Scribd Logo
Carica

Benvenuto in Scribd!

  • Capitulo II

    Caricato da

    Alejandra Marin
    34 visualizzazioni4 pagine

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formati disponibili

    TXT, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato TXT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    34 visualizzazioni4 pagine

    Capitulo II

    Caricato da

    Alejandra Marin

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato TXT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 4

    *Interfaz de lnea de comandos (command-line interface - (CLI) *Administrador de Routers y Dispositivos de Seguridad de Cisco (Cisco Router and Security

    Device Manager -SDM). *Secure Shell (SSH) *Protocolo de Administracin de Redes Simple (Simple Network Management Protocol SNMP) *Protocolo de Tiempo de Red (Network Time Protocol - NTP) Nota: Este captulo tambin examina la funcin onestep lockdown del Cisco SDM y el comando auto secure, que puede ser utilizado para automatizar las tareas de hardening de dispositivos. *zona desmilitarizada (demilitarized zone - DMZ) *Servidor de Control de Acceso Seguro de Cisco (ACS) *autenticacin, autorizacin y registro de auditora (authentication, authorization, a nd accounting - AAA) *algoritmo Rivest, Shamir, and Adleman (RSA) *claves Diffie-Hellman y el cdigo de autenticacin de mensajes (message authenticat ion code - MAC) *Cdigo de Autenticacin de Mensaje Difuso (Hashed Message Authentication Code - HMA C) *Mtodo de Algoritmos de Difusin Seguros (Secure Hash Algorithms - SHA) *Algoritmos de Estndar de Cifrado de Datos (Data Encryption Standard - DES) *DES Triple (3DES) *Estndar de Cifrado Avanzado (Advanced Encryption Standard - AES) *Protocolo de Descubrimiento de Cisco (Cisco Discovery Protocol -CDP) *Descarte de Paquetes Selectivo (Selective Packet Discard -SPD)

    Seguridad de Clave line vty 0 4 pass Bbr23z19.I login login local exec-timeout 3 30 transport input ssh exit service password-encryption

    CONF T username ADMIN password Bbr23z19.I line 0 login local exit login block-for 15 attempts 5 within 60 ip access-list standard PERMIT-ADMIN remark permit only administrative hosts permit 192.168.1.2 permit 192.168.2.2 login quiet-mode access-class PERMIT-ADMIN login delay 10 login on-success log login on-failure log

    EXIT show login show login failures

    ip domain-name span.com crypto key generate rsa general-keys modulus 1024 exit

    Configuracion de SSH ip ssh version 2 ip ssh time-out 60 ip ssh authentication-retries 2

    R1#show ssh PARA REVISAR DESDE EL ROUTER LA SECCION R1#SSH-L BOD 192.168.1.2

    PRIVILEGIOS DE CUENTA DE USUSARIOS username USER privilege 1 secret cisco privilige exec level 5 ping enable secret level 5 cisco5 username SUPPORT privilege 5 secret cisco5 privilige exec level 10 reload enable secret level 10 cisco10 username JR-ADMIN privilege 10 secret cisco10 username ADMIN privilege 15 secret cisco123 COMANDO DE VISTA CLI aaa new-model parser view nombre secret cisco commands exec include show exit parser view nombre secret cisco commands exec include ping exit parser view nombre secret cisco

    commands exec include reload exit SUPER VISTA parser view nombre SUPERVIEW secret cisco view nombre de las vistas creadas exit CONFIGURACION GLOBAL RESISTENTE DEL IOS DE CISCO secure boot-image secure boot-config no service password-recovery CONFIGURACION DE SYSLOG logging logging logging logging host 10.2.2.6 trap infrmational source-interface loopback 0 on

    CONFIGURACION NTP R2 conf t ntp server 10.10.10.1 end show clock show ntp status R1 conf t ntp master 1 end show clock AUTENTICACION DE NTP R1 conf t ntp authenticate ntp authentication-key 1 md5 cisco123 ntp trusted-key 1 end R2 show ntp associations detail conf t ntp authenticate ntp authentication-key 1 md5 cisco123 ntp trusted-key 1 end show ntp associations detail include 10.10.10.1 CONFIGURACION DE SEGURIDAD DE ROUTER

    auto secure yes auto secure ? CONFIGURACION Locking down a router using SDM

    Potrebbero piacerti anche