SlideShare a Scribd company logo

Expl sw chapter_02_switches_part_2

Download as PPT, PDF
A
aghacrom
Technology
1 of 27
CCNA3-1 Chapter 2-2 Switch Concepts and ConfigurationSwitch Concepts and Configuration Configuring Switch SecurityConfiguring Switch Security PasswordsPasswordsPasswordsPasswords EncryptionEncryptionEncryptionEncryption ConsoleConsoleConsoleConsole Telnet / SSHTelnet / SSHTelnet / SSHTelnet / SSH Password RecoveryPassword RecoveryPassword RecoveryPassword Recovery MAC Address FloodingMAC Address FloodingMAC Address FloodingMAC Address Flooding Spoofing AttacksSpoofing AttacksSpoofing AttacksSpoofing Attacks CDP AttacksCDP AttacksCDP AttacksCDP Attacks Telnet AttacksTelnet AttacksTelnet AttacksTelnet Attacks Security ToolsSecurity ToolsSecurity ToolsSecurity Tools Port SecurityPort SecurityPort SecurityPort Security
CCNA3-2 Chapter 2-2 • HostnameHostname:: Pemberian Nama SwitchPemberian Nama Switch Switch#configure terminalSwitch#configure terminal Switch(config)#hostname SW1Switch(config)#hostname SW1 SW1(config)#endSW1(config)#end • Securing Console AccessSecuring Console Access:: Agar saat mengakses routerAgar saat mengakses router melalui console lebih aman dengan adanya password.melalui console lebih aman dengan adanya password. SW1#configure terminalSW1#configure terminal SW1(config)#line console 0SW1(config)#line console 0 SW1(config-line)#password webmediaSW1(config-line)#password webmedia SW1(config-line)#loginSW1(config-line)#login SW1(config-line)#endSW1(config-line)#end Configuring Basic & Password OptionsConfiguring Basic & Password Options
CCNA3-3 Chapter 2-2 • Securing Virtual Terminal Access:Securing Virtual Terminal Access: • There are 16 available default Telnet sessions as set upThere are 16 available default Telnet sessions as set up for a switch.for a switch. SW1#configure terminal SW1(config)#line vty 0 15 SW1(config-line)#password webmedia SW1(config-line)#login SW1(config-line)#end Configuring Password OptionsConfiguring Password Options
CCNA3-4 Chapter 2-2 • Securing Privileged EXEC Access:Securing Privileged EXEC Access: • Selalu gunakanSelalu gunakan enable secretenable secret agar password diagar password di encryptions.encryptions. SW1#configure terminalSW1#configure terminal SW1(config)#enable secret webmediaSW1(config)#enable secret webmedia SW1(config-line)#endSW1(config-line)#end • Encrypting Switch Passwords:Encrypting Switch Passwords: Kita dapat meng-encryptKita dapat meng-encrypt semua passwords yang kita buat di switch, dengan commandsemua passwords yang kita buat di switch, dengan command service password-encryptionservice password-encryption.. SW1#configure terminalSW1#configure terminal SW1(config)#service password-encryptionSW1(config)#service password-encryption SW1(config)#endSW1(config)#end Configuring Password OptionsConfiguring Password Options
CCNA3-5 Chapter 2-2 • Login Banner:Login Banner: SW1#configure terminalSW1#configure terminal SW1(config)#banner login “Member Only”SW1(config)#banner login “Member Only” SW1(config)#endSW1(config)#end • Message-Of-The-Day (MOTD) Banner:Message-Of-The-Day (MOTD) Banner: SW1#configure terminalSW1#configure terminal SW1(config)#banner motd “Sedang Diperbaiki”SW1(config)#banner motd “Sedang Diperbaiki” SW1(config)#endSW1(config)#end Configuring BannerConfiguring Banner
CCNA3-6 Chapter 2-2 • Telnet:Telnet: • Most common method.Most common method. • Virtual Terminal application.Virtual Terminal application. • Send in clear text.Send in clear text. • Not secure.Not secure. • Secure Shell (SSH):Secure Shell (SSH): • Virtual Terminal application.Virtual Terminal application. • Sends an encrypted data stream.Sends an encrypted data stream. • Is secure.Is secure. Configure Telnet and SSHConfigure Telnet and SSH
CCNA3-7 Chapter 2-2 • Configuring Telnet:Configuring Telnet: • Telnet is theTelnet is the default transportdefault transport for the vty lines.for the vty lines. • No need to specify it after the initial configuration of theNo need to specify it after the initial configuration of the switch has been performed.switch has been performed. SW1#configure terminalSW1#configure terminal SW1(config)#line vty 0 15SW1(config)#line vty 0 15 SW1(config-line)#passwordSW1(config-line)#password webmediawebmedia SW1(config-line)#loginSW1(config-line)#login SW1(config-line)#transport input telnetSW1(config-line)#transport input telnet SW1(config-line)#endSW1(config-line)#end Configure Telnet and SSHConfigure Telnet and SSH
CCNA3-8 Chapter 2-2 • Configuring Secure Shell (SSH):Configuring Secure Shell (SSH): • SSH is a cryptographic security feature that is subject to exportSSH is a cryptographic security feature that is subject to export restrictions. To use this feature, a cryptographic image must berestrictions. To use this feature, a cryptographic image must be installed on your switch.installed on your switch. • Perform the following to configurePerform the following to configure SSH ONLYSSH ONLY Access:Access: SW1#configure terminalSW1#configure terminal SW1(config)#usernameSW1(config)#username userwebmediauserwebmedia passwordpassword webmediawebmedia SW1#configure terminalSW1#configure terminal SW1(config)#ip domain-name webmedia.comSW1(config)#ip domain-name webmedia.com SW1(config)#crypto key generate rsaSW1(config)#crypto key generate rsa SW1(config)#ip ssh version 2SW1(config)#ip ssh version 2 SW1(config)#line vty 0 15SW1(config)#line vty 0 15 SW1(config-line)#login localSW1(config-line)#login local SW1(config-line)#transport input sshSW1(config-line)#transport input ssh SW1(config-line)#endSW1(config-line)#end Configure Telnet and SSHConfigure Telnet and SSH
CCNA3-9 Chapter 2-2 • MAC Address Flooding: Pada pembahasan sebelumnya, kita sudah mengetahui ; • MAC address table dari switch terdiri dari: • Berisi alamat MAC yang tersedia pada port fisik yang diberikan ke switch. • Berisi VLAN parameter yang terkait untuk masing-masing port. • Dalam pengiriman data akan mencari destination address dari tujuan data frame yang dikirim. • Jika terdapat dalam table mac, akan di forwarded ke port yang dituju. • Jika tidak terdapat dalam table mac, data frame akan di forwarded ke semua ports switch kecuali port sumber frame. Common Security AttacksCommon Security Attacks
CCNA3-10 Chapter 2-2 • Contoh MAC Address Flooding: • Karena MAC address table kapasitasnya terbatas/limited in size. (misalnya : switch cisco 2950, max 8000 mac- address) • Maka seorang intruder/penyusup dapat melakukan flooding menggunakan network attack tool yang dapat secara kontiniu mengirim bogus MAC addresses/alamat palsu ke switch. • (e.g. 155,000 MAC addresses per minute) • When a switch MAC table becomes full and stays full, maka switch akan memforward setiap frame yang diterima ke semua port switch – just like a hub. • Sehingga intruder/penyusup dapat melihat semua traffic yang ada pada switch. Common Security AttacksCommon Security Attacks
CCNA3-11 Chapter 2-2 • Spoofing Attacks: • Man-In-The-Middle (MITM): • Intercepting/mencegah network traffic. • DHCP or DNS spoofing. • The attacking device responds to DHCP or DNS requests with IP configuration or address information that points the user to the intruder’s destination. • DHCP Starvation: • The attacking device continually requests IP addresses from a real DHCP server with continually changing MAC addresses. • Eventually the pool of addresses is used up and actual users cannot access the network. Common Security AttacksCommon Security Attacks
CCNA3-12 Chapter 2-2 • CDP Attacks:CDP Attacks: • Cisco Discovery Protocol (CDP) is a proprietary protocolCisco Discovery Protocol (CDP) is a proprietary protocol that exchanges information among Cisco devices.that exchanges information among Cisco devices. • IP addressIP address • Software versionSoftware version • PlatformPlatform • CapabilitiesCapabilities • Native VLANNative VLAN (Trunk Links – Chapter 3)(Trunk Links – Chapter 3).. • With a free network sniffer (Wireshark) an intruder couldWith a free network sniffer (Wireshark) an intruder could obtain this information.obtain this information. • It can be used to find ways to perform Denial Of ServiceIt can be used to find ways to perform Denial Of Service (DoS) attacks and others.(DoS) attacks and others. Common Security AttacksCommon Security Attacks Usually on by default.Usually on by default. If you don’t need it, turn it off.If you don’t need it, turn it off. Usually on by default.Usually on by default. If you don’t need it, turn it off.If you don’t need it, turn it off.
