es Seguridad
Que es Seguridad
 
Network Access Protection
Network Access ProtectionNetwork Access Protection
Network Access Protection
 
Las Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseLas Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática Forense
 
Evolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiEvolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFi
 
El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security Forum
 
Criptografia Cuántica
Criptografia CuánticaCriptografia Cuántica
Criptografia Cuántica
 
Inseguridad en Redes Wireless
Inseguridad en Redes WirelessInseguridad en Redes Wireless
Inseguridad en Redes Wireless
 
Mas allá de la Concienciación
Mas allá de la ConcienciaciónMas allá de la Concienciación
Mas allá de la Concienciación
 
PKI Interoperability
PKI InteroperabilityPKI Interoperability
PKI Interoperability
 
Wifislax 3.1
Wifislax 3.1Wifislax 3.1
Wifislax 3.1
 
Riesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloRiesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el Desarrollo
 
Demostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseDemostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis Forense
 
Security Maturity Model
Security Maturity ModelSecurity Maturity Model
Security Maturity Model
 
IDS with Artificial Intelligence
IDS with Artificial IntelligenceIDS with Artificial Intelligence
IDS with Artificial Intelligence
 
Continuidad de Negocio
Continuidad de NegocioContinuidad de Negocio
Continuidad de Negocio
 
Esteganografia
EsteganografiaEsteganografia
Esteganografia
 

Recently uploaded

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 

Recently uploaded (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

Cisco Equipment Security

  • 1. Seguridad en los elementos de red Cisco © Rafael Vida, 2004
  • 2. Index (I) ♦ Introducción – General Situation • Routers • Security Policy • Purpose of a router • Basic Router Functional Architecture – Protecting the Network with the Router
  • 3. Index (II) ♦ Protecting the Router Itself – Attacks on Routers – Managing the Router • SNMP • SSH – Security Policy for Cisco Routers ♦ Implementing Security: E-Policy – AAA • Remote Access • Logins, Privileges, Passwords, and Accounts
  • 4. Index (III) ♦ Filtering – ACL – ACR ♦ RAT (Router Audit Tool)
  • 6. Introduction ♦ Purpose of a router – Directing packets, roting protocols – Filtering:ACL – Modifing packet´s headers: NAT, PAT. ♦ Hardware – CPU, Memory: • RAM, NVRAM, Flash, and ROM (PROM, EEPROM) • ROM, NVRAM. – Does Not have Hard disk, floppy, CDROM, etc.
  • 7. Introduction Network Network Networ Network Network Networ 00 11 ... kknn Interface 0 Interface 1 Interface n ... Routing Fabric CPU Conf Router Consola
  • 9. Security Policy ♦ Router Security Layers Physical access Electrical Access Physical Integrity Administrative Access Core Static Configuration Software Access Routing Protocolos Dynamic Configuration Management Protocols Access to the networks that the Network traffic router Serves
  • 10. Security Policy: Checklist ♦ Physical Security – Who is autorized to install, de-instal, move, etc. – Making physical connections to the router • Console and direct ports • Recovery procedures ♦ Static Configuration – Who is authorized to log into the router – Roles – Password Policy – Log policy – Porcedures and limits of use
  • 11. Security Policy: Checklist ♦ Dynamic Configuration Security – Services permited in the router – Routing protoclos, clock (NTP) – Procedures in key agreement and cryptographic algorithms ♦ Compromise Response – ITO?, Netcool?, ... – Response procedures, authorities, and objectives for response after a successful attack against the network – Law
  • 12. Security Policy: Checklist ♦ Network Service Security – Procedures and roles for interactions with external service providers and maintenance technicians – Protocols, ports, services, etc Internet DMZ Management
  • 14. Protecting the networks ♦ Router Clasification by funcionality – Internal Routers – Backbone – Border (EDCs)
