06.园区网安全.ppt

《06.园区网安全.ppt》由会员分享，可在线阅读，更多相关《06.园区网安全.ppt（10页珍藏版）》请在淘文阁 - 分享文档赚钱的网站上搜索。

1、Minimizing Service Loss and Data Theft in a Campus Network Securing Network SwitchesDescribing Vulnerabilities in CDPDescribing Vulnerabilities in the Telnet ProtocolThe Telnet connection sends text unencrypted and potentially readable.Describing the Secure Shell ProtocolSSH replaces the Telnet sess

2、ion with an encrypted connection.Describing vty ACLsSet up standard IP ACL.Use line configuration mode to filter access with the access-class command.Set identical restrictions on every vty line.Configures a standard IP access listSwitch(config)#access-list access-list-number permit|deny|remark sour

3、ce maskEnters configuration mode for a vty or vty rangeRestricts incoming or outgoing vty connections to addresses in the ACLSwitch(config-line)#access-class access-list-number in|outSwitch(config)#line vty vty#|vty-rangeDescribing Commands to Apply ACLsBest Practices:Switch SecuritySecure switch ac

4、cess:Set system passwords.Secure physical access to the console.Secure access via Telnet.Use SSH when possible.Configure system warning banners.Use Syslog if available.Best Practices:Switch Security(Cont.)Secure switch protocols:Trim CDP and use only as needed.Secure spanning tree.Mitigate compromis

5、es through a switch:Take precautions for trunk links.Minimize physical port access.Establish standard access port configuration for both unused and used ports.SummaryCDP packets can expose some network information.Authentication information and data carried in Telnet sessions are vulnerable.SSH provides a more secure option for Telnet.vty ACLs should be used to limit Telnet access to switch devices.vty ACL configuration commands use standard IP ACL lists.Sound security measures and trimming of unused applications are the basis of best practices.