CCNA3-13 Chapter 2-2 • Telnet Attacks:Telnet Attacks: • Recall that Telnet transmits in plain text and is notRecall that Telnet transmits in plain text and is not secure. While you may have set passwords, thesecure. While you may have set passwords, the following types of attacks are possible.following types of attacks are possible. • Brute force (password guessing)Brute force (password guessing) • DoS (Denial of Service)DoS (Denial of Service) • With a free network sniffer (Wireshark) an intruderWith a free network sniffer (Wireshark) an intruder could obtain this information.could obtain this information. • Use strong passwords and change them frequently.Use strong passwords and change them frequently. • Use SSH.Use SSH. Common Security AttacksCommon Security Attacks
CCNA3-14 Chapter 2-2 • MembantuMembantu aandanda untukuntuk menguji jaringanmenguji jaringan aandanda daridari berbagaiberbagai kelemahan.kelemahan. Dengan cara menggunakan toolsDengan cara menggunakan tools yang memungkinkanyang memungkinkan aanda untuk memainkan peran seorang hacker dan seorang analisnda untuk memainkan peran seorang hacker dan seorang analis keamanan jaringankeamanan jaringan. Pengetestan yang dilakukan adalah: a) Network Security Audits: • Mengumpulkan information Attacker, dengan melakukan monitoring network traffic. • Tentukan MAC address table limits and age-out period. a) Network Penetration Testing: • Identifikasi kelemahan-kelemahan dari security network kita. • Rencanakan dan buatlah security pada network anda yang tidak akan mempengaruhi performance network tersebut. Network Security ToolsNetwork Security Tools
CCNA3-15 Chapter 2-2 c) Common Features: • Service Identification: • IANA port numbers, discover FTP and HTTP servers, test all of the services running on a host. • Support of SSL Service: • Testing services that use SSL Level security. • HTTPS, SMTPS, IMAPS and security certificates. • Non-destructive and Destructive Testing: • Security audits that can degrade performance. • Database of Vulnerabilities (kerentanan database): • Compile a database that can be updated over time. Network Security ToolsNetwork Security Tools
CCNA3-16 Chapter 2-2 • Dengan tools tersebut, kita dapat melakukan:Dengan tools tersebut, kita dapat melakukan: • Capture chat messages.Capture chat messages. • Capture files from NFS traffic.Capture files from NFS traffic. • Capture HTTP requests.Capture HTTP requests. • Capture mail messages.Capture mail messages. • Capture passwords.Capture passwords. • Display captured URLs in a browser in real-time.Display captured URLs in a browser in real-time. • Flood a switched LAN with random MAC addresses.Flood a switched LAN with random MAC addresses. • Forge replies to DNS addresses.Forge replies to DNS addresses. • Intercept packets.Intercept packets. Network Security ToolsNetwork Security Tools
CCNA3-17 Chapter 2-2 • Implement Port Security to: • Port security is disabled by default. • Limit the number of valid MAC addresses allowed on a port. • Ketika mac address port security diaktifkan pada port switch, maka port tidak akan mem-forward packets jika source addresses bukanlah address yang telah kita defenisikan/tentukan. • Specify a group of valid MAC addresses allowed on a port. • Or Allow only one MAC address access to the port. • Specify that the port automatically shuts down (Security Violation Modes) if an invalid MAC address is detected. Configuring Port SecurityConfiguring Port Security
CCNA3-18 Chapter 2-2 • Secure MAC Address types: 1. Static: • Manually specify that a specific MAC address is the ONLY address allowed to connect to that port. • They are added to the MAC address table and stored in the running configuration. 2. Dynamic: • MAC addresses are learned dynamically when a device connects to the switch. • They are stored in the address table and are lost when the switch reloads. Configuring Port SecurityConfiguring Port Security
CCNA3-19 Chapter 2-2 3. Sticky: • Specifies that MAC addresses are: • Dynamically learned. • Added to the MAC address table. • Stored in the running configuration. • You may also manually add a MAC address. Configuring Port SecurityConfiguring Port Security
CCNA3-20 Chapter 2-2 • Security Violation Modes: • Terjadi ketika: • Host dengan MAC address yang tidak terdapat dalam mac address table mencoba untuk mengakses interface dan kondisi address table sudah full/penuh. • Sebuah mac address yang digunakan pada 2 interface yang secure di VLAN yang sama. • Modes: • Protect: drop frames – no notify • Restrict: drop frames - notify • Shutdown: disable port - notify Configuring Port SecurityConfiguring Port Security
CCNA3-21 Chapter 2-2 • Default/Static Port Security Configuration:Default/Static Port Security Configuration: Switch(config)#interface FastEthernet0/1Switch(config)#interface FastEthernet0/1 Switch(config-if)#description Port to PC1Switch(config-if)#description Port to PC1 Switch(config-if)#switchport access vlan 1Switch(config-if)#switchport access vlan 1 Switch(config-if)#switchport mode accessSwitch(config-if)#switchport mode access Switch(config-if)#switchport port-securitySwitch(config-if)#switchport port-security Switch(config-if)#switchport port-security mac-addressSwitch(config-if)#switchport port-security mac-address 0003.E4A3.EC190003.E4A3.EC19 Configuring Port SecurityConfiguring Port Security
CCNA3-22 Chapter 2-2 • Configure Dynamic Port Security: • Dynamically learned when the device connects. • Added to MAC table only. Configuring Port SecurityConfiguring Port Security Switch(config-if)#switchport port-securitySwitch(config-if)#switchport port-security Switch(config-if)#switchport port-security maximum 3Switch(config-if)#switchport port-security maximum 3 (1-132)(1-132) Switch(config-if)#switchport port-security mac-addressSwitch(config-if)#switchport port-security mac-address mac-ad1mac-ad1 Switch(config-if)#switchport port-security mac-addressSwitch(config-if)#switchport port-security mac-address mac-ad2mac-ad2 Switch(config-if)#switchport port-security mac-addressSwitch(config-if)#switchport port-security mac-address mac-ad3mac-ad3 Switch(config)#interface FastEthernet0/1Switch(config)#interface FastEthernet0/1 Switch(config-if)#description Port to PC1Switch(config-if)#description Port to PC1 Switch(config-if)#switchport access vlan 1Switch(config-if)#switchport access vlan 1 Switch(config-if)#switchport mode accessSwitch(config-if)#switchport mode access Switch(config-if)#switchport port-securitySwitch(config-if)#switchport port-security • Configure Static Port Security with Dynamic LearningConfigure Static Port Security with Dynamic Learning • Dynamically learned from list static mac-address when the device connects.Dynamically learned from list static mac-address when the device connects. • AddedAdded ManuallyManually to MAC table and Running Configurationsto MAC table and Running Configurations
CCNA3-23 Chapter 2-2 • Configure Sticky Port Security: • Dynamically learn MAC addresses. • Added Auto to MAC table and save in Running Configuration. Configuring Port SecurityConfiguring Port Security Switch(config)#interface FastEthernet0/1 Switch(config-if)#description Port to PC1 Switch(config-if)#switchport access vlan 1 Switch(config-if)#switchport mode access Switch(config-if)#switchport port-security Switch(config-if)#switchport port-security maximum 3 (1-132) Switch(config-if)#switchport port-security mac-address sticky Jika port switch dihubungkan ke komputer, akan secara auto menambahkan configurasi sticky mac-addressnya, maksimum 3 mac-address, misalnya : switchport port-security mac-address sticky 0007.EC74.2861 switchport port-security mac-address sticky 0007.EC74.2862 switchport port-security mac-address sticky 0007.EC74.2863
CCNA3-24 Chapter 2-2 • Verify Port Security Settings:Verify Port Security Settings: Verify Port SecurityVerify Port Security
CCNA3-25 Chapter 2-2 • Verify Secure MAC Addresses:Verify Secure MAC Addresses: Verify Port SecurityVerify Port Security
CCNA3-26 Chapter 2-2 • Disable unused ports:Disable unused ports: Securing Unused PortsSecuring Unused Ports You can specify a range of interfaces.You can specify a range of interfaces. For example, to specify the first 10 interfaces:For example, to specify the first 10 interfaces: interface range fastethernet 0/1 - 10interface range fastethernet 0/1 - 10 You can specify a range of interfaces.You can specify a range of interfaces. For example, to specify the first 10 interfaces:For example, to specify the first 10 interfaces: interface range fastethernet 0/1 - 10interface range fastethernet 0/1 - 10
CCNA3-27 Chapter 2-2 End Chapter 02End Chapter 02 Lab ActivityLab Activity