  • 15. Protecting the router: Attacks ♦ Unauthorized access ♦ Session hijacking ♦ Rerouting ♦ Dos ♦ Ddos (!) ♦ SNMP attacks
  • 16. Protecting the router: Managing Política de FW por Centro de FW Adminstrado Gestión por Cliente Centro de Gestión local LAN_Cliente FW_Cliente FW_CGP Punto Central EDCs PVCs Servicio Gestión Local EDCs Accounting entre EDCs y CGP TACACS+, Telnet, TFTP,SNMP,... Trafico entre EDCs y FW Gestión Central SNMP, Syslog, ICMP,... Trafico entre CGP y Gestión Central SSH, Ofimática, Vantive,... Centro de Gestión Central
  • 17. Protecting the router: Managing ♦ Local access only for Emergency. Audit. ♦ Telnet (?!) ó SSH ♦ SNMP access. – Limit the connections, ACLs ♦ AAA: – Logging and Accounting: Tacacs+ – Auditing – Authorizing
  • 19. Router Access Security ♦ Physical Security ♦ Software Upgrade – Minimun 12.0.* – Recommended 12.0.9 ♦ Virtual interfaces: loopback Central# config t Enter configuration commands, one per line. End with CNTL/Z. Central(config)# interface loopback0 Central(config-if)# description Main loopback interface Central(config-if)# ip address 14.2.11.250 255.255.255.255 Central(config-if)# end Central#
  • 20. Login Banners and motd ♦ Banner – No Network architecture information and router configuration details – AVISO: ha accedido a un sistema propiedad de TELEFONICA. Necesita tener autorización antes de usarlo, estando usted estrictamente limitado al uso indicado en dicha autorización. El acceso no autorizado a este sistema o el uso indebido del mismo está prohibido y es contrario a la Política Corporativa de Seguridad y a la legislación vigente. Si usted revela información interna de TELEFONICA o de sus clientes sin previa autorización podrá estar incurriendo en una violación de la Normativa Corporativa, que podría incluso suponer la posible comisión de un delito o falta.
  • 21. Login ♦ Console Central# config t Enter configuration commands, one per line. End with CNTL/Z. Central(config)# line con 0 Central(config-line)# transport input none Central(config-line)# login local Central(config-line)# exec-timeout 5 0 Central(config-line)# exit Central(config)# ♦ VTYs and Remote Administration ♦ Privileges, 16 levels ♦ Diferents Accounts ♦ service password-encryption – ! SNMP, Radius, TACACS+, NTP, PEER auth. Keys. ♦ Auxiliary port disabled
  • 22. Remote Access 1. No Remote: administration is performed on the console only. 2. Remote Internal only with AAA: administration can be performed on the router from a trusted internal network only, and AAA is used for access control. 3. Remote Internal only: administration can be performed on the router from the internal network only. 4. Remote External with AAA: administration can be performed with both internal and external connections and uses AAA for access control. 5. Remote External: administration can be performed with both internal and external connections.
  • 23. AAA ♦ Authentication – With SSH or IPsec ♦ Authorization – Command by command. All not allowed is denied. ♦ Acounting – Forensic Analisys ♦ Keep the running configuration and startup configuration syncronized ♦ TFTP is dead
  • 25. Access Control List ♦ access-list list-number {deny | permit} source [source-wildcard] [log] ♦ access-list list-number {deny | permit} protocol source source-wildcard source-qualifiers destination destination-wildcard destination- qualifiers [ log | log-input]
  • 26. Defense ♦ Spoofing – ACL ♦ TCP SYN Attack East(config)# ip tcp intercept list 107 East(config)# access-list 107 permit tcp any 14.2.6.0 0.0.0.255 East(config)# access-list 107 deny ip any any log East(config)# interface eth 0/0 East(config-if)# description "External 10mb ethernet interface" East(config-if)# ip access-group 107 in
  • 27. Defense ♦ LandAttack East(config)# access-list 100 deny ip host 14.1.1.20 host 14.1.1.20 log East(config)# access-list 100 permit ip any any East(config)# interface eth0/0 East(config-if)# description External interface to 14.1.0.0/16 East(config-if)# ip address 14.1.1.20 255.255.0.0 East(config-if)# ip access-group 100 in East(config-if)# exit ♦ Smurf East(config)# access-list 110 deny ip any host 14.2.6.255 log East(config)# access-list 110 deny ip any host 14.2.6.0 log East(config)# interface interface eth0/0 East(config-if)# ip access-group 110 in East(config-if)# exit
