(2010) [.Cisco Press.] CCNA Security Lab Manual, Informatyka, Courseware
[ Pobierz całość w formacie PDF ]
CCNA Security
Lab Manual
Cisco Networking Academy
Cisco Press
800 East 96th Street
Indianapolis, Indiana 46240 USA
CCNA Security Lab Manual
Cisco Networking Academy
Copyright© 2010 Cisco Systems, Inc.
Published by:
Cisco Press
800 East 96th Street
Indianapolis, IN 46240 USA
All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or by any information storage and retrieval system, without written
permission from the publisher, except for the inclusion of brief quotations in a review.
Printed in the United States of America
First Printing August 2009
Library of Congress Cataloging-in-Publication Data available upon request.
ISBN-13: 978-1-58713-249-0
ISBN-10: 1-58713-249-4
Warning and Disclaimer
This book is designed to provide information about networking. Every effort has been made to make this book as complete and as accurate as possible,
but no warranty or fitness is implied.
The information is provided on an "as is" basis. The authors, Cisco Press, and Cisco Systems, Inc. shall have neither liability nor responsibility to any
person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the discs or programs that
may accompany it.
The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc.
Trademark Acknowledgments
All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Cisco Press or Cisco Systems,
Inc., cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or
service mark.
ii
Feedback Information
At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book is crafted with
care and precision, undergoing rigorous development that involves the unique expertise of members from the
professional technical community.
Readers' feedback is a natural continuation of this process. If you have any comments regarding how we could improve
the quality of this book, or otherwise alter it to better suit your needs, you can contact us through email at
feedback@ciscopress.com. Please make sure to include the book title and ISBN in your message.
We greatly appreciate your assistance.
Publisher
Paul Boger
Associate Publisher
Dave Dusthimer
Cisco Representative
Erik Ullanderson
Cisco Press Program Manager
Anand Sundaram
Executive Editor
Mary Beth Ray
Managing Editor
Patrick Kanouse
Editorial Assistant
Vanessa Evans
Cover Designer
Louisa Adair
Proofreader
Apostrophe Editing Services
Americas Headquarters
Cisco Systems, Inc.
San Jose, CA
Asia Pacific Headquarters
Cisco Systems (USA) Pte. Ltd.
Singapore
Europe Headquarters
Cisco Systems International BV
Amsterdam, The Netherlands
Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.
CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, the Cisco logo, DCE, and Welcome to the Human Network are trademarks.; Changing the Way We Work, Live, Play, and Learn is a service mark; and
Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems,
Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS,
iPhone, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MGX, Networkers, Networking Academy, Network Registrar, PCNow,
PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of
Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0805R)
iii
Contents
Chapter 1: Lab A: Researching Network Attacks and Security Audit Tools......................................................................................................1
Part 1. Researching Network Attacks ....................................................................................................................................................................2
Part 2. Researching Security Audit Tools ..............................................................................................................................................................3
Chapter 2: Lab A: Securing the Router for Administrative Access.....................................................................................................................5
Part 1. Basic Router Configuration.........................................................................................................................................................................7
Part 2. Control Administrative Access for Routers.................................................................................................................................................8
Part 3. Configure Administrative Roles ................................................................................................................................................................17
Part 4. Configure IOS Resilience and Management Reporting...........................................................................................................................21
Part 5. Configure Automated Security Features ..................................................................................................................................................32
Chapter 3: Lab A" Securing Administrative Access Using AAA and RADIUS ................................................................................................46
Part 1. Basic Network Device Configuration ........................................................................................................................................................48
Part 2. Configure Local Authentication.................................................................................................................................................................50
Part 3. Configure Local Authentication Using AAA on R3...................................................................................................................................52
Part 4. Configure Centralized Authentication Using AAA and RADIUS..............................................................................................................59
Chapter 4: Lab A: Configuring CBAC and Zone-Based Firewalls .....................................................................................................................72
Part 1. Basic Router Configuration.......................................................................................................................................................................74
Part 2. Configuring a Context-Based Access Control (CBAC) Firewall ..............................................................................................................82
Part 3. Configuring a Zone-Based Firewall (ZBF) Using SDM............................................................................................................................92
Chapter 5: Lab A: Configuring an Intrusion Prevention System (IPS) Using the CLI and SDM ..................................................................105
Part 1. Basic Router Configuration.....................................................................................................................................................................107
Part 2. Configuring IPS Using the Cisco IOS CLI ..............................................................................................................................................109
