Top Banner
CCNA Security 1.0.1 Student Lab Manual This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors in the CCNA Security course as part of an official Cisco Networking Academy Program.
284

CCNA Security 1.0 - cape.k12.mo.us · PDF fileCCNA Security Chapter 1 Lab A: Researching Network Attacks and Security Audit Tools Objectives Part 1: Researching Network Attacks •

Mar 18, 2018

ReportDownload

Documents

donhan

  • CCNA Security 1.0.1 Student Lab Manual

    This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors in the CCNA Security course as part of an official Cisco Networking Academy Program.

  • All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 4

    CCNA Security

    Chapter 1 Lab A: Researching Network Attacks and Security Audit Tools

    Objectives

    Part 1: Researching Network Attacks

    Research network attacks that have occurred.

    Select a network attack and develop a report for presentation to the class.

    Part 2: Researching Security Audit Tools

    Research network security audit tools.

    Select a tool and develop a report for presentation to the class.

    Background/Scenario

    Network attacks have resulted in the loss of sensitive data and significant network downtime. When a network or the resources in it are inaccessible, worker productivity can suffer, and business income may be lost.

    Attackers have developed many tools over the years to attack and compromise the networks of organizations. These attacks take many forms, but in most cases, they seek to obtain sensitive information, destroy resources, or deny legitimate users access to resources.

    To understand how to defend a network against attacks, an administrator must first identify network vulnerabilities. Specialized security audit software developed by equipment and software manufacturers can be used to help identify potential weaknesses. In addition, the same tools used by attackers can be used to test the ability of a network to mitigate an attack. After the vulnerabilities are known, steps can be taken to help mitigate the network attacks.

    This lab provides a structured research project that is divided into two parts: Researching Network Attacks and Researching Security Audit Tools. You can elect to perform Part 1, Part 2, or both. Let your instructor know what you plan to do so to ensure that a variety of network attacks and vulnerability tools are reported on by the members of the class.

    In Part 1, you research various network attacks that have actually occurred. You select one of these and describe how the attack was perpetrated and how extensive the network outage or damage was. You also investigate how the attack could have been mitigated or what mitigation techniques might have been implemented to prevent future attacks. You prepare a report based on a predefined form included in the lab.

    In Part 2, you research network security audit tools and investigate one that can be used to identify host or network device vulnerabilities. You create a one-page summary of the tool based on a predefined form included in the lab. You prepare a short (510 minute) presentation to present to the class.

    You may work in teams of two with one person reporting on the network attack and the other reporting on the security audit tools. Each team member delivers a short overview (510 minutes) of their findings. You can use live demonstrations or PowerPoint to summarize your findings.

  • CCNA Security

    All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 4

    Required Resources

    Computer with Internet access for research.

    Presentation computer with PowerPoint or other presentation software installed.

    Video projector and screen for demonstrations and presentations.

    Part 1. Researching Network Attacks In Part 1 of this lab, you research various network attacks that have actually occurred and select one on which to report. Fill in the form below based on your findings.

    Step 1: Research various network attacks.

    List some of the attacks you identified in your search.

    _____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

    Step 2: Fill in the following form for the network attack selected.

    Name of attack:

    Type of attack:

    Dates of attacks:

    Computers / Organizations affected:

    How it works and what it did:

  • CCNA Security

    All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 4

    Mitigation options:

    References and info links:

    Presentation support graphics (include PowerPoint filename or web links):

    Part 2. Researching Security Audit Tools In Part 2 of this lab, you research network security audit tools and attacker tools and investigate one that can be used to identify host or network device vulnerabilities. Fill in the report below based on your findings.

    Step 1: Research various security audit and network attack tools.

    List some of the tools that you identified in your search.

    _____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

    Step 2: Fill in the following form for the security audit or network attack tool selected.

    Name of tool:

    Developer:

    Type of tool (character-based or GUI):

    Used on (network device or computer host):

    Cost:

    Description of key features and capabilities of product or tool:

  • CCNA Security

    All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 4 of 4

    References and info links:

    Presentation support graphics:

    Step 3: Reflection

    a. What is the prevalence of network attacks and what is their impact on an organizations operation? What are some key steps organizations can take to help protect their networks and resources? ________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

    b. Have you actually worked for an organization or know of one where the network was compromised? If so, what was the impact to the organization and what did they do about it?

    ________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

    c. What steps can you take to protect your own PC or laptop computer?

    ________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

  • All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 43

    CCNA Security

    Chapter 2 Lab A: Securing the Router for Administrative Access

    Topology

    IP Addressing Table

    Device

    Interface IP Address Subnet Mask Default Gateway

    Switch Port R1 Fa0/1 192.168.1.1 255.255.255.0 N/A S1 Fa0/5 S0/0/0 (DCE) 10.1.1.1 255.255.255.252 N/A N/A R2 S0/0/0 10.1.1.2 255.255.255.252 N/A N/A S0/0/1 (DCE) 10.2.2.2 255.255.255.252 N/A N/A R3 Fa0/1 192.168.3.1 255.255.255.0 N/A S3 Fa0/5 S0/0/1 10.2.2.1 255.255.255.252 N/A N/A PC-A NIC 192.168.1.3 255.255.255.0 192.168.1.1 S1 Fa0/6 PC-C NIC 192.168.3.3 255.255.255.0 192.168.3.1 S3 Fa0/18

  • CCNA Security

    All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 43

    Objectives

    Part 1: Basic Network Device Configuration

    Cable the network as shown in the topology.

    Configure basic IP addressing for routers and PCs.

    Configure static routing, including default routes.

    Verify connectivity between hosts and routers.

    Part 2: Control Administrative Access for Routers

    Configure and encrypt all passwords.

    Configure a login warning banner.

    Configure enhanced username password security.

    Configure enhanced virtual login security.

    Configure an SSH server on a router.

    Configure an SSH client and verify connectivity.

    Part 3: Configure Administrative Roles

    Create multiple role views and grant varying privileges.

    Verify and contrast views.

    Part 4: Configure Cisco IOS Resilience and Management Reporting

    Secure the Cisco IOS image and configuration files.

    Configure a router as a synchronized time source for other devices using NTP.

    Configure Syslog support on a router.

    Install a Syslog server on a PC and enable it.

    Configure trap reporting on a router using SNMP.

    Make changes to the router and monitor syslog results on the PC.

    Part 5: Configure Automated Security Features

    Lock down a router using AutoSecure and verify the configuration.

    Use the SDM Security Audit tool to identify vulnerabilities and lock down services.

    Contrast the AutoSecure configuration with SDM.

    Background/Scenario

Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.