Switch

Configure bandwidth limit cisco switch

by

How to Configure bandwidth limit cisco switch / bind switch port bandwidth

Today i will discuss how to configure bandwidth limit cisco switch port. At first create policy map then apply it into port which port you bind specific bandwidth. In this case i will show you how to configure 1 MB Bandwidth limit in a switch port.[boxads]

Go to config mode by: conf t command then follow bellow command.

Policy Map for Input traffic:

policy-map 1MBps
class class-default
police cir 1048576 bc 1000000
conform-action transmit
exceed-action drop

Read more

Cisco Switch Security Configuration

by

Cisco Switch Security Configuration

For security reason one password is used for the enable password and the other will later be assigned to the console port. [boxads]

SWITCH(config)#enable secret  [password]

SWITCH(config)#username admin password [password]

A password should be required to access the console line.  Even the basic user EXEC mode can provide significant information to a malicious user. In addition, the VTY lines must have a password before users can access the switch remotely.

Read more

Network Security Attacks and Defence

by

Network Security Attacks and Defence

Today I will discuss about Network Security Attacks and Defence. Network security involves the authorization of access to data in a network, which is controlled by the network administrator.

[boxads]

Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: It secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password.

Types of attacks include:

Active:
1.  Denial-of-service attack (DoS)
2.  Spoofing
3.  Man in the middle
4.  ARP poisoning
5.  DNS Spoofing
6.  Smurf attack
7.  Buffer overflow
8.  Heap overflow
9.  Format string attack
10.  SQL injection
11. Cyber attack

Passive:
1. Network
a. Wiretapping
b. Port scanner
c. Idle scan

Denial-of-Service Attack (DoS)

Denial of Service (DoS) attacks are among the most feared threats in today’s cybersecurity landscape. Difficult to defend against and potentially costly, DoS attacks can cause outages of web sites and network services for organizations large and small. DoS attacks can also be lucrative for criminals, some of whom use these attacks to shake down businesses for anywhere from thousands to millions of dollars.

Read more

Cisco Switch AAA Security

by

Cisco Switch AAA Security

Today i will discuss about Cisco Switch AAA Security. Typically, remote administrator access to a Cisco switch requires a password but no username. There is no accountability for which administrator has connected to the switch. Also, no mechanism is set by default for what an administrator is allowed to do. [boxads]

Cisco provides three security mechanisms called Authentication, Authorization and Accounting (AAA) that can address these vulnerabilities. Configure AAA on a switch in conjunction with a security server.

Use of AAA with a security server provides the security mechanisms described below.

  • Authentication– This mechanism identifies remote and local users before granting access to the switch.
  • Authorization– This mechanism controls access to remote services based on defined attributes associated with the authenticated user.
  • Accounting– This mechanism provides a secure logging capability for recording services accessed by a user as well as a user’s bandwidth consumption

AAA allows for security servers to use three types of protocols: RADIUS, TACACS+ and Kerberos.

This setting is important, especially if the administrator is configuring the switch remotely.

The following command shows an example of how to create a local user, including the username (e.g., shahed) with a privilege level (e.g., 0) and a password (e.g., g00d-P5WD) that will be MD5-encrypted.

Switch(config)# username shahed privilege 0 secret g00d-P5WD

To enable AAA, use the following command.

Switch(config)# aaa new-model

Specifying a security server or set of security servers can be done using the following Cisco Switch AAA Security commands for TACACS+ and RADIUS:

{tacacs-server | radius-server} host ip-address

{tacacs-server | radius-server} key key

Read more

Access Control Lists Security

by

Access Control Lists Security

Today I will discuss about Access Control Lists Security issue. A switch with either no access control list (ACL) or a permissive ACL applied to its interfaces allows broad access for TCP/IP connections (e.g., FTP, telnet, DNS, HTTP, SNMP, ICMP) through the switch to any system (e.g., critical server) on the protected network. [boxads]

In preparation for implementing ACLs, categorize systems attached to the switches into groups that use the same network services. Grouping systems this way helps reduce the size and complexity of associated ACLs.

ACLs can permit or deny each packet based on the first access control statement that the packet matches. There are different types of access control lists: Port Access Control List (PACL), Router Access Control List (RACL) and VLAN Access Control List (VACL).

  • 1. Port Access Control List (PACL)

PACLs are used to restrict the packets allowed into a given port. There are two types of PACLs, IP PACLs based on IP access lists and MAC PACLs based on MAC access lists. IP PACLs only filter packets with an IP ether type. Creating a standard or extended IP access list and applying the access list to a switchport interface is all that is required to implement IP PACLs.

Given an IOS that supports Unicast MAC Filtering, the following Access Control Lists Security commands are an example of using PACLs to restrict port access to one specific MAC address and IP access to one specific IP address from that MAC address.

Switch(config)# mac access-list extended host-mac
Switch(config-ext-macl)# permit host 0000.0101.0011 any
Switch(config-ext-macl)# exit
Switch(config)# ip access-list extended host-ip
Switch(config-ext-nacl)# permit ip host 10.1.101.11 any
Switch(config-ext-nacl)# exit
Switch(config)# interface fa0/2
Switch(config-if)# mac access-group host-mac in
Switch(config-if)# ip access-group host-ip in

Read more

Cisco Network Security Services

by

Cisco Network Security Services

Today I will discuss about Cisco Network Security issue. Switches can have a number of network services enabled. Many of these services are typically not necessary for a switch’s normal operation; however if these services are enabled then the switch may be susceptible to information gathering or to network attacks. The characteristics or the poor configuration of the network services on a switch can lead to compromise. Most of these services use one of the following transport mechanisms at Layer 4 of the OSI RM: Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).

If possible, instead of using a network service (e.g., telnet) to perform in-band management of a switch, use out-of-band management (e.g., via the console port) for each switch. Out-of-band management reduces the exposure of configuration information and passwords better than in-band management.[bodyads]

  • 1. Unnecessary Network Services

If possible, disable each unnecessary network service on each switch. The following Cisco Network Security commands will disable services of concern. In some cases, the Cisco Network Security commands affect the switch globally, while in other cases the commands affect only a single interface.

Below is an example for the set of interfaces that includes GigabitEthernet 6/1 through 6/3.

SWITCH(config)# interface range gigabitethernet 6/1 – 3

  • 1.1. TCP and UDP Small Servers – TCP/UDP Ports 7, 9, 13, 19

Cisco provides support for “small servers” (e.g., echo, discard, daytime and chargen). Two of these servers, echo and chargen, can be used in denial-of-service attacks against one or more switches. These services can be disabled using the following Cisco Network Security commands.

SWITCH(config)# no service tcp-small-servers
SWITCH(config)# no service udp-small-servers

Read more