Recommended

Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacksdkaya
 
Network Security - Layer 2
Network Security - Layer 2Network Security - Layer 2
Network Security - Layer 2samis
 
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.Sumutiu Marius
 
The Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallThe Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallVishal Kumar
 
Cisco Switch Security
Cisco Switch SecurityCisco Switch Security
Cisco Switch Securitydkaya
 
Common Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationCommon Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationNetProtocol Xpert
 
InfiltrateCon 2016 - Why Nation-State Hack Telco Networks
InfiltrateCon 2016 - Why Nation-State Hack Telco NetworksInfiltrateCon 2016 - Why Nation-State Hack Telco Networks
InfiltrateCon 2016 - Why Nation-State Hack Telco NetworksOmer Coskun
 
Router security-configuration-guide-executive-summary
Router security-configuration-guide-executive-summaryRouter security-configuration-guide-executive-summary
Router security-configuration-guide-executive-summarymoonmanik
 

Recommended

Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacksdkaya
 
Network Security - Layer 2
Network Security - Layer 2Network Security - Layer 2
Network Security - Layer 2samis
 
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.Sumutiu Marius
 
The Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallThe Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallVishal Kumar
 
Cisco Switch Security
Cisco Switch SecurityCisco Switch Security
Cisco Switch Securitydkaya
 
Common Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationCommon Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationNetProtocol Xpert
 
InfiltrateCon 2016 - Why Nation-State Hack Telco Networks
InfiltrateCon 2016 - Why Nation-State Hack Telco NetworksInfiltrateCon 2016 - Why Nation-State Hack Telco Networks
InfiltrateCon 2016 - Why Nation-State Hack Telco NetworksOmer Coskun
 
Router security-configuration-guide-executive-summary
Router security-configuration-guide-executive-summaryRouter security-configuration-guide-executive-summary
Router security-configuration-guide-executive-summarymoonmanik
 
Introduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationIntroduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationRishabh Dangwal
 
CCNP Security SIMOS 300-209=vpn 642-648
CCNP Security SIMOS 300-209=vpn 642-648CCNP Security SIMOS 300-209=vpn 642-648
CCNP Security SIMOS 300-209=vpn 642-648Mohmed Abou Elenein Attia
 
Port Security
Port SecurityPort Security
Port SecurityNetProtocol Xpert
 
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksPractical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksSecurity Session
 
Cisco router-commands
Cisco router-commandsCisco router-commands
Cisco router-commandsRobin Rohit
 
Cisco Commands
Cisco CommandsCisco Commands
Cisco CommandsFredrick Hall
 
Multicast IP addresses Part 1
Multicast IP addresses Part 1Multicast IP addresses Part 1
Multicast IP addresses Part 1Mohmed Abou Elenein Attia
 
How to configure port security in cisco switch
How to configure port security in cisco switchHow to configure port security in cisco switch
How to configure port security in cisco switchIT Tech
 
Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)DH Da Lat
 
Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)NetProtocol Xpert
 
Remote VPN
Remote VPNRemote VPN
Remote VPNNetwax Lab
 
Best!
Best!Best!
Best!gofortution
 
Cohesive Networks Support Docs: VNS3 Setup for Juniper
Cohesive Networks Support Docs: VNS3 Setup for JuniperCohesive Networks Support Docs: VNS3 Setup for Juniper
Cohesive Networks Support Docs: VNS3 Setup for JuniperCohesive Networks
 
1-300-206 (SENSS)=Firewall (642-618)
1-300-206 (SENSS)=Firewall (642-618) 1-300-206 (SENSS)=Firewall (642-618)
1-300-206 (SENSS)=Firewall (642-618) Mohmed Abou Elenein Attia
 
