Đang chuẩn bị liên kết để tải về tài liệu:
Lecture Ethernet LANs: Understanding Switch Security
Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
The main contents of this chapter include all of the following: The first level of security is physical, passwords can be used to limit access to users that have been given the password, the login banner can be used to display a message before the user is prompted for a username,. | Ethernet LANs Understanding Switch Security Common Threats to Physical Installations Hardware threats Environmental threats Electrical threats Maintenance threats Configuring a Switch Password Layer 2 of 2 Emphasize: The router has one enable password. Remember that this is your only protection. Whoever owns this password can do anything with the router, so be careful about communicating this password to others. To provide an additional layer of security, particularly for passwords that cross the network or are stored on a TFTP server, you can use either the enable password or enable secret commands. Both commands accomplish the same thing; that is, they allow you to establish an encrypted password that users must enter to access enable mode (the default), or any privilege level you specify. Cisco recommends that you use the enable secret command because it uses an improved encryption algorithm. Use the enable password command only if you boot an older image of the Cisco IOS software, | Ethernet LANs Understanding Switch Security Common Threats to Physical Installations Hardware threats Environmental threats Electrical threats Maintenance threats Configuring a Switch Password Layer 2 of 2 Emphasize: The router has one enable password. Remember that this is your only protection. Whoever owns this password can do anything with the router, so be careful about communicating this password to others. To provide an additional layer of security, particularly for passwords that cross the network or are stored on a TFTP server, you can use either the enable password or enable secret commands. Both commands accomplish the same thing; that is, they allow you to establish an encrypted password that users must enter to access enable mode (the default), or any privilege level you specify. Cisco recommends that you use the enable secret command because it uses an improved encryption algorithm. Use the enable password command only if you boot an older image of the Cisco IOS software, or if you boot older boot ROMs that do not recognize the enable secret command. If you configure the enable secret password, it is used instead of the enable password, not in addition to it. Cisco supports password encryption. Turn on password encryption using the service password-encryption command. Then enter the desired passwords for encryption. Immediately, on the next line, enter the no service password-encryption command. Only those passwords that are set between the two commands will be encrypted. If you enter service password-encryption and then press Ctrl-Z to exit, all passwords will be encrypted. Note: Password recovery is not covered in the course materials. Refer the students to the IMCR class. Configuring the Login Banner Defines and enables a customized banner to be displayed before the username and password login prompts. SwitchX# banner login " Access for authorized users only. Please enter your username and password. " Telnet vs. SSH Access Telnet Most common access