THE BASICS The Need for Security The New Reality Designing the Security Infrastructure Identifying Security Risks and Threats Practice Session Security and Audit Checklist Conclusion Understanding OSI and TCP/IP The OSI Model TCP/IP Overview Practice Session Security and Audit Checklist Conclusion Routed and Routing Protocols Routing Activities Routable Protocols Routing Protocols Routing Protocol Basics Practice Session Security and Audit Checklist Conclusion Understanding Router Basics Router Overview Router Modes Router Components Router Status Practice Session Security and Audit Checklist Conclusion Router Management Router Setup Updating the IOS Troubleshooting Logging Recording Access List Violations Log Processing Simple Network Management Protocol (SNMP) Cisco Discovery Protocol Last Word on Management Practice Session Security and Audit Checklist Conclusion PREVENTING UNAUTHORIZED ACCESS: NETWORKING DEVICE Implementing Non-AAA Authentication Authentication Using Router Passwords Configuring Line Password Protection Setting TACACS Passwords for Privileged EXEC Mode Establishing Username Authentication Enabling CHAP or PAP Authentication Configuring TACACS and Extended TACACS Password Protection General Interactive Access Warning Banners and Router Identification Practice Session Security and Audit Checklist Conclusion Implementing AAA Security Services Accessing the Network Defining AAA Selecting Security Servers Practice Session Security and Audit Checklist Conclusion Implementing AAA Authentication Using Method Lists AAA Authentication Methods Configuring Login Authentication Configuring PPP Authentication Configuring ARA Authentication Configuring NASI Authentication Specifying the Amount of Time for Login Input Enabling Password Protection at the Privileged Level Changing the Text Displayed at the Password Prompt Configuring Message Banners for AAA Authentication Practice Session Security and Audit Checklist Conclusion Implementing AAA Authorization Starting with AAA Authorization Understanding AAA Authorization Disabling Authorization for Global Configuration Commands Authorization for Reverse Telnet Authorization Attribute-Value Pairs Practice Session Security and Audit Checklist Conclusion Implementing AAA Accounting Starting with Accounting Configuring Accounting Understanding AAA Accounting Types Applying a Named List Suppress Generation of Accounting Records for Null Username Sessions Generating Interim Accounting Records Monitoring Accounting Practice Session Security and Audit Checklist Conclusion Configuring TACACS and Extended TACACS Breaking Down the Protocols Understanding the TACACS Protocols Configuring TACACS and Extended TACACS Setting TACACS Password Protection at the User Level Setting TACACS Password Protection at the Privileged Level Enabling TACACS and XTACACS for Use Practice Session Security and Audit Checklist Conclusion Configuring TACACS+ Understanding the TACACS+ Protocol Comparing TACACS+ and RADIUS Understanding TACACS+ Operation TACACS+ Configuration Task List Configuring TACACS+ Practice Session Security and Audit Checklist Conclusion Configuring RADIUS RADIUS Overview Understanding RADIUS Operation RADIUS Configuration Task List Configuring RADIUS Practice Session Security and Audit Checklist Conclusion Configuring Kerberos Kerberos Overview Supporting Kerberos Client Configuring the Router to Use the Kerberos Protocol Telneting to the Router Monitoring and Maintaining Kerberos Practice Session Security and Audit Checklist Conclusion PREVENTING UNAUTHORIZED ACCESS: NETWORKING Basic Traffic Filtering I Access List Overview Understanding Access List Configuration Comparing Basic and Advanced Access Lists Creating Access Lists Applying Access Lists to Interfaces Creating and Editing Access List Statements on a TFTP Server Practice Session Security and Audit Checklist Conclusion Basic Traffic Filtering II Extended IP Access Lists Named Access Lists Implementing Routing Policies Monitoring and Verifying Access and Prefix Lists Practice Session Security and Audit Checklist Conclusion Advanced Traffic Filtering