Informal Presentation on WPA-TKIP
Informal Presentation on WPA-TKIPInformal Presentation on WPA-TKIP
Informal Presentation on WPA-TKIPvanhoefm
 
Brkcrt 2214
Brkcrt 2214Brkcrt 2214
Brkcrt 2214Mac An
 
Securing networks with private vla ns and vlan access control lists
Securing networks with private vla ns and vlan access control listsSecuring networks with private vla ns and vlan access control lists
Securing networks with private vla ns and vlan access control lists1 2d
 
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)Igalia
 
Exploiting WiFi Security
Exploiting WiFi Security Exploiting WiFi Security
Exploiting WiFi Security Hariraj Rathod
 
Switching Concepts presentation
Switching Concepts presentationSwitching Concepts presentation
Switching Concepts presentationzameer Abbas
 
Infographic: Journey through a DMP pixel
Infographic: Journey through a DMP pixel Infographic: Journey through a DMP pixel
Infographic: Journey through a DMP pixel Switch Concepts
 
Switched networks (LAN Switching – Switches)
Switched networks (LAN Switching – Switches)Switched networks (LAN Switching – Switches)
Switched networks (LAN Switching – Switches)Fleurati
 

More Related Content

What's hot

Introduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationIntroduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationRishabh Dangwal
 
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksPractical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksSecurity Session
 
Cisco router-commands
Cisco router-commandsCisco router-commands
Cisco router-commandsRobin Rohit
 
How to configure port security in cisco switch
How to configure port security in cisco switchHow to configure port security in cisco switch
How to configure port security in cisco switchIT Tech
 
Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)DH Da Lat
 
Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)NetProtocol Xpert
 
Cohesive Networks Support Docs: VNS3 Setup for Juniper
Cohesive Networks Support Docs: VNS3 Setup for JuniperCohesive Networks Support Docs: VNS3 Setup for Juniper
Cohesive Networks Support Docs: VNS3 Setup for JuniperCohesive Networks
 
Informal Presentation on WPA-TKIP
Informal Presentation on WPA-TKIPInformal Presentation on WPA-TKIP
Informal Presentation on WPA-TKIPvanhoefm
 
Brkcrt 2214
Brkcrt 2214Brkcrt 2214
Brkcrt 2214Mac An
 
Securing networks with private vla ns and vlan access control lists
Securing networks with private vla ns and vlan access control listsSecuring networks with private vla ns and vlan access control lists
Securing networks with private vla ns and vlan access control lists1 2d
 
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)Igalia
 
Exploiting WiFi Security
Exploiting WiFi Security Exploiting WiFi Security
Exploiting WiFi Security Hariraj Rathod
 

What's hot (19)

Introduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationIntroduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigation
 
CCNP Security SIMOS 300-209=vpn 642-648
CCNP Security SIMOS 300-209=vpn 642-648CCNP Security SIMOS 300-209=vpn 642-648
CCNP Security SIMOS 300-209=vpn 642-648
 
Port Security
Port SecurityPort Security
Port Security
 
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksPractical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacks
 
Cisco router-commands
Cisco router-commandsCisco router-commands
Cisco router-commands
 
Cisco Commands
Cisco CommandsCisco Commands
Cisco Commands
 
Multicast IP addresses Part 1
Multicast IP addresses Part 1Multicast IP addresses Part 1
Multicast IP addresses Part 1
 
How to configure port security in cisco switch
How to configure port security in cisco switchHow to configure port security in cisco switch
How to configure port security in cisco switch
 
Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)
 
Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)
 
Remote VPN
Remote VPNRemote VPN
Remote VPN
 
Best!
Best!Best!
Best!
 
Cohesive Networks Support Docs: VNS3 Setup for Juniper
Cohesive Networks Support Docs: VNS3 Setup for JuniperCohesive Networks Support Docs: VNS3 Setup for Juniper
Cohesive Networks Support Docs: VNS3 Setup for Juniper
 
1-300-206 (SENSS)=Firewall (642-618)
1-300-206 (SENSS)=Firewall (642-618) 1-300-206 (SENSS)=Firewall (642-618)
1-300-206 (SENSS)=Firewall (642-618)
 
Informal Presentation on WPA-TKIP
Informal Presentation on WPA-TKIPInformal Presentation on WPA-TKIP
Informal Presentation on WPA-TKIP
 
Brkcrt 2214
Brkcrt 2214Brkcrt 2214
Brkcrt 2214
 
Securing networks with private vla ns and vlan access control lists
Securing networks with private vla ns and vlan access control listsSecuring networks with private vla ns and vlan access control lists
Securing networks with private vla ns and vlan access control lists
 
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)
 
Exploiting WiFi Security
Exploiting WiFi Security Exploiting WiFi Security
Exploiting WiFi Security
 

Viewers also liked

Switching Concepts presentation
Switching Concepts presentationSwitching Concepts presentation
Switching Concepts presentationzameer Abbas
 
Infographic: Journey through a DMP pixel
Infographic: Journey through a DMP pixel Infographic: Journey through a DMP pixel
Infographic: Journey through a DMP pixel Switch Concepts
 
Switched networks (LAN Switching – Switches)
Switched networks (LAN Switching – Switches)Switched networks (LAN Switching – Switches)
Switched networks (LAN Switching – Switches)Fleurati
 
Layer3protocols
Layer3protocolsLayer3protocols
Layer3protocolsassinha
 
Switching characteristics of power electronic devices
Switching characteristics of power electronic devicesSwitching characteristics of power electronic devices
Switching characteristics of power electronic devicesSunny Purani
 
11 Trends That Are Changing the Marketing World
11 Trends That Are Changing the Marketing World11 Trends That Are Changing the Marketing World
11 Trends That Are Changing the Marketing WorldInside Social
 
Network switches, functions & role in networks
Network switches, functions & role in networksNetwork switches, functions & role in networks
Network switches, functions & role in networksIT Tech
 
Reference frame theory
Reference frame theoryReference frame theory
Reference frame theoryRamesh Babu
 
Switching techniques
Switching techniquesSwitching techniques
Switching techniquesGupta6Bindu
 
Switching Techniques
Switching TechniquesSwitching Techniques
Switching Techniquestameemyousaf
 
difference between hub, bridge, switch and router
difference between hub, bridge, switch and routerdifference between hub, bridge, switch and router
difference between hub, bridge, switch and routerAkmal Cikmat
 
The Future of Marketing 2016: New Roles, and Trends
The Future of Marketing 2016: New Roles, and Trends The Future of Marketing 2016: New Roles, and Trends
The Future of Marketing 2016: New Roles, and Trends Mathew Sweezey
 
Circuit switching packet switching
Circuit switching packet switchingCircuit switching packet switching
Circuit switching packet switchingSneha Dalvi
 
Computer networking devices
Computer networking devicesComputer networking devices
Computer networking devicesRajesh Sadhukha
 

Viewers also liked (18)

Switching Concepts presentation
Switching Concepts presentationSwitching Concepts presentation
Switching Concepts presentation
 
Infographic: Journey through a DMP pixel
Infographic: Journey through a DMP pixel Infographic: Journey through a DMP pixel
Infographic: Journey through a DMP pixel
 
