This chapter covers the following topics:ISR overview and providing secure administrative access: This section describes methods of securely accessin
ISR Overview and Providing Secure Administrative Access 85ISR Enhanced FeaturesAlthough traditional Cisco routers (that is, non-ISRs) offer featur
86 Chapter 3: Defending the Perimeter Advanced Integration Modules: Cisco offers a variety of Advanced Integration Modules (AIM), which can offloa
ISR Overview and Providing Secure Administrative Access 87Figure 3-2 Administrative Access to a RouterTelnet sends data in clear text. Therefore,
88 Chapter 3: Defending the Perimeter Use a mixture of alphabetic (both uppercase and lowercase), numeric, and special characters. The password
ISR Overview and Providing Secure Administrative Access 89To configure a password for a router’s console, the administrator enters line configuratio
90 Chapter 3: Defending the PerimeterThe enable secret password appears in the running configuration as an MD5 hash value. However, the console, au
ISR Overview and Providing Secure Administrative Access 91Aside from having a single password for all administrators, individual user accounts can
92 Chapter 3: Defending the PerimeterLimiting the Number of Failed Login AttemptsIf an attacker uses a brute-force attack or a dictionary attack w
ISR Overview and Providing Secure Administrative Access 93Configuring Privilege LevelsLarger enterprise environments might need to support multipl
94 Chapter 3: Defending the Perimeterexactly what commands an administrator has access to. Following are the steps required to configure these view
C H A P T E R3Defending the PerimeterIn addition to Cisco firewall, virtual private network (VPN), and intrusion prevention system (IPS) appliances tha
ISR Overview and Providing Secure Administrative Access 95Step 5Add available commands to the view: The commands parser_mode {include | include-ex
96 Chapter 3: Defending the PerimeterEnabling Cisco IOS Login Enhancements for Virtual ConnectionsAdministrators, and therefore attackers, can cre
ISR Overview and Providing Secure Administrative Access 97Consider the enhanced support for virtual logins configuration shown in Example 3-17. Aft
98 Chapter 3: Defending the PerimeterCreating a Banner MessageWhen someone connects to one of your routers, he sees some sort of message or prompt
Cisco Security Device Manager Overview 99Cisco Security Device Manager OverviewCisco IOS routers support many features (including security feature
100 Chapter 3: Defending the PerimeterFigure 3-3 SDM Home ScreenSome newer Cisco routers come with SDM preinstalled, but SDM needs to be installed
Cisco Security Device Manager Overview 101Preparing to Launch Cisco SDMIf you plan to run SDM on a router that does not already have SDM installed
102 Chapter 3: Defending the PerimeterIf you run SDM from a router’s flash, as opposed to running SDM from a PC, the first time you connect to the r
Cisco Security Device Manager Overview 103After clicking the Configure button, you see a screen similar to the one shown in Figure 3-5. Notice the
104 Chapter 3: Defending the PerimeterIn addition to the configuration wizards, notice the Additional Tasks button, as shown in Figure 3-6.Figure 3
78 Chapter 3: Defending the Perimeter1. Which of the following are considered IOS security features? (Choose four.)a. Stateful firewallb. MARSc. IP
Cisco Security Device Manager Overview 105Advanced administrators can use graphical interfaces to configure these additional tasks. Examples of the
106 Chapter 3: Defending the PerimeterExam Preparation TasksReview All the Key TopicsReview the most important topics from this chapter, denoted w
Command Reference to Check Your Memory 107Command Reference to Check Your MemoryThis section includes the most important configuration and EXEC com
108 Chapter 3: Defending the PerimeterCommand Descriptionsecure boot-image A global configuration mode command used to enable image resiliencesecur
Command Reference to Check Your Memory 109Table 3-14 Chapter 3 EXEC Command ReferenceCommand Descriptionenable view Enables the root view, which i
“Do I Know This Already?” Quiz 795. What line configuration mode command would you enter to prevent a line (such as a console, aux, or vty line) co
80 Chapter 3: Defending the Perimeter9. When you configure Cisco IOS login enhancements for virtual connections, what is the “quiet period”?a. The
ISR Overview and Providing Secure Administrative Access 81Foundation TopicsISR Overview and Providing Secure Administrative AccessThis section beg
82 Chapter 3: Defending the Perimeterthe router architecture. Although Cisco offers a wide range of router platforms, ISR models are easy to ident
ISR Overview and Providing Secure Administrative Access 83Cisco 1800 SeriesThe Cisco 1800 series of ISRs is designed for small businesses and smal
84 Chapter 3: Defending the PerimeterCisco 2800 SeriesThe Cisco 2800 series of ISRs is designed for small-to-medium businesses and enterprise bran
Comments to this Manuals