I Using Time Ranges Configuring Time-Based Access Using Lock-and-Key Configuring Lock-and-Key Lock-and-Key Configuration Tips Verifying and Maintaining Lock-and-Key Configuration Practice Session Security and Audit Checklist Conclusion Advanced Traffic Filtering II About Reflexive Access Lists Configuring Reflexive Access Lists Example Reflexive Access Lists Configurations About Context-Based Access Control Understanding CBAC How CBAC Works Configuring Context-Based Access Control Practice Session Security and Audit Checklist Conclusion Preventing Network Dat Interception Using Encryption and IKE Code Wars Cisco Encryption Technology CA Interoperability Overview Overview of Certification Authorities Configuring Certification Authority Interoperability Understanding Internet Key Exchange Troubleshooting CA Interoperability and IKE Practice Session Security and Audit Checklist Conclusion Configuring IPSec IPSec Network Security Understanding IPSec Configuring IPSec Practice Session Security and Audit Checklist Conclusion PREVENTING DENIAL OF SERVICE Configuring Denial of Service Security Features Understanding Denial of Service Controlling the Hostile Environment About TCP Intercept Configuring TCP Intercept Monitoring and Maintaining TCP Intercept About Network Address Translation Configuring and Deploying NAT Queuing and Traffic Policing Detecting Unauthorized Configuration Changes Resolving Names Practice Session Security and Audit Checklist Conclusion PREVENTING FRAUDULENT ROUTE UPDATES AND OTHER UNAUTHORIZED CHANGES Configuring Neighbor Authentication and Other Security Features Using Neighbor Authentication Understanding Neighbor Authentication Removing Unnecessary Services Configuring Secure Shell Some Final Guidelines for Configuring a Router Practice Session Security and Audit Checklist Conclusion APPENDICES Appendix A IP Addressing Appendix B Subnetting Appendix C IP Protocol Numbers Appendix D Well-Known Ports and Services Appendix E Hacker, Cracker, Malware and Trojan Horse Ports Appendix F ICMP Types and Codes Appendix G Determining Wildcard Mask Ranges Appendix H Logical Operations Appendix I Helpful Resources Appendix J Bibliography Appendix K Acronyms and Abbreviations Appendix L Glossarymp;lt;BR>Recording Access List Violations Log Processing Simple Network Management Protocol (SNMP) Cisco Discovery Protocol Last Word on Management Practice Session Security and Audit Checklist Conclusion PREVENTING UNAUTHORIZED ACCESS: NETWORKING DEVICE Implementing Non-AAA Authentication Authentication Using Router Passwords Configuring Line Password Protection Setting TACACS Passwords for Privileged EXEC Mode Establishing Username Authentication Enabling CHAP or PAP Authentication Configuring TACACS and Extended TACACS Password Protection General Interactive Access Warning Banners and Router Identification Practice Session Security and Audit Checklist Conclusion Implementing AAA Security Services Accessing the Network Defining AAA Selecting Security Servers Practice Session Security and Audit Checklist Conclusion Implementing AAA Authentication Using Method Lists AAA Authentication Methods Configuring Login Authentication Configuring PPP Authentication Configuring ARA Authentication Configuring NASI Authentication Specifying the Amount of Time for Login Input Enabling Password Protection at the Privileged Level Changing the Text Displayed at the Password Prompt Configuring Message Banners for AAA Authentication Practice Session Security and Audit Checklist Conclusion Implementing AAA Authorization Starting with AAA Authorization Understanding AAA Authorization Disabling Authorization for Global Configuration Commands Authorization for Reverse Telnet Authorization Attribute-Value Pairs Practice Session Security and Audit Checklist Conclusion Implementing AAA Accounting Starting with Accounting Configuring Accounting Understanding AAA Accounting Types Applying a Named List Suppress Generation of Accounting Records for Null Username Sessions Generating Interim Accounting Records Monitoring Accounting Practi.
Securing and Controlling Cisco Routers