tailieunhanh - Lecture CCNA security partner - Chapter 4: Securing the Management Plane on Cisco IOS Devices and AAA
This chapter describes how to securely implement the management and reporting features of Cisco IOS devices. It discusses technologies surrounding network management, such as syslog, Network Time Protocol, Secure Shell, and Simple Network Management Protocol. | Securing the Management Plane on Cisco IOS Devices and AAA 1 This chapter describes how to securely implement the management and reporting features of Cisco IOS devices. More precisely, it discusses the following: • Technologies used in secure management and reporting, such as syslog, Network Time Protocol (NTP), Secure Shell (SSH), and Simple Network Management Protocol version 3 (SNMPv3). • Proper password configuration, management, and password recovery procedures and how to safeguard a copy of the operating system and configuration file with the use of authentication, authorization, and accounting (AAA) both locally and on an external database. • The use and configuration of Cisco Secure Access Control Server (ACS) as an external AAA database • Secure management and reporting, as well as AAA, from both the command-line interface (CLI) and from Cisco Configuration Professional (CCP). Contents Remote access typically involves allowing Telnet, Secure Shell (SSH), HTTP, HTTPS, or . | Securing the Management Plane on Cisco IOS Devices and AAA 1 This chapter describes how to securely implement the management and reporting features of Cisco IOS devices. More precisely, it discusses the following: • Technologies used in secure management and reporting, such as syslog, Network Time Protocol (NTP), Secure Shell (SSH), and Simple Network Management Protocol version 3 (SNMPv3). • Proper password configuration, management, and password recovery procedures and how to safeguard a copy of the operating system and configuration file with the use of authentication, authorization, and accounting (AAA) both locally and on an external database. • The use and configuration of Cisco Secure Access Control Server (ACS) as an external AAA database • Secure management and reporting, as well as AAA, from both the command-line interface (CLI) and from Cisco Configuration Professional (CCP). Contents Remote access typically involves allowing Telnet, Secure Shell (SSH), HTTP, HTTPS, or Simple Network Management Protocol (SNMP) connections to the Cisco IOS device from a computer on the same subnet or a different subnet. Configuring Secure Administration Access Dedicated Management Network It is preferable to allow only local access to the Cisco IOS device because some remote-access protocols, such as Telnet, send the data, including usernames and passwords, to the network device in plaintext. If remote access is required, it is recommended that you apply one of the following options: • Establish a dedicated management network as shown in Figure 4-1. The management network should include only identified administration hosts and connections to a dedicated interface on the router. • Encrypt all the traffic between the administrator computer and the router. 4 Configuring an SSH Daemon for Secure Management Access Step 1: Configure the IP domain name. Step 2: Generate one-way secret RSA keys. Step 3: Create a local database username entry. Step 4: Enable VTY inbound SSH .
đang nạp các trang xem trước