Switched networks (LAN Switching – Switches)
Switched networks (LAN Switching – Switches)Switched networks (LAN Switching – Switches)
Switched networks (LAN Switching – Switches)
 
Layer3protocols
Layer3protocolsLayer3protocols
Layer3protocols
 
Switching characteristics of power electronic devices
Switching characteristics of power electronic devicesSwitching characteristics of power electronic devices
Switching characteristics of power electronic devices
 
11 Trends That Are Changing the Marketing World
11 Trends That Are Changing the Marketing World11 Trends That Are Changing the Marketing World
11 Trends That Are Changing the Marketing World
 
Network switch
Network switchNetwork switch
Network switch
 
Network switches, functions & role in networks
Network switches, functions & role in networksNetwork switches, functions & role in networks
Network switches, functions & role in networks
 
Reference frame theory
Reference frame theoryReference frame theory
Reference frame theory
 
Chap 8 switching
Chap 8 switchingChap 8 switching
Chap 8 switching
 
Switching techniques
Switching techniquesSwitching techniques
Switching techniques
 
Switching seminar ppt
Switching seminar pptSwitching seminar ppt
Switching seminar ppt
 
Switching
SwitchingSwitching
Switching
 
Switching Techniques
Switching TechniquesSwitching Techniques
Switching Techniques
 
difference between hub, bridge, switch and router
difference between hub, bridge, switch and routerdifference between hub, bridge, switch and router
difference between hub, bridge, switch and router
 
The Future of Marketing 2016: New Roles, and Trends
The Future of Marketing 2016: New Roles, and Trends The Future of Marketing 2016: New Roles, and Trends
The Future of Marketing 2016: New Roles, and Trends
 
Circuit switching packet switching
Circuit switching packet switchingCircuit switching packet switching
Circuit switching packet switching
 
Computer networking devices
Computer networking devicesComputer networking devices
Computer networking devices
 

Similar to Expl sw chapter_02_switches_part_2

LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and ConfigurationLAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and ConfigurationAbdelkhalik Mosa
 
Securing Switch Access
Securing Switch Access Securing Switch Access
Securing Switch Access Netwax Lab
 
labffbhhhhjjjjjjjjj bnbbnv material.pptx
labffbhhhhjjjjjjjjj bnbbnv material.pptxlabffbhhhhjjjjjjjjj bnbbnv material.pptx
labffbhhhhjjjjjjjjj bnbbnv material.pptxBinyamBekeleMoges
 
SAS (Secure Active Switch)
SAS (Secure Active Switch)SAS (Secure Active Switch)
SAS (Secure Active Switch)Security Date
 
Securing the network for VMs or Containers
Securing the network for VMs or ContainersSecuring the network for VMs or Containers
Securing the network for VMs or ContainersMarian Marinov
 
Security Concerns in LANs.pptx
Security Concerns in LANs.pptxSecurity Concerns in LANs.pptx
Security Concerns in LANs.pptxjoko
 
1unit2ndpart
1unit2ndpart1unit2ndpart
1unit2ndpartprksh89
 
CCNA R&S 2 3 4 All Commands
CCNA R&S 2 3 4 All Commands CCNA R&S 2 3 4 All Commands
CCNA R&S 2 3 4 All Commands MohamedZiadi5
 
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksPractical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksMartin Holovský
 
The bryant advantage 150 commands
The bryant advantage 150 commandsThe bryant advantage 150 commands
The bryant advantage 150 commandsAreej Khasawneh
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminarNilesh Sapariya
 

Similar to Expl sw chapter_02_switches_part_2 (20)

LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and ConfigurationLAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
 
Securing Switch Access
Securing Switch Access Securing Switch Access
Securing Switch Access
 
labffbhhhhjjjjjjjjj bnbbnv material.pptx
labffbhhhhjjjjjjjjj bnbbnv material.pptxlabffbhhhhjjjjjjjjj bnbbnv material.pptx
labffbhhhhjjjjjjjjj bnbbnv material.pptx
 
Cap2 configuring switch
Cap2 configuring switchCap2 configuring switch
Cap2 configuring switch
 
L2 Attacks.pdf
L2 Attacks.pdfL2 Attacks.pdf
L2 Attacks.pdf
 
Switch security
Switch securitySwitch security
Switch security
 
Hacking L2 Switches
Hacking L2 SwitchesHacking L2 Switches
Hacking L2 Switches
 
SAS (Secure Active Switch)
SAS (Secure Active Switch)SAS (Secure Active Switch)
SAS (Secure Active Switch)
 
Ch6
Ch6Ch6
Ch6
 
Securing the network for VMs or Containers
Securing the network for VMs or ContainersSecuring the network for VMs or Containers
Securing the network for VMs or Containers
 
Security Concerns in LANs.pptx
Security Concerns in LANs.pptxSecurity Concerns in LANs.pptx
Security Concerns in LANs.pptx
 
Attack.pptx
Attack.pptxAttack.pptx
Attack.pptx
 
1unit2ndpart
1unit2ndpart1unit2ndpart
1unit2ndpart
 
CCNA R&S 2 3 4 All Commands
CCNA R&S 2 3 4 All Commands CCNA R&S 2 3 4 All Commands
CCNA R&S 2 3 4 All Commands
 
Hacking Cisco
Hacking CiscoHacking Cisco
Hacking Cisco
 
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksPractical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacks
 
The bryant advantage 150 commands
The bryant advantage 150 commandsThe bryant advantage 150 commands
The bryant advantage 150 commands
 
Ccna 9
Ccna 9Ccna 9
Ccna 9
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
 
Intrusion Techniques
Intrusion TechniquesIntrusion Techniques
Intrusion Techniques
 

More from aghacrom

Expl sw chapter_07_wireless rev.01(additional)
Expl sw chapter_07_wireless rev.01(additional)Expl sw chapter_07_wireless rev.01(additional)
Expl sw chapter_07_wireless rev.01(additional)aghacrom
 
Expl sw chapter_07_wireless rev.01
Expl sw chapter_07_wireless rev.01Expl sw chapter_07_wireless rev.01
Expl sw chapter_07_wireless rev.01aghacrom
 
Expl sw chapter_06_inter_vlan
Expl sw chapter_06_inter_vlanExpl sw chapter_06_inter_vlan
Expl sw chapter_06_inter_vlanaghacrom
 
Expl sw chapter_05_stp_part_i-rev2.
Expl sw chapter_05_stp_part_i-rev2.Expl sw chapter_05_stp_part_i-rev2.
Expl sw chapter_05_stp_part_i-rev2.aghacrom
 
Expl sw chapter_07_wireless rev.01(additional)
Expl sw chapter_07_wireless rev.01(additional)Expl sw chapter_07_wireless rev.01(additional)
Expl sw chapter_07_wireless rev.01(additional)aghacrom
 
Expl sw chapter_05_stp_part_ii-rev2.
Expl sw chapter_05_stp_part_ii-rev2.Expl sw chapter_05_stp_part_ii-rev2.
Expl sw chapter_05_stp_part_ii-rev2.aghacrom
 
