verify that timestamps for debugging and logging messages has been enabled. verify the severity...
TRANSCRIPT
• Verify that timestamps for debugging and logging messages has been enabled.
• Verify the severity level of events that are being captured.
• Verify that the source interface command has been configured.
• Verify the IP address of the syslog server.
• ACLs• Routing Protocol Authentication• CDP• VLANs• Switchport Security• VTP• DTP
• Cisco IOS uses access control lists to separate data traffic into that which it will process (permitted packets) and that which it will not process (denied packets).
• Cisco routers makes very heavy use of access lists:
• restrict access to services
• filter traffic passing through the router.
• An ACL is a sequential list of permit or deny statements that apply to addresses or upper-layer protocols.
• Static packet filtering controls access to a network by analyzing the incoming and outgoing packets
• By default, a router does not have any ACLs configured and therefore does not filter traffic.
• Standard ACLs - Allow you to filter traffic based on source IP address.
• Extended ACLs filter IP packets based on:
• Protocol type,
• Source IP address,
• Destination IP address
• TCP or UDP ports.
• Extended ACLs are used for more precise traffic-filtering control and are used more often than standard ACLs to provide a greater range of control.
• ICMP Packet Filtering - filter ICMP messages by name or type and code.
• Filter IP Fragments – Fragmentation is often used in attempts to evade detection by intrusion detection systems, deny IP fragments.
• Anti IP Address Spoofing – Deny any inbound IP packet that contains a source address from the internal network.
• Smurf Attack - deny packets destined for broadcast addresses.