Practices for securing a switch

Cisco CCNP Switch (300-115): The Complete Course Introduction to securing a Switch
6 minutes
Share the link to this page
Copied
  Completed
You need to have access to the item to view this lesson.
One-time Fee
$99.99
List Price:  $139.99
You save:  $40
€91.90
List Price:  €128.67
You save:  €36.76
£78.70
List Price:  £110.19
You save:  £31.48
CA$136.14
List Price:  CA$190.60
You save:  CA$54.46
A$149.21
List Price:  A$208.90
You save:  A$59.69
S$134.58
List Price:  S$188.42
You save:  S$53.84
HK$780.18
List Price:  HK$1,092.29
You save:  HK$312.10
CHF 90.89
List Price:  CHF 127.25
You save:  CHF 36.36
NOK kr1,073.95
List Price:  NOK kr1,503.58
You save:  NOK kr429.62
DKK kr686.39
List Price:  DKK kr960.97
You save:  DKK kr274.58
NZ$162.99
List Price:  NZ$228.20
You save:  NZ$65.20
د.إ367.26
List Price:  د.إ514.18
You save:  د.إ146.92
৳11,707.96
List Price:  ৳16,391.62
You save:  ৳4,683.65
₹8,329.22
List Price:  ₹11,661.24
You save:  ₹3,332.02
RM468.70
List Price:  RM656.20
You save:  RM187.50
₦146,985.30
List Price:  ₦205,785.30
You save:  ₦58,800
₨27,706.17
List Price:  ₨38,789.74
You save:  ₨11,083.57
฿3,624.43
List Price:  ฿5,074.35
You save:  ฿1,449.91
₺3,224.01
List Price:  ₺4,513.75
You save:  ₺1,289.73
B$510.40
List Price:  B$714.59
You save:  B$204.18
R1,807.25
List Price:  R2,530.23
You save:  R722.97
Лв179.86
List Price:  Лв251.81
You save:  Лв71.95
₩135,425.45
List Price:  ₩189,601.05
You save:  ₩54,175.60
₪370.41
List Price:  ₪518.60
You save:  ₪148.18
₱5,770.97
List Price:  ₱8,079.59
You save:  ₱2,308.62
¥15,565.94
List Price:  ¥21,792.94
You save:  ¥6,227
MX$1,660.69
List Price:  MX$2,325.03
You save:  MX$664.34
QR362.75
List Price:  QR507.87
You save:  QR145.11
P1,354.73
List Price:  P1,896.68
You save:  P541.94
KSh13,098.69
List Price:  KSh18,338.69
You save:  KSh5,240
E£4,690.53
List Price:  E£6,566.93
You save:  E£1,876.40
ብር5,727.42
List Price:  ብር8,018.62
You save:  ብር2,291.20
Kz84,733.22
List Price:  Kz118,629.90
You save:  Kz33,896.68
CLP$89,440.82
List Price:  CLP$125,220.73
You save:  CLP$35,779.90
CN¥722.24
List Price:  CN¥1,011.17
You save:  CN¥288.92
RD$5,826.59
List Price:  RD$8,157.46
You save:  RD$2,330.87
DA13,436.03
List Price:  DA18,810.98
You save:  DA5,374.95
FJ$222.79
List Price:  FJ$311.92
You save:  FJ$89.12
Q776.81
List Price:  Q1,087.56
You save:  Q310.75
GY$20,917.88
List Price:  GY$29,285.87
You save:  GY$8,367.99
ISK kr13,827.61
List Price:  ISK kr19,359.21
You save:  ISK kr5,531.60
DH990.33
List Price:  DH1,386.51
You save:  DH396.17
L1,760
List Price:  L2,464.07
You save:  L704.07
ден5,654.52
List Price:  ден7,916.55
You save:  ден2,262.03
MOP$803.51
List Price:  MOP$1,124.95
You save:  MOP$321.43
N$1,819.78
List Price:  N$2,547.77
You save:  N$727.98
C$3,674.63
List Price:  C$5,144.63
You save:  C$1,470
रु13,329.38
List Price:  रु18,661.67
You save:  रु5,332.28
S/371.45
List Price:  S/520.05
You save:  S/148.59
K388.01
List Price:  K543.23
You save:  K155.22
SAR374.96
List Price:  SAR524.96
You save:  SAR150
ZK2,538.86
List Price:  ZK3,554.51
You save:  ZK1,015.64
L457.57
List Price:  L640.62
You save:  L183.04
Kč2,271.57
List Price:  Kč3,180.29
You save:  Kč908.72
Ft35,609.88
List Price:  Ft49,855.26
You save:  Ft14,245.38
SEK kr1,071.59
List Price:  SEK kr1,500.27
You save:  SEK kr428.67
ARS$88,666.13
List Price:  ARS$124,136.13
You save:  ARS$35,470
Bs690.83
List Price:  Bs967.19
You save:  Bs276.36
COP$380,678.73
List Price:  COP$532,965.46
You save:  COP$152,286.72
₡51,169.76
List Price:  ₡71,639.71
You save:  ₡20,469.95
L2,462.78
List Price:  L3,448
You save:  L985.21
₲749,130.70
List Price:  ₲1,048,812.96
You save:  ₲299,682.25
$U3,853.49
List Price:  $U5,395.05
You save:  $U1,541.55
zł392.01
List Price:  zł548.83
You save:  zł156.82
Already have an account? Log In

