Home > CCNP, ISCW > Securing your Router

Securing your Router

The Device Hardening chapter is loooong and very detailed. If you’re coming off your CCNA exam you will be familiar with many of the subjects with the difference being the level of details.

The first part review management protocols, their security weaknesses and ways to better secure them. Going over SNMP, NTP and SSH I found it a funny coincidence that an upgrade of our time-server was due at the same week, using NTP v3 based solution…
I use Domain Time II, a time sync software that provide time synchronization for the network and detailed reports and audit capabilities for the compliance officer. So here is the real life connection to my study materials 🙂

I found the Network Attacks topic very interesting but the details, oh the details. Though I was familiar with most of the attacks and their capabilities it surprised how many versions and counter attack options are there. I will definitely have to watch that video again and read the related paragraphs in the book, I bet those details will be in the exam.
One question I couldn’t answer is why was the word Reconnaissance chosen over Spying? it is such a weird name for a network attack…

Using ASA & PIX I get to work with ASDM many times. It was nice to see that Cisco allow many of the CLI commands in SDM and after the earlier VPN configuration that proved to be much easier using SDM on both ends of the connection, AutoSecure add to the SDM value. Using AutoSecure to test the network is a great tool even if you’re not going to fix it and fixing problems is easy and intuitive.

Out of this whole list of attacks and their solutions I found one new topic, something I never saw in the real world and as long as I work in the small to mid-size organizations sphere, I do not think I’ll ever see: Role-Based CLI
Creating Views and Superviews remind me of Active Directory where you can place few different groups into one bigger group and each of these groups can join different groups.
Views are sets of commands that can be assigned to a user.
Superview is a group of Views that can be assigned to a user as a package.
If you find this topic interesting you can check this configuration example.

Two weeks later and I can start thinking about exam dates. I’m not there yet but as I get closer to the end of the reading, watching and summarizing, I know that for this exam only few selected topics require a full comprehensive second review.
My plan for the coming long weekend is to finish the last topics and start working on my lab. I’ll have to figure out which way to go with the lab and will post my setup in the coming days

Advertisements
  1. February 2, 2010 at 1:10 pm

    Your site was extremely interesting, especially since I was searching for thoughts on this subject last Thursday.

  2. Rofi Neron
    January 18, 2010 at 3:36 pm

    Funny, I’m working on the next post that will answer that exact question
    I guess it will be ready sometime tonight so come back tomorrow morning or subscribe for email updates on the home page and it would wait in your mailbox 🙂

  3. Rob Flora
    January 18, 2010 at 3:32 pm

    So what did you decide to setup for labing? I am studying for the ISCW also. I have found the CBT series a breath of free air for training.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: