Chapter 2: Securing Network Devices

Instructor Materials – Chapter 2: Securing Network Devices

Chapter Outline:

2.0 Introduction
2.1 Securing Device Access
2.2 Assigning Administrative Roles
2.3 Monitoring and Managing Devices
2.4 Using Automated Security Features
2.5 Securing the Control Plane
2.6 Summary

Section 2.1: Securing Device Access

Topic 2.1.1: Securing the Edge Router

  • Securing the Network Infrastructure
  • Edge Router Security Approaches
  • Three Areas of Router Security
  • Secure Administrative Access
  • Secure Local and Remote Access

Topic 2.1.2: Configuring Secure Administrative Access

  • Strong Passwords
  • Increasing Access Security
  • Secret Password Algorithms
  • Securing Line Access

Topic 2.1.3: Configuring Enhanced Security for Virtual Logins

  • Enhancing the Login Process
  • Configuring Login Enhancement Features
  • Enable Login Enhancements
  • Logging Failed Attempts

Topic 2.1.4: Configuring SSH

  • Steps for Configuring SSH
  • Modifying the SSH Configuration
  • Connecting to an SSH-Enabled Router

Section 2.2: Assigning Administrative Roles

Topic 2.2.1: Configuring Privilege Levels

  • Limiting Command Availability
  • Privilege Level Syntax
  • Configuring and Assigning Privilege Levels
  • Limitations of Privilege Levels

Topic 2.2.2: Configuring Role-Based CLI

  • Role-Based CLI Access
  • Role-Based Views
  • Configuring Role-Based Views
  • Configuring Role-Based CLI Superviews
  • Verify Role-Based CLI Views

Section 2.3: Monitoring and Managing Devices

Topic 2.3.1: Securing Cisco IOS Image and Configuration Files

  • Cisco IOS Resilient Configuration Feature
  • Enabling the IOS Image Resilience Feature
  • The Primary Bootset Image
  • Configuring Secure Copy
  • Recovering a Router Password
  • Password Recovery

Topic 2.3.2: Secure Management and Reporting

  • Determining the Type of Management Access
  • Out-of-Band and In-Band Access

Topic 2.3.3: Using Syslog for Network Security

  • Introduction to Syslog
  • Syslog Operation
  • Syslog Message
  • Syslog Systems
  • Configuring System Logging

Topic 2.3.4: Using SNMP for Network Security

  • Introduction to SNMP
  • Management Information Base
  • SNMP Versions
  • SNMP Vulnerabilities
  • SNMPv3
  • Configuring SNMPv3 Security
  • Secure SNMPv3 Configuration Example
  • Verifying the SNMPv3 Configuration

Topic 2.3.5: Using NTP

  • Network Time Protocol
  • NTP Server
  • NTP Authentication

Section 2.4: Using Automated Security Features

Topic 2.4.1: Performing a Security Audit

  • Discovery Protocols CDP and LLDP
  • Settings for Protocols and Services

Topic 2.4.2: Locking Down a Router Using AutoSecure

  • Cisco AutoSecure
  • Using the Cisco AutoSecure Feature
  • Using the auto secure Command

Section 2.5: Securing the Control Plane

Topic 2.5.1: Routing Protocol Authentication

  • Routing Protocol Spoofing
  • OSPF MD5 Routing Protocol Authentication
  • OSPF SHA Routing Protocol Authentication

Topic 2.5.2: Control Plane Policing

  • Network Device Operations
  • Control and Management Plane Vulnerabilities
  • CoPP Operation

Section 2.6: Summary

Chapter Objectives:

  • Configure secure administrative access.
  • Configure command authorization using privilege levels and role-based CLI.
  • Implement the secure management and monitoring of network devices.
  • Use automated features to enable security on IOS-based routers.
  • Implement control plane security.


Leave a Reply

Time limit is exhausted. Please reload the CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.