Expl sw chapter_04_vtp-full
Expl sw chapter_04_vtp-fullExpl sw chapter_04_vtp-full
Expl sw chapter_04_vtp-fullaghacrom
 
Expl sw chapter_03_vla_ns_part_ii
Expl sw chapter_03_vla_ns_part_iiExpl sw chapter_03_vla_ns_part_ii
Expl sw chapter_03_vla_ns_part_iiaghacrom
 
Expl sw chapter_03_vla_ns_part_i
Expl sw chapter_03_vla_ns_part_iExpl sw chapter_03_vla_ns_part_i
Expl sw chapter_03_vla_ns_part_iaghacrom
 
Expl sw chapter_02_switches_part_1
Expl sw chapter_02_switches_part_1Expl sw chapter_02_switches_part_1
Expl sw chapter_02_switches_part_1aghacrom
 
Expl sw chapter_01_lan_design - class
Expl sw chapter_01_lan_design - classExpl sw chapter_01_lan_design - class
Expl sw chapter_01_lan_design - classaghacrom
 

More from aghacrom (11)

Expl sw chapter_07_wireless rev.01(additional)
Expl sw chapter_07_wireless rev.01(additional)Expl sw chapter_07_wireless rev.01(additional)
Expl sw chapter_07_wireless rev.01(additional)
 
Expl sw chapter_07_wireless rev.01
Expl sw chapter_07_wireless rev.01Expl sw chapter_07_wireless rev.01
Expl sw chapter_07_wireless rev.01
 
Expl sw chapter_06_inter_vlan
Expl sw chapter_06_inter_vlanExpl sw chapter_06_inter_vlan
Expl sw chapter_06_inter_vlan
 
Expl sw chapter_05_stp_part_i-rev2.
Expl sw chapter_05_stp_part_i-rev2.Expl sw chapter_05_stp_part_i-rev2.
Expl sw chapter_05_stp_part_i-rev2.
 
Expl sw chapter_07_wireless rev.01(additional)
Expl sw chapter_07_wireless rev.01(additional)Expl sw chapter_07_wireless rev.01(additional)
Expl sw chapter_07_wireless rev.01(additional)
 
Expl sw chapter_05_stp_part_ii-rev2.
Expl sw chapter_05_stp_part_ii-rev2.Expl sw chapter_05_stp_part_ii-rev2.
Expl sw chapter_05_stp_part_ii-rev2.
 
Expl sw chapter_04_vtp-full
Expl sw chapter_04_vtp-fullExpl sw chapter_04_vtp-full
Expl sw chapter_04_vtp-full
 
Expl sw chapter_03_vla_ns_part_ii
Expl sw chapter_03_vla_ns_part_iiExpl sw chapter_03_vla_ns_part_ii
Expl sw chapter_03_vla_ns_part_ii
 
Expl sw chapter_03_vla_ns_part_i
Expl sw chapter_03_vla_ns_part_iExpl sw chapter_03_vla_ns_part_i
Expl sw chapter_03_vla_ns_part_i
 
Expl sw chapter_02_switches_part_1
Expl sw chapter_02_switches_part_1Expl sw chapter_02_switches_part_1
Expl sw chapter_02_switches_part_1
 
Expl sw chapter_01_lan_design - class
Expl sw chapter_01_lan_design - classExpl sw chapter_01_lan_design - class
Expl sw chapter_01_lan_design - class
 

Recently uploaded

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 

Recently uploaded (20)

