Wednesday, October 28, 2009

Securing MGMT Protocols, IPS, Cisco Firewall

Got to be honest, didn't take real good notes here.  I have seen this stuff before, and basically just played along on my home router while watching the videos.  I REALLY need to get caught up on my reading.  I have been slacking on that the past couple of days.  I may hash out some labs to do tomorrow night, and try to read some during the day tomorrow at work.  We will see.  I did learn that there can be in-band and out-of-band management networks.  Out-of-band is completely segregated from the production network.  I personally work in an in-band mgmt network.  It is integrated into our day to day production network.  The differences between the two were pretty interesting, and Jeremy even spoke of putting the different servers into private vlan to segregate them even within their parent vlan.  We spoke about ssh, and how to enable it requires a host and domain name.  You can specify timeout and authentication parameters by saying:
ip ssh timeout [#] //idle logon timeout value
ip ssh authentication-retries [#] //specifies how many times a person can attempt continous logons

logging buffered [level]
logging [ip]
logging trap [level]
logging origin-id hostname \\specifies a hostname instead of ip address]
logging facility [type] \\specifies another virtual log table for organizational efforts

snmp-server community [word [ro/rw] [acl]
snmp-server engineID [word]
snmp-server group [word] v3 [authentication]
snmp-server user [word] [group] v3 ...

ntp server [ip]
show ntp association
ntp master [stratum number]
ntp authentication-key [#] [word]
ntp peer [ip] key [#]
ntp trusted key [#]

show ip insepect sessions
ip inspect [word] [rule] [option]
(config-if)ip insepct [word] in/out

Actions of IPS
  1. alarm
  2. drop
  3. reset
  1. Download/install sdf file
  2. create ips rule
  3. adjust ips settings
  4. apply to interface
  5. configure logging (SDEE, security device event exchange)
(no) ip ips sdf builtin
ip ips sdf location flash://[file]
ip ips name [word] [acl]
ip ips signature [#]
(config-if)ip ips [name] in/out
ip ips notify [log, sdee]

Sorry so brief.....need the post for notes!

No comments:

Post a Comment