Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - TheBigDog

#1
Security / Security Monitoring and Response
February 06, 2016, 08:30:51 PM
Hi

I am wondering what security monitoring  and response you could implement on a private. I have come across IPFIX and Cisco Netflow. Any other recommendation and tips.

Thanks
#2
Homework Help / Command Problems
December 05, 2015, 07:03:51 PM
Hi all , I am doing out a network here and I am unsure about some of the commands needed to do what is stated in the question. Would be appreciated if was given some help

1.   Hostnames as per diagram
2.   DLS1 is the VTP Server
        DLS2 + ALS1 are VTP Clients
        ALS2 is VTP transparent
        VTP domain is practice.com
        VTP password is practice

DLS1(config)#vtp domain CISCO
DLS1(config)#vtp mode server
DLS1(config)# vtp domain practice.com
DLS1(config)# vtp password practice
DLS2(config)#vtp domain CISCO
DLS2(config)#vtp mode client
ALS1(config)#vtp domain CISCO
ALS1(config)#vtp mode client
ALS2(config)#vtp domain CISCO
ALS2(config)#vtp mode transparent

3. VlANS
VLAN 2   10.2.0.0/24   STUDENT
VLAN 3   10.3.0.0/24   LECTURER
VLAN 4   10.4.0.0/24   MANAGEMENT

DLS1(config)#vlan 2
DLS1(config-vlan)#name STUDENT
DLS1(config-vlan)#exit
DLS1(config)#vlan 3
DLS1(config-vlan)#name LECTURER
DLS1(config-vlan)#exit
DLS1(config)#vlan 4
DLS1(config-vlan)#name MANAGEMENT
DLS1(config-vlan)#exit

3.Disable all ports. Enable on a needs be basis
DLS1(config)#interface range fastEthernet 0/1 - 24
DLS1(config-if-range)#shutdown
DLS2(config)#interface range fastEthernet 0/1 - 24
DLS2(config-if-range)#shutdown
ALS1(config)#interface range fastEthernet 0/1-24
ALS1(config-if-range)#shutdown
ALS2(config)#interface range fastEthernet 0/1-24
ALS2(config-if-range)#shutdown

I know how to turn the ones I need on

5. Trunking between DLS1 and DLS2 is using ISL
All other trunk uses DOT1Q
Untagged traffic carried on VLAN 3

DLS1(config)# interface range fastEthernet 0/1 - 2
DLS1(config-if-range)# switchport trunk encapsulation isl
DLS1(config-if-range)# switchport mode trunk

DLS1(config)# interface range fastEthernet 0/7 - 8
DLS1(config-if-range)# switchport trunk encapsulation dot1q
DLS1(config-if-range)# switchport mode trunk


DLS2(config)# interface range fastEthernet 0/1 - 2
DLS2(config-if-range)# switchport trunk encapsulation isl
DLS2(config-if-range)# switchport mode trunk

DLS2(config)# interface range fastEthernet 0/3 - 4
DLS2(config-if-range)# switchport trunk encapsulation dot1q
DLS2(config-if-range)# switchport mode trunk

ALS1(config)# interface range fastEthernet 0/3 - 4
ALS1(config-if-range)# switchport trunk encapsulation dot1q
ALS1(config-if-range)# switchport mode trunk

ALS1(config)# interface range fastEthernet 0/5 - 6
ALS1(config-if-range)# switchport trunk encapsulation isl
ALS1(config-if-range)# switchport mode trunk

ALS2(config)# interface range fastEthernet 0/7- 8
ALS2(config-if-range)# switchport trunk encapsulation isl
ALS2(config-if-range)# switchport mode trunk

ALS2(config)# interface range fastEthernet 0/5- 6
ALS2(config-if-range)# switchport trunk encapsulation isl
ALS2(config-if-range)# switchport mode trunk

Don't know how to do untaggged.




6. Configure Ether channel between ALS1 and ALS2

ALS1(config)#interface range fastEthernet 0/5- 6
ALS1(config-if-range)#channel-group 1 mode desirable 
ALS1(config-if-range)# switchport mode trunk
ALS1(config)#channel –group 1 mode desirable

ALS1(config)#interface range fastEthernet 0/5- 6
ALS1(config-if-range)#channel-group 1 mode desirable 
ALS1(config-if-range)# switchport mode trunk
ALS1(config)#channel –group 1 mode desirable

6A Configure management interface on ALS1 and ALS2


7. Configure rapid per vlan spanning tree
DLS1 is root per VLAN 2
Back up root for VLAN 3 and 4

DLS1(config)# spanning-tree mode rapid-pvst
DLS1(config)#spanning-tree vlan 2 root primary
DLS1(config)#spanning-tree vlan 3 root secondary
DLS1(config)#spanning-tree vlan 4 root secondary

DLS2 is the root for VLAN 3 + 4
Backup root for VLAN 2

DLS2(config)#spanning-tree vlan 3 root primary
DLS2(config)#spanning-tree vlan 4 root primary
DLS2(config)#spanning-tree vlan 2 root secondary