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 

Expl sw chapter_02_switches_part_2

  • 1. CCNA3-1 Chapter 2-2 Switch Concepts and ConfigurationSwitch Concepts and Configuration Configuring Switch SecurityConfiguring Switch Security PasswordsPasswordsPasswordsPasswords EncryptionEncryptionEncryptionEncryption ConsoleConsoleConsoleConsole Telnet / SSHTelnet / SSHTelnet / SSHTelnet / SSH Password RecoveryPassword RecoveryPassword RecoveryPassword Recovery MAC Address FloodingMAC Address FloodingMAC Address FloodingMAC Address Flooding Spoofing AttacksSpoofing AttacksSpoofing AttacksSpoofing Attacks CDP AttacksCDP AttacksCDP AttacksCDP Attacks Telnet AttacksTelnet AttacksTelnet AttacksTelnet Attacks Security ToolsSecurity ToolsSecurity ToolsSecurity Tools Port SecurityPort SecurityPort SecurityPort Security
  • 2. CCNA3-2 Chapter 2-2 • HostnameHostname:: Pemberian Nama SwitchPemberian Nama Switch Switch#configure terminalSwitch#configure terminal Switch(config)#hostname SW1Switch(config)#hostname SW1 SW1(config)#endSW1(config)#end • Securing Console AccessSecuring Console Access:: Agar saat mengakses routerAgar saat mengakses router melalui console lebih aman dengan adanya password.melalui console lebih aman dengan adanya password. SW1#configure terminalSW1#configure terminal SW1(config)#line console 0SW1(config)#line console 0 SW1(config-line)#password webmediaSW1(config-line)#password webmedia SW1(config-line)#loginSW1(config-line)#login SW1(config-line)#endSW1(config-line)#end Configuring Basic & Password OptionsConfiguring Basic & Password Options
  • 3. CCNA3-3 Chapter 2-2 • Securing Virtual Terminal Access:Securing Virtual Terminal Access: • There are 16 available default Telnet sessions as set upThere are 16 available default Telnet sessions as set up for a switch.for a switch. SW1#configure terminal SW1(config)#line vty 0 15 SW1(config-line)#password webmedia SW1(config-line)#login SW1(config-line)#end Configuring Password OptionsConfiguring Password Options
  • 4. CCNA3-4 Chapter 2-2 • Securing Privileged EXEC Access:Securing Privileged EXEC Access: • Selalu gunakanSelalu gunakan enable secretenable secret agar password diagar password di encryptions.encryptions. SW1#configure terminalSW1#configure terminal SW1(config)#enable secret webmediaSW1(config)#enable secret webmedia SW1(config-line)#endSW1(config-line)#end • Encrypting Switch Passwords:Encrypting Switch Passwords: Kita dapat meng-encryptKita dapat meng-encrypt semua passwords yang kita buat di switch, dengan commandsemua passwords yang kita buat di switch, dengan command service password-encryptionservice password-encryption.. SW1#configure terminalSW1#configure terminal SW1(config)#service password-encryptionSW1(config)#service password-encryption SW1(config)#endSW1(config)#end Configuring Password OptionsConfiguring Password Options
  • 5. CCNA3-5 Chapter 2-2 • Login Banner:Login Banner: SW1#configure terminalSW1#configure terminal SW1(config)#banner login “Member Only”SW1(config)#banner login “Member Only” SW1(config)#endSW1(config)#end • Message-Of-The-Day (MOTD) Banner:Message-Of-The-Day (MOTD) Banner: SW1#configure terminalSW1#configure terminal SW1(config)#banner motd “Sedang Diperbaiki”SW1(config)#banner motd “Sedang Diperbaiki” SW1(config)#endSW1(config)#end Configuring BannerConfiguring Banner
  • 6. CCNA3-6 Chapter 2-2 • Telnet:Telnet: • Most common method.Most common method. • Virtual Terminal application.Virtual Terminal application. • Send in clear text.Send in clear text. • Not secure.Not secure. • Secure Shell (SSH):Secure Shell (SSH): • Virtual Terminal application.Virtual Terminal application. • Sends an encrypted data stream.Sends an encrypted data stream. • Is secure.Is secure. Configure Telnet and SSHConfigure Telnet and SSH
  • 7. CCNA3-7 Chapter 2-2 • Configuring Telnet:Configuring Telnet: • Telnet is theTelnet is the default transportdefault transport for the vty lines.for the vty lines. • No need to specify it after the initial configuration of theNo need to specify it after the initial configuration of the switch has been performed.switch has been performed. SW1#configure terminalSW1#configure terminal SW1(config)#line vty 0 15SW1(config)#line vty 0 15 SW1(config-line)#passwordSW1(config-line)#password webmediawebmedia SW1(config-line)#loginSW1(config-line)#login SW1(config-line)#transport input telnetSW1(config-line)#transport input telnet SW1(config-line)#endSW1(config-line)#end Configure Telnet and SSHConfigure Telnet and SSH
  • 8. CCNA3-8 Chapter 2-2 • Configuring Secure Shell (SSH):Configuring Secure Shell (SSH): • SSH is a cryptographic security feature that is subject to exportSSH is a cryptographic security feature that is subject to export restrictions. To use this feature, a cryptographic image must berestrictions. To use this feature, a cryptographic image must be installed on your switch.installed on your switch. • Perform the following to configurePerform the following to configure SSH ONLYSSH ONLY Access:Access: SW1#configure terminalSW1#configure terminal SW1(config)#usernameSW1(config)#username userwebmediauserwebmedia passwordpassword webmediawebmedia SW1#configure terminalSW1#configure terminal SW1(config)#ip domain-name webmedia.comSW1(config)#ip domain-name webmedia.com SW1(config)#crypto key generate rsaSW1(config)#crypto key generate rsa SW1(config)#ip ssh version 2SW1(config)#ip ssh version 2 SW1(config)#line vty 0 15SW1(config)#line vty 0 15 SW1(config-line)#login localSW1(config-line)#login local SW1(config-line)#transport input sshSW1(config-line)#transport input ssh SW1(config-line)#endSW1(config-line)#end Configure Telnet and SSHConfigure Telnet and SSH
  • 9. CCNA3-9 Chapter 2-2 • MAC Address Flooding: Pada pembahasan sebelumnya, kita sudah mengetahui ; • MAC address table dari switch terdiri dari: • Berisi alamat MAC yang tersedia pada port fisik yang diberikan ke switch. • Berisi VLAN parameter yang terkait untuk masing-masing port. • Dalam pengiriman data akan mencari destination address dari tujuan data frame yang dikirim. • Jika terdapat dalam table mac, akan di forwarded ke port yang dituju. • Jika tidak terdapat dalam table mac, data frame akan di forwarded ke semua ports switch kecuali port sumber frame. Common Security AttacksCommon Security Attacks
  • 10. CCNA3-10 Chapter 2-2 • Contoh MAC Address Flooding: • Karena MAC address table kapasitasnya terbatas/limited in size. (misalnya : switch cisco 2950, max 8000 mac- address) • Maka seorang intruder/penyusup dapat melakukan flooding menggunakan network attack tool yang dapat secara kontiniu mengirim bogus MAC addresses/alamat palsu ke switch. • (e.g. 155,000 MAC addresses per minute) • When a switch MAC table becomes full and stays full, maka switch akan memforward setiap frame yang diterima ke semua port switch – just like a hub. • Sehingga intruder/penyusup dapat melihat semua traffic yang ada pada switch. Common Security AttacksCommon Security Attacks
  • 11. CCNA3-11 Chapter 2-2 • Spoofing Attacks: • Man-In-The-Middle (MITM): • Intercepting/mencegah network traffic. • DHCP or DNS spoofing. • The attacking device responds to DHCP or DNS requests with IP configuration or address information that points the user to the intruder’s destination. • DHCP Starvation: • The attacking device continually requests IP addresses from a real DHCP server with continually changing MAC addresses. • Eventually the pool of addresses is used up and actual users cannot access the network. Common Security AttacksCommon Security Attacks
  • 12. CCNA3-12 Chapter 2-2 • CDP Attacks:CDP Attacks: • Cisco Discovery Protocol (CDP) is a proprietary protocolCisco Discovery Protocol (CDP) is a proprietary protocol that exchanges information among Cisco devices.that exchanges information among Cisco devices. • IP addressIP address • Software versionSoftware version • PlatformPlatform • CapabilitiesCapabilities • Native VLANNative VLAN (Trunk Links – Chapter 3)(Trunk Links – Chapter 3).. • With a free network sniffer (Wireshark) an intruder couldWith a free network sniffer (Wireshark) an intruder could obtain this information.obtain this information. • It can be used to find ways to perform Denial Of ServiceIt can be used to find ways to perform Denial Of Service (DoS) attacks and others.(DoS) attacks and others. Common Security AttacksCommon Security Attacks Usually on by default.Usually on by default. If you don’t need it, turn it off.If you don’t need it, turn it off. Usually on by default.Usually on by default. If you don’t need it, turn it off.If you don’t need it, turn it off.
