Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - TheBigDog

#1
Security / Re: Security Monitoring and Response
February 07, 2016, 08:58:59 AM
Something that is general an overall a good monitoring system  that you would implement in a cloud.
#2
Security / Security Monitoring and Response
February 06, 2016, 08:30:51 PM
Hi

I am wondering what security monitoring  and response you could implement on a private. I have come across IPFIX and Cisco Netflow. Any other recommendation and tips.

Thanks
#3
Homework Help / Command Problems
December 05, 2015, 07:03:51 PM
Hi all , I am doing out a network here and I am unsure about some of the commands needed to do what is stated in the question. Would be appreciated if was given some help

1.   Hostnames as per diagram
2.   DLS1 is the VTP Server
        DLS2 + ALS1 are VTP Clients
        ALS2 is VTP transparent
        VTP domain is practice.com
        VTP password is practice

DLS1(config)#vtp domain CISCO
DLS1(config)#vtp mode server
DLS1(config)# vtp domain practice.com
DLS1(config)# vtp password practice
DLS2(config)#vtp domain CISCO
DLS2(config)#vtp mode client
ALS1(config)#vtp domain CISCO
ALS1(config)#vtp mode client
ALS2(config)#vtp domain CISCO
ALS2(config)#vtp mode transparent

3. VlANS
VLAN 2   10.2.0.0/24   STUDENT
VLAN 3   10.3.0.0/24   LECTURER
VLAN 4   10.4.0.0/24   MANAGEMENT

DLS1(config)#vlan 2
DLS1(config-vlan)#name STUDENT
DLS1(config-vlan)#exit
DLS1(config)#vlan 3
DLS1(config-vlan)#name LECTURER
DLS1(config-vlan)#exit
DLS1(config)#vlan 4
DLS1(config-vlan)#name MANAGEMENT
DLS1(config-vlan)#exit

3.Disable all ports. Enable on a needs be basis
DLS1(config)#interface range fastEthernet 0/1 - 24
DLS1(config-if-range)#shutdown
DLS2(config)#interface range fastEthernet 0/1 - 24
DLS2(config-if-range)#shutdown
ALS1(config)#interface range fastEthernet 0/1-24
ALS1(config-if-range)#shutdown
ALS2(config)#interface range fastEthernet 0/1-24
ALS2(config-if-range)#shutdown

I know how to turn the ones I need on

5. Trunking between DLS1 and DLS2 is using ISL
All other trunk uses DOT1Q
Untagged traffic carried on VLAN 3

DLS1(config)# interface range fastEthernet 0/1 - 2
DLS1(config-if-range)# switchport trunk encapsulation isl
DLS1(config-if-range)# switchport mode trunk

DLS1(config)# interface range fastEthernet 0/7 - 8
DLS1(config-if-range)# switchport trunk encapsulation dot1q
DLS1(config-if-range)# switchport mode trunk


DLS2(config)# interface range fastEthernet 0/1 - 2
DLS2(config-if-range)# switchport trunk encapsulation isl
DLS2(config-if-range)# switchport mode trunk

DLS2(config)# interface range fastEthernet 0/3 - 4
DLS2(config-if-range)# switchport trunk encapsulation dot1q
DLS2(config-if-range)# switchport mode trunk

ALS1(config)# interface range fastEthernet 0/3 - 4
ALS1(config-if-range)# switchport trunk encapsulation dot1q
ALS1(config-if-range)# switchport mode trunk

ALS1(config)# interface range fastEthernet 0/5 - 6
ALS1(config-if-range)# switchport trunk encapsulation isl
ALS1(config-if-range)# switchport mode trunk

ALS2(config)# interface range fastEthernet 0/7- 8
ALS2(config-if-range)# switchport trunk encapsulation isl
ALS2(config-if-range)# switchport mode trunk

ALS2(config)# interface range fastEthernet 0/5- 6
ALS2(config-if-range)# switchport trunk encapsulation isl
ALS2(config-if-range)# switchport mode trunk

Don't know how to do untaggged.