Transcript

Welcome, Bye, everyone. Now we come to the comedy section of this particular one call section, which is best practices. Again, these are opinions. All right recommendations. As far as your certification, I think I asked you a question based on this on configure secure passwords, do you really need to tell anybody that if you're not configuring secure passwords to get into your out of your console, passwords, your telnet passwords, SSH, using SSH, your privileged mole passwords, all these different things? I. Yeah, we're not going to be using password one capital T. Alright, we know when to get secure passwords.

Use system banners. This I find hilarious. They're talking about the message of the data message of the day. If you don't belong to this, please go away or you will find yourself going to prison for a very long time. I know a scary message for you not to continue, which everybody ignores. All right, secure the web interface.

Obviously you want to have ACLs Yes, you want ACLs to block a whole bunch of ports that don't need to be on and definitely secure your web portal. Alright, so nobody can just get in. So here's switch console. Hello, council okay. username and password. Like if you were to do blank on zero password Cisco login local, okay, like we do not in the labs don't use use password don't don't use password Cisco, okay?

And have a username. So create a username at a certain level, so they only have certain access to what they can do. And of course, a CEOs okay to limit short hose from getting to where they need to go where they don't need to go. I should say, don't use telnet. Yeah, we know, SSH. That's what we want secure socket layers, right?

SSH SNMP. We know that nobody uses SNMP one anymore. We've talked about that because it's not secure 32 bits. It's a community string SNMP version to see. Hello. Is it better?

No, it's actually four bits. We can get bulk information, but it doesn't address the security issue. Aha SNMP version three. We have user authentication. user names groups are separated into different levels of security. Yes, encryption, Sha ds 3ds.

We're getting crypto to 256 bit using AAS. So definitely we do want if we're using SNMP, which we will be that's the one we want to go with. That's the only one to go with. Secure unused ports. The way security is for shut them now, if you're not using them shut them down. Why would they be active?

Because anybody I can tell you this, I can tell you this right now. I know for a fact there's people that go into hospitals, because I see no these two eyes. Okay? They find an empty port. Yes, a port on the wall. They have Ethernet cable, they plug it in, and now they're in.

They're not wireless. They're wired into the hospital's network. Hello. Does anybody find something wrong with this picture? Unless you're in a completely different rack That's just for gas or whatever, because you're in one of those waiting areas. What have you.

Okay, but if you're not, because what's the problem with that? You have elevated privileges. How do you log in, you won't get into an administrator. They have a limited privileges. You can run whatever program you want in their problem, shut them out. Secure SDP operations obviously, and secure the use of CDP and lldp.

If a switch or router doesn't need to be running CDP or LDP, which is the new one now for the newer certifications for the CCNA. All right, turn off, disable it, because they can use CDP neighbor detail lldp neighbor detail to take a look at your neighboring devices. Definitely and assigning information every so often. So you want to make sure that it's not sending it to a place that doesn't need to send it. Okay, so best practices Yes. Not to mention it doesn't say it on here.

How about firewalls? How about a group policies GPOs How about not having people access a particular network having separate racks, okay, separate switches and routers and wireless access points for a guest. You want to physically segment now logically with VLANs physically segment guess they're coming into your company, whether you're a hospital or school, whatever it is. So if you want to give you one of the nights when a young one has access, they need to be separate completely from your company's network. Okay? So they cannot even physically gain access to it, they will have to do such a run around through the web to try and get to where they need to go.

But again, this is where your firewalls and all that come into play. Okay. Anyway, yes, those are the best practices, what have you that they talked about? Just look at them. Their common sense, okay, their common sense, best practices. But again, it asks you something like this, or probably a multiple choice question.

And, you know, if I were to ask this, should I leave boards all the way open? Don't Don't configure ACLs shut down the ports, you know, or none of the above. You know, I would even know Humphrey, I mean, come on. Seriously, everybody in it should know The the need to security reports should is the operative word. See the next

Sign Up

Share

Share with friends, get 20% off
Invite your friends to LearnDesk learning marketplace. For each purchase they make, you get 20% off (upto $10) on your next purchase.