  • 28. Defense ♦ DDOS – ! the TRINOO DDoS systems access-list 170 deny tcp any any eq 27665 log access-list 170 deny udp any any eq 31335 log access-list 170 deny udp any any eq 27444 log – ! the Stacheldraht DDoS system access-list 170 deny tcp any any eq 16660 log access-list 170 deny tcp any any eq 65000 log – ! the TrinityV3 system access-list 170 deny tcp any any eq 33270 log access-list 170 deny tcp any any eq 39168 log – ! the Subseven DDoS system and some variants access-list 170 deny tcp any any range 6711 6712 log access-list 170 deny tcp any any eq 6776 log access-list 170 deny tcp any any eq 6669 log access-list 170 deny tcp any any eq 2222 log access-list 170 deny tcp any any eq 7000 log
  • 29. Committed Access Rate ♦ rate-limit {input | output} [access-group [rate-limit] acl] token-bit-rate burst-normal-size burst-excess-size conform-action action exceed-action action ♦ north(config)# no access-list 160 north(config)# access-list 160 deny tcp any any established north(config)# access-list 160 permit tcp any any syn north(config)# interface eth0/0 north(config-if)# rate-limit input access-group 160 64000 8000 8000 conform-action transmit exceed-action drop north(config-if)# end
  • 30. RAT been added to Level 2 ♦SSH has ♦ The user is given a choice between telnet and SSH ♦ Separate Access Control Lists used for telnet and SSH ♦ "exec-timeout" increased to 10 minutes ♦ Comments about password resuse added ♦ Level 2 authentication now requires a local username ♦ The prohibition against local usernames in Level 2 was removed ♦ "no ip proxy-arp" moved to Level 2 ♦ Allow egress filters to be applies on internal interfaces ♦ Documented preference for SNMP V3 if SNMP is used ♦ Rule to forbid SNMP without an ACL moved to Level 1 ♦ Loopback rules refer user to local policy ♦ Timestamp debug rule added to Level 1 ♦ Added a note about line passwords being redundant ♦ User can now specificy AAA name-list variable ("default", "local_auth" ...). This was needed to support 12.3's "auto-secure" feature ♦ Exec timeout is now a maximum value for all lines (con 0, aux 0), not an exact value. This allows the rules to accommodate settings that are shorter/more restrictive without flagging an error
  • 32. References ♦ Books ♦ Papers – Albritton, J. Cisco IOS Essentials, McGraw-Hill, 1999. – “Internetworking Technology – Ballew, S.M., Managing IP Networks Overview”, Cisco Systems, with Cisco Routers, O’Reilly 1999.http://www.cisco.com/univer Associates, 1997. cd/cc/td/doc/cisintwk/ito_doc/ – Chappell, L. Introduction to Cisco Router Configuration, Cisco Press, – “OSI Layer 3”, Cisco Systems 1998. Brochure, Cisco Systems, – Chappell, L. (ed.) Advanced Cisco 1997.http://www.cisco.com/warp/p Router Configuration, Cisco Press, ublic/535/2.html 1999. – Perlman, R., Interconnections: Bridges – “TCP/IP”, Cisco Product and Routers, McGraw-Hill, 1992. Overview, Cisco Systems, – Sacket, G., Cisco Router Handbook, 1997.http://www.cisco.com/warp/p McGraw-Hill, 1999. ublic/535/4.html – Held, G. and Hundley, K., Cisco Security Architectures, McGraw-Hill, 1999. – Tannenbaum, A., Computer Networks, 2nd edition, Prentice-Hall, 1998.
  • 33. References ♦ RFCs – Postel, J., “User Datagram Protocol – Fuller, V., Li, T., Varadhan K., and Yu, (UDP)”, RFC 768, 1980. J., “Classless Inter-Domain Routing – Postel, J., “Internet Protocol (IP)”, RFC – (CIDR): an Address Assignment and 791, 1981. Aggregation Strategy”, RFC 1519, – Postel, J., “Transmission Control 1993. Protocol (TCP)”, RFC 793, 1981. – Postel, J. and Braden, R., “Requirements for Internet Gateways”, RFC 1009, 1987. – Socolofsky, T. and Kale, C., “A TCP/IP Tutorial”, RFC 1180, 1991. – Malkin, G. and Parker T.L., “Internet User’s Glossary”, RFC 1392, 1993. – Rekhter, Y. and Li, T., “An Architecture of IP Address Allocation with CIDR”, RFC 1518, 1993.
  • 34. Fin © Rafael Vida, 2004 Cisco-FIST@mixmail.com