6. Configure Ether channel between ALS1 and ALS2

ALS1(config)#interface range fastEthernet 0/5- 6
ALS1(config-if-range)#channel-group 1 mode desirable 
ALS1(config-if-range)# switchport mode trunk
ALS1(config)#channel –group 1 mode desirable

ALS1(config)#interface range fastEthernet 0/5- 6
ALS1(config-if-range)#channel-group 1 mode desirable 
ALS1(config-if-range)# switchport mode trunk
ALS1(config)#channel –group 1 mode desirable

6A Configure management interface on ALS1 and ALS2


7. Configure rapid per vlan spanning tree
DLS1 is root per VLAN 2
Back up root for VLAN 3 and 4

DLS1(config)# spanning-tree mode rapid-pvst
DLS1(config)#spanning-tree vlan 2 root primary
DLS1(config)#spanning-tree vlan 3 root secondary
DLS1(config)#spanning-tree vlan 4 root secondary

DLS2 is the root for VLAN 3 + 4
Backup root for VLAN 2

DLS2(config)#spanning-tree vlan 3 root primary
DLS2(config)#spanning-tree vlan 4 root primary
DLS2(config)#spanning-tree vlan 2 root secondary


8. Configure DLS1 and DLS2 for routing
DLS1 routes for VLAN 2
Back up routing for VLAN 3, 4

DLS1(config)# int vlan 2
DLS1(config)# ip address 10.2.0.3 255.255.255.0
DLS1(config)# standby 1 ip 10.2.0.1
DLS1(config)# standby 1 preempt
DLS1(config)# standby 1 priority 150
DLS1(config)# int vlan 3
DLS1(config)# ip address 10.3.0.3 255.255.255.0
DLS1(config)# standby 1 ip 10.3.0.1
DLS1(config)# standby 1 preempt
DLS1(config)# standby 1 priority 100
DLS1(config)# int vlan 4
DLS1(config)# ip address 10.4.0.3 255.255.255.0
DLS1(config)# standby 1 ip 10.4.0.1
DLS1(config)# standby 1 preempt
DLS1(config)# standby 1 priority 100


DLS2 routes for VLAN 3 + 4
Backup routing for VLAN 2
DLS2(config)# int vlan 3
DLS2(config)# ip address 10.3.0.3 255.255.255.0
DLS2(config)# standby 1 ip 10.3.0.1
DLS2(config)# standby 1 preempt
DLS2(config)# standby 1 priority 150
DLS2(config)# int vlan 4
DLS2(config)# ip address 10.4.0.3 255.255.255.0
DLS2(config)# standby 1 ip 10.4.0.1
DLS2(config)# standby 1 preempt
DLS2(config)# standby 1 priority 150
DLS2(config)# int vlan 2
DLS2(config)# ip address 10.2.0.3 255.255.255.0
DLS2(config)# standby 1 ip 10.2.0.1
DLS2(config)# standby 1 preempt
DLS2(config)# standby 1 priority 100



9. Configure DHCP Server on DLS1
To allocate ip addresses to management, student + lectures

10. Configure access ports on all switches
Ports fa0/9 for management
10 -15 for student
16 – 20 for lectures
Enable appropriate ports as per topology

DLS2(config)# interface fastEthernet 0/9
DLS2(config-if)# switchport mode access
DLS2(config-if)# switchport access vlan 4
DLS2(config-if)# spanning-tree portfast

ALS1(config)# interface range fastEthernet 0/10 - 15
ALS1(config-if)# switchport mode access
ALS1(config-if)# switchport access vlan 3
ALS1(config-if)# spanning-tree portfast

ALS2(config)# interface fastEthernet 0/16 - 20
ALS2(config-if)# switchport mode access
ALS2(config-if)# switchport access vlan 2
ALS2(config-if)# spanning-tree portfast


11. Ensure ports that are access ports go directly from blocking to forwarding

12. Disable cdp and http traffic on DLS1
DLS1# configure terminal
DLS1(config-if)# no ip http server
DLS1(config-if)# end
DLS1# configure terminal
DLS1(config-if)# no ip http server
DLS1(config-if)# end


13. Enable http on DLS1
DLS1# configure terminal
DLS1(config)# cdp run
DLS1(config)# end

14. Configure console security on ALS1
Password Fiona
If the port is inactive for 1 minute the connection should be terminated
ALS1# config
ALS1(config)# line con 0
ALS1(config)# password Fiona
ALS1(config)# exec-timeout 1 00