  • 13. CCNA3-13 Chapter 2-2 • Telnet Attacks:Telnet Attacks: • Recall that Telnet transmits in plain text and is notRecall that Telnet transmits in plain text and is not secure. While you may have set passwords, thesecure. While you may have set passwords, the following types of attacks are possible.following types of attacks are possible. • Brute force (password guessing)Brute force (password guessing) • DoS (Denial of Service)DoS (Denial of Service) • With a free network sniffer (Wireshark) an intruderWith a free network sniffer (Wireshark) an intruder could obtain this information.could obtain this information. • Use strong passwords and change them frequently.Use strong passwords and change them frequently. • Use SSH.Use SSH. Common Security AttacksCommon Security Attacks
  • 14. CCNA3-14 Chapter 2-2 • MembantuMembantu aandanda untukuntuk menguji jaringanmenguji jaringan aandanda daridari berbagaiberbagai kelemahan.kelemahan. Dengan cara menggunakan toolsDengan cara menggunakan tools yang memungkinkanyang memungkinkan aanda untuk memainkan peran seorang hacker dan seorang analisnda untuk memainkan peran seorang hacker dan seorang analis keamanan jaringankeamanan jaringan. Pengetestan yang dilakukan adalah: a) Network Security Audits: • Mengumpulkan information Attacker, dengan melakukan monitoring network traffic. • Tentukan MAC address table limits and age-out period. a) Network Penetration Testing: • Identifikasi kelemahan-kelemahan dari security network kita. • Rencanakan dan buatlah security pada network anda yang tidak akan mempengaruhi performance network tersebut. Network Security ToolsNetwork Security Tools
  • 15. CCNA3-15 Chapter 2-2 c) Common Features: • Service Identification: • IANA port numbers, discover FTP and HTTP servers, test all of the services running on a host. • Support of SSL Service: • Testing services that use SSL Level security. • HTTPS, SMTPS, IMAPS and security certificates. • Non-destructive and Destructive Testing: • Security audits that can degrade performance. • Database of Vulnerabilities (kerentanan database): • Compile a database that can be updated over time. Network Security ToolsNetwork Security Tools
  • 16. CCNA3-16 Chapter 2-2 • Dengan tools tersebut, kita dapat melakukan:Dengan tools tersebut, kita dapat melakukan: • Capture chat messages.Capture chat messages. • Capture files from NFS traffic.Capture files from NFS traffic. • Capture HTTP requests.Capture HTTP requests. • Capture mail messages.Capture mail messages. • Capture passwords.Capture passwords. • Display captured URLs in a browser in real-time.Display captured URLs in a browser in real-time. • Flood a switched LAN with random MAC addresses.Flood a switched LAN with random MAC addresses. • Forge replies to DNS addresses.Forge replies to DNS addresses. • Intercept packets.Intercept packets. Network Security ToolsNetwork Security Tools
  • 17. CCNA3-17 Chapter 2-2 • Implement Port Security to: • Port security is disabled by default. • Limit the number of valid MAC addresses allowed on a port. • Ketika mac address port security diaktifkan pada port switch, maka port tidak akan mem-forward packets jika source addresses bukanlah address yang telah kita defenisikan/tentukan. • Specify a group of valid MAC addresses allowed on a port. • Or Allow only one MAC address access to the port. • Specify that the port automatically shuts down (Security Violation Modes) if an invalid MAC address is detected. Configuring Port SecurityConfiguring Port Security
  • 18. CCNA3-18 Chapter 2-2 • Secure MAC Address types: 1. Static: • Manually specify that a specific MAC address is the ONLY address allowed to connect to that port. • They are added to the MAC address table and stored in the running configuration. 2. Dynamic: • MAC addresses are learned dynamically when a device connects to the switch. • They are stored in the address table and are lost when the switch reloads. Configuring Port SecurityConfiguring Port Security
  • 19. CCNA3-19 Chapter 2-2 3. Sticky: • Specifies that MAC addresses are: • Dynamically learned. • Added to the MAC address table. • Stored in the running configuration. • You may also manually add a MAC address. Configuring Port SecurityConfiguring Port Security
  • 20. CCNA3-20 Chapter 2-2 • Security Violation Modes: • Terjadi ketika: • Host dengan MAC address yang tidak terdapat dalam mac address table mencoba untuk mengakses interface dan kondisi address table sudah full/penuh. • Sebuah mac address yang digunakan pada 2 interface yang secure di VLAN yang sama. • Modes: • Protect: drop frames – no notify • Restrict: drop frames - notify • Shutdown: disable port - notify Configuring Port SecurityConfiguring Port Security
  • 21. CCNA3-21 Chapter 2-2 • Default/Static Port Security Configuration:Default/Static Port Security Configuration: Switch(config)#interface FastEthernet0/1Switch(config)#interface FastEthernet0/1 Switch(config-if)#description Port to PC1Switch(config-if)#description Port to PC1 Switch(config-if)#switchport access vlan 1Switch(config-if)#switchport access vlan 1 Switch(config-if)#switchport mode accessSwitch(config-if)#switchport mode access Switch(config-if)#switchport port-securitySwitch(config-if)#switchport port-security Switch(config-if)#switchport port-security mac-addressSwitch(config-if)#switchport port-security mac-address 0003.E4A3.EC190003.E4A3.EC19 Configuring Port SecurityConfiguring Port Security
  • 22. CCNA3-22 Chapter 2-2 • Configure Dynamic Port Security: • Dynamically learned when the device connects. • Added to MAC table only. Configuring Port SecurityConfiguring Port Security Switch(config-if)#switchport port-securitySwitch(config-if)#switchport port-security Switch(config-if)#switchport port-security maximum 3Switch(config-if)#switchport port-security maximum 3 (1-132)(1-132) Switch(config-if)#switchport port-security mac-addressSwitch(config-if)#switchport port-security mac-address mac-ad1mac-ad1 Switch(config-if)#switchport port-security mac-addressSwitch(config-if)#switchport port-security mac-address mac-ad2mac-ad2 Switch(config-if)#switchport port-security mac-addressSwitch(config-if)#switchport port-security mac-address mac-ad3mac-ad3 Switch(config)#interface FastEthernet0/1Switch(config)#interface FastEthernet0/1 Switch(config-if)#description Port to PC1Switch(config-if)#description Port to PC1 Switch(config-if)#switchport access vlan 1Switch(config-if)#switchport access vlan 1 Switch(config-if)#switchport mode accessSwitch(config-if)#switchport mode access Switch(config-if)#switchport port-securitySwitch(config-if)#switchport port-security • Configure Static Port Security with Dynamic LearningConfigure Static Port Security with Dynamic Learning • Dynamically learned from list static mac-address when the device connects.Dynamically learned from list static mac-address when the device connects. • AddedAdded ManuallyManually to MAC table and Running Configurationsto MAC table and Running Configurations
  • 23. CCNA3-23 Chapter 2-2 • Configure Sticky Port Security: • Dynamically learn MAC addresses. • Added Auto to MAC table and save in Running Configuration. Configuring Port SecurityConfiguring Port Security Switch(config)#interface FastEthernet0/1 Switch(config-if)#description Port to PC1 Switch(config-if)#switchport access vlan 1 Switch(config-if)#switchport mode access Switch(config-if)#switchport port-security Switch(config-if)#switchport port-security maximum 3 (1-132) Switch(config-if)#switchport port-security mac-address sticky Jika port switch dihubungkan ke komputer, akan secara auto menambahkan configurasi sticky mac-addressnya, maksimum 3 mac-address, misalnya : switchport port-security mac-address sticky 0007.EC74.2861 switchport port-security mac-address sticky 0007.EC74.2862 switchport port-security mac-address sticky 0007.EC74.2863
  • 24. CCNA3-24 Chapter 2-2 • Verify Port Security Settings:Verify Port Security Settings: Verify Port SecurityVerify Port Security
  • 25. CCNA3-25 Chapter 2-2 • Verify Secure MAC Addresses:Verify Secure MAC Addresses: Verify Port SecurityVerify Port Security
  • 26. CCNA3-26 Chapter 2-2 • Disable unused ports:Disable unused ports: Securing Unused PortsSecuring Unused Ports You can specify a range of interfaces.You can specify a range of interfaces. For example, to specify the first 10 interfaces:For example, to specify the first 10 interfaces: interface range fastethernet 0/1 - 10interface range fastethernet 0/1 - 10 You can specify a range of interfaces.You can specify a range of interfaces. For example, to specify the first 10 interfaces:For example, to specify the first 10 interfaces: interface range fastethernet 0/1 - 10interface range fastethernet 0/1 - 10
  • 27. CCNA3-27 Chapter 2-2 End Chapter 02End Chapter 02 Lab ActivityLab Activity