8. Configure DLS1 and DLS2 for routing
DLS1 routes for VLAN 2
Back up routing for VLAN 3, 4

DLS1(config)# int vlan 2
DLS1(config)# ip address 10.2.0.3 255.255.255.0
DLS1(config)# standby 1 ip 10.2.0.1
DLS1(config)# standby 1 preempt
DLS1(config)# standby 1 priority 150
DLS1(config)# int vlan 3
DLS1(config)# ip address 10.3.0.3 255.255.255.0
DLS1(config)# standby 1 ip 10.3.0.1
DLS1(config)# standby 1 preempt
DLS1(config)# standby 1 priority 100
DLS1(config)# int vlan 4
DLS1(config)# ip address 10.4.0.3 255.255.255.0
DLS1(config)# standby 1 ip 10.4.0.1
DLS1(config)# standby 1 preempt
DLS1(config)# standby 1 priority 100


DLS2 routes for VLAN 3 + 4
Backup routing for VLAN 2
DLS2(config)# int vlan 3
DLS2(config)# ip address 10.3.0.3 255.255.255.0
DLS2(config)# standby 1 ip 10.3.0.1
DLS2(config)# standby 1 preempt
DLS2(config)# standby 1 priority 150
DLS2(config)# int vlan 4
DLS2(config)# ip address 10.4.0.3 255.255.255.0
DLS2(config)# standby 1 ip 10.4.0.1
DLS2(config)# standby 1 preempt
DLS2(config)# standby 1 priority 150
DLS2(config)# int vlan 2
DLS2(config)# ip address 10.2.0.3 255.255.255.0
DLS2(config)# standby 1 ip 10.2.0.1
DLS2(config)# standby 1 preempt
DLS2(config)# standby 1 priority 100



9. Configure DHCP Server on DLS1
To allocate ip addresses to management, student + lectures

10. Configure access ports on all switches
Ports fa0/9 for management
10 -15 for student
16 – 20 for lectures
Enable appropriate ports as per topology

DLS2(config)# interface fastEthernet 0/9
DLS2(config-if)# switchport mode access
DLS2(config-if)# switchport access vlan 4
DLS2(config-if)# spanning-tree portfast

ALS1(config)# interface range fastEthernet 0/10 - 15
ALS1(config-if)# switchport mode access
ALS1(config-if)# switchport access vlan 3
ALS1(config-if)# spanning-tree portfast

ALS2(config)# interface fastEthernet 0/16 - 20
ALS2(config-if)# switchport mode access
ALS2(config-if)# switchport access vlan 2
ALS2(config-if)# spanning-tree portfast


11. Ensure ports that are access ports go directly from blocking to forwarding

12. Disable cdp and http traffic on DLS1
DLS1# configure terminal
DLS1(config-if)# no ip http server
DLS1(config-if)# end
DLS1# configure terminal
DLS1(config-if)# no ip http server
DLS1(config-if)# end


13. Enable http on DLS1
DLS1# configure terminal
DLS1(config)# cdp run
DLS1(config)# end

14. Configure console security on ALS1
Password Fiona
If the port is inactive for 1 minute the connection should be terminated
ALS1# config
ALS1(config)# line con 0
ALS1(config)# password Fiona
ALS1(config)# exec-timeout 1 00

15. Configure VTY access on DLS2
Users should only be able to connect using ssh for domain Sligo.com, using a username Fiona and secure password as Mitchell. Data that passes across the connection should be encrypted using a KSA key size 5/2. The user has 5 authentication retrier for ssh

16. Ensure student, cannot communicate with users on management VLAN

17. Configure VTY connect on DLS1 to allow
Telnet only for users in the management VLAN using a password Mitchell

18. All password that are plaintext should be encrypted using MD7 encryption do this on DLS1

19.  On ALS1 only allow, mac address to be learned. The port should shut down if an illegal mac address is learned.
If the port goes into error disable state due to a security violation it should recover after 3 minutes.

20. On ALS1 ports 5,6,7,8 ensure broadcast traffic does not exceed 20%

21. On DLS2 made sure the minimum password length is 5 character long
DLS2#security passwords min-length 5

22. On DLS2 made sure if a user tries to illegally enter into systems 5 times in a 2 minute period they are locked out for 5 minutes
login block-for 5 attempts 5 within 2

DLS2(config)#login block-for 5 attempts 5 within 2

#3
Security / Security on a cloud
November 03, 2015, 12:44:06 PM
Hi

At the moment I am trying to come up with a proposal for a college project. What I have in mind is to implement security on a private cloud.

The aim of my project will be to implement a private cloud. During my implementation of the cloud my overall goal will be to cover a number of security design features that will make my private cloud more secure when deployed. A number of these features will include:
•   Security foundation considerations
•   Infrastructure  security considerations
•   Platform security considerations
•   Software security considerations
•   Service delivery security considerations
•   Management security considerations
•   Client security consideration
•   Legal considerations
I aim also to talk about the challenges there is for private cloud security.


Some general tips and suggestions would be appreciated ! I am being recommended to use a public cloud and what are your thoughts about using that instead of a private cloud ?

#4
Hi

I am designing a network for a project. There is a HQ and a branch office.We were recommended to use the hierarchical model.The HQ is spilt over 3 floors with 280 end users with wifi for 30 quests. The branch has 832 end users spilt over 3 floors as well. The router in the HQ will be connected to each distribution switch in the branch.I have enclosed my HQ design.The Branch will be similar to floor 2/3 of the HQ just with more access switches and end users on each floor. Some feedback would be much appreciated