15. Configure VTY access on DLS2
Users should only be able to connect using ssh for domain Sligo.com, using a username Fiona and secure password as Mitchell. Data that passes across the connection should be encrypted using a KSA key size 5/2. The user has 5 authentication retrier for ssh

16. Ensure student, cannot communicate with users on management VLAN

17. Configure VTY connect on DLS1 to allow
Telnet only for users in the management VLAN using a password Mitchell

18. All password that are plaintext should be encrypted using MD7 encryption do this on DLS1

19.  On ALS1 only allow, mac address to be learned. The port should shut down if an illegal mac address is learned.
If the port goes into error disable state due to a security violation it should recover after 3 minutes.

20. On ALS1 ports 5,6,7,8 ensure broadcast traffic does not exceed 20%

21. On DLS2 made sure the minimum password length is 5 character long
DLS2#security passwords min-length 5

22. On DLS2 made sure if a user tries to illegally enter into systems 5 times in a 2 minute period they are locked out for 5 minutes
login block-for 5 attempts 5 within 2

DLS2(config)#login block-for 5 attempts 5 within 2

#4
Security / Re: Security on a cloud
November 15, 2015, 04:19:52 PM
I am also reading online saying that you shouldn't roll out your own ones because you should go for established ones ...
#5
Security / Re: Security on a cloud
November 15, 2015, 03:09:01 PM
Any articles you suggest reading up on for rolling out your own window certs ?
#6
Security / Re: Security on a cloud
November 15, 2015, 08:00:13 AM
Really appropriate your feedback there !  Would it be much more complicated to roll out your own server CA ?
#7
Security / Re: Security on a cloud
November 14, 2015, 03:43:53 PM
I found this article that outlines the building of a private cloud , http://blogs.technet.com/b/keithmayer/archive/2013/04/01/build-your-private-cloud-in-a-month-new-article-series.aspx

Any recommendations on security features that I could add to it or any general recommendations ?

Thanks
#8
Security / Re: Security on a cloud
November 03, 2015, 02:59:37 PM
I know this might sound stupid but could I use system center 2012 R2, windows server 2012 R2, Hyper-V and AWS to build a cloud ?
#9
Security / Re: Security on a cloud
November 03, 2015, 02:41:45 PM
Cheers bud. Any reason in particular why you choose AWS ?
#10
Security / Re: Security on a cloud
November 03, 2015, 01:20:54 PM
Never thought of considering up time ( must have slipped my mind ). Public cloud sounds more what I have in mind. But how would one start with implementing a public cloud for a college project ?
#11
Security / Security on a cloud
November 03, 2015, 12:44:06 PM
Hi

At the moment I am trying to come up with a proposal for a college project. What I have in mind is to implement security on a private cloud.

The aim of my project will be to implement a private cloud. During my implementation of the cloud my overall goal will be to cover a number of security design features that will make my private cloud more secure when deployed. A number of these features will include:
•   Security foundation considerations
•   Infrastructure  security considerations
•   Platform security considerations
•   Software security considerations
•   Service delivery security considerations
•   Management security considerations
•   Client security consideration
•   Legal considerations
I aim also to talk about the challenges there is for private cloud security.


Some general tips and suggestions would be appreciated ! I am being recommended to use a public cloud and what are your thoughts about using that instead of a private cloud ?

#12
Thanks for the feedback fellas very much appreciated. 
#13
Running the distribution switches on floor 1 to the access switches on floor 2 and 3 does make allot more sense than having 2 distribution switches per individual floor. As it would be a waste of space and money to have an extra 4 running per building.Id imagine a layer 3 48 port switch would be best suited then ? 
My reasoning for  directly interconnecting all the floors was for redundancy purposes
#14
1: So the second router would just act as an redundant one until the other router failed ...

2:By using a patch panel ? I really think I should know this answer but unfortunately I do not ! 
#15
1.There is no constrains on this design.

2.I have used VLSM to spilt up the network for each department to have data and voice.The HQ will have 140 employees with a VOIP phone and desktop spilt across 3 floors. As for the branch it has 2 departments ( one with 236 and the other with 180 employees ) joined together spilt across the 3 floors.