Part 3. Configuring IPS using SDM ....................................................................................................................................................................123
Chapter 6: Lab A: Securing Layer 2 Switches....................................................................................................................................................140
Part 1. Basic Device Configuration.....................................................................................................................................................................142
Part 2. SSH Configuration ..................................................................................................................................................................................143
Part 3. Secure Trunks and Access Ports ...........................................................................................................................................................147
Part 4. Configure SPAN and Monitor Traffic ......................................................................................................................................................157
Chapter 7: Lab A: Exploring Encryption Methods .............................................................................................................................................169
Part 1. (Optional) Build the Network and Configure the PCs ............................................................................................................................170
Part 2. Decipher a Pre-encrypted Message Using the Vigenere Cipher ..........................................................................................................170
Part 3. Create a Vigenere Cipher Encrypted Message and Decrypt It .............................................................................................................172
Part 4. Use Steganography to Embed a Secret Message in a Graphic............................................................................................................174
Chapter 8: Lab A: Configuring a Site-to-Site VPN Using Cisco IOS and SDM...............................................................................................177
Part 1. Basic Router Configuration.....................................................................................................................................................................179
Part 2. Configure a Site-to-Site VPN with Cisco IOS.........................................................................................................................................181
Part 3. Configure a Site-to-Site IPsec VPN with SDM.......................................................................................................................................191
Chapter 8: Lab B: Configuring a Remote Access VPN Server and Client ......................................................................................................206
Part 1. Basic Router Configuration.....................................................................................................................................................................208
Part 2. Configuring a Remote Access VPN .......................................................................................................................................................210
Chapter 8: Lab C (Optional): Configuring a Remote Access VPN Server and Client ...................................................................................232
Part 1. Basic Router Configuration.....................................................................................................................................................................234
Part 2. Configuring a Remote Access VPN .......................................................................................................................................................236
Chapter 9: Lab A: Security Policy Development and Implementation............................................................................................................255
Part 1. Create a Security Policy..........................................................................................................................................................................258
Part 2. Basic Network Device Configuration (Chapters 2 and 6) ......................................................................................................................263
Part 3. Secure Network Routers.........................................................................................................................................................................264
Part 4. Secure Network Switches (Chapter 6) ...................................................................................................................................................279
Part 5. Configuring VPN Remote Access...........................................................................................................................................................284
iv
About This Lab Manual
The only authorized Lab Manual for the Cisco Networking Academy CCNA Security course
The Cisco® Networking Academy® course on CCNA® Security provides a next step for students who
want to expand their CCNA-level skill set to prepare for a career in network security. The CCNA
Security course also prepares students for the Implementing Cisco IOS® Network Security (IINS)
certification exam (640-553), which leads to the CCNA Security certification.
The CCNA Security Lab Manual provides you with all 11 labs from the course designed as hands-on
practice to master the knowledge and skills needed to prepare for entry-level security specialist careers.
All the hands-on labs in the course can be completed on actual physical equipment or in conjunction
with the NDG NETLAB+® solution. For current information on labs compatible with NETLAB+® go
Through procedural, skills integration challenges, troubleshooting, and model building labs, this CCNA
Security course aims to develop your in-depth understanding of network security principles as well as
the tools and configurations used.
Command Syntax Conventions
The conventions used to present command syntax in this book are the same conventions used in the IOS Command
Reference. The Command Reference describes these conventions as follows:
•
Boldface
indicates commands and keywords that are entered literally as shown. In actual
configuration examples and output (not general command syntax), boldface indicates commands that
are manually input by the user (such as a
show
command).
•
Italic
indicates arguments for which you supply actual values.
•
Vertical bars (|) separate alternative, mutually exclusive elements.
•
Square brackets ([ ]) indicate an optional element.
•
Braces ({ }) indicate a required choice.
•
Braces within brackets ([{ }]) indicate a required choice within an optional element.
v
[ Pobierz całość w formacie PDF ]