CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 1 Selling Cisco SMB Solutions Advanced Security Selling SMB Solutions

  • View
    220

  • Download
    1

Embed Size (px)

Text of CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 1 Selling...

  • Slide 1

CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 1 Selling Cisco SMB Solutions Advanced Security Selling SMB Solutions Cisco Resellers University V2.0 Slide 2 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 2 Objectives Upon completion of this module, you will be able to perform the following tasks: Describe the features and functionality of the Cisco Low End Routers and how they meet the customer requirements. Describe the features and functionality of the Cisco Low End Switches and how they meet the customer requirements. Configure the security features for the Cisco 1841 Router and Cisco Express 500 Switch in order to help SMB to protect its sensitive data and applications. Discuss the best practices related to security using Cisco Routers and Switches and how Cisco Resellers stands a value proposition for the security of its customers businesses. Slide 3 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 3 Cisco Network Security Slide 4 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 4 Destruction of data Information theft Network disruption Steps that are taken to protect network resources and services from unauthorized actions that include: Recovery costs Legal liability Lost revenue Reduced customer satisfaction Security breaches result in: Network Security Definition Slide 5 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 5 The Security Wheel Security is a strategy, not a product. No single device or solution can protect a network against a changing variety of threats. Security is a process: Developing a policy Securing the network Monitoring for and responding to threats Testing for vulnerabilities Making improvements as needed Slide 6 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 6 Using Cisco Router and Security Device Manager Slide 7 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 7 Embedded web-based management tool Provides intelligent wizards to enable quicker and easier deployments and does not require knowledge of Cisco IOS CLI or security expertise Tools for more advanced users ACL editor VPN crypto map editor Cisco IOS CLI preview What Is Cisco SDM? Slide 8 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 8 Cisco SDM Files The sdm-v10.zip file contains the following files: sdm.tar home.html home.shtml home.tar ips.tar attack-drop.sdf sdmconfig-xxxx.cfg file: Enables HTTP server Enables SSH/Telnet Provides a default credentialusername and password Default configuration file specific to router series: For example: sdmconfig-18xx.cfg Slide 9 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 9 Installing Cisco SDM Task 1: Download the Cisco SDM files and a Cisco IOS image to a TFTP server. Task 2: Configure your router to support Cisco SDM. Task 3: Copy the Cisco SDM Files to the Router. Task 4: Start Cisco SDM. Requires a minimum 5.3 MB extra (available) router flash memory. Slide 10 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 10 Router Administration Using Cisco SDM Cisco SDM is used for configuring, managing, and monitoring a single Cisco access router. Cisco SDM allows the ability for multiple concurrent users to be logged in. It is not recommended that multiple users use Cisco SDM to modify the configuration at the same time. You can use Cisco SDM or CLI commands or both: Use CLI commands for features not supported by SDM. Use Cisco SDM to configure security policies on unsupported interfaces. Slide 11 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 11 Accessing Cisco SDM for the First Time Accessing Cisco SDM on a factory-fresh router with SDM installed: 1.Connect PC to the lowest LAN Ethernet port of the router, using crossover cable. 2.Use a static IP address for the PC: (10.10.10.2/255.255.255.0). 3.Launch a supported browser. 4.The default URL to access Cisco SDM is https://10.10.10.1. 5.The Cisco SDM default login is: Username: sdm Password: sdm Slide 12 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 12 Startup Wizard: Basic Configuration, Change Default Username and Password Slide 13 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 13 Startup Wizard: LAN Interface Configuration Slide 14 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 14 Startup Wizard: DHCP Server Configuration Slide 15 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 15 Startup Wizard: DNS Configuration Slide 16 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 16 Startup Wizard: Security Configuration Slide 17 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 17 You will lose your connection after it is delivered to the router. Use the new IP address to access SDM for further configuration. Startup Wizard: Configuration Delivery Slide 18 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 18 Accessing Cisco SDM: Ongoing Already configured router with Cisco SDM installed: 1.Use a LAN/WAN connection. 2.Manage the router using either HTTP or HTTPS with https:// /. Note: https:// specifies that SSL be used for a secure connection. http:// can be used if SSL is not available. Slide 19 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 19 Cisco SDM: Startup Troubleshooting Browser problem? Enable Java and JavaScript on the browser. Disable popup blockers or unsupported Java plug-ins on PC. Router not allowing access? Ensure that HTTP server is enabled on router. Ensure that the PC is not blocked on the interface by a firewall ACL. Requires HTTP/HTTPS and SSH/Telnet or SSH/Telnet and RCP access to router Open specific addresses/ports in ACL editor in advanced mode Cisco SDM installed? Access it with https:// /flash/sdm.shtml. Enter the CLI show flash command. Slide 20 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 20 Cisco SDM Main Window Layout and Navigation Menu Bar Toolbar Router Information Configuration Overview Slide 21 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 21 Cisco SDM Wizard Options LAN configuration: Configure LAN interfaces and DHCP. WAN configuration: Configure PPP, Frame Relay, and HDLC WAN interfaces. Firewall: Access two types of Firewall wizards: Simple inside/outside Advanced inside/outside/DMZ with multiple interfaces VPN: Access three types of VPN wizards: Secure site-to-site VPN Cisco Easy VPN GRE tunnel with IPSec VPN Security Audit: Perform a router security audit, with a button for router lockdown. IPS: Intrusion Prevention System QOS: Quality of Service Slide 22 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 22 Cisco Secure Access Control Server for Windows Server Slide 23 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 23 Cisco Secure ACS for Windows Server: General Features NAS Cisco Secure ACS for Windows Server TACACS+ RADIUS PAP CHAP MS-CHAP Uses TACACS+ or RADIUS between Cisco Secure ACS and NAS Allows authentication against Windows 2000 user database, Cisco Secure ACS user database, token server, or other external databases Supports PAP, CHAP, and MS-CHAP authentication on the NAS Slide 24 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 24 Cisco Secure ACS for Windows Server: ACS User Database NAS 1 NAS 2 NAS 3 Cisco Secure ACS User Database Slide 25 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 25 NAS 1 NAS 2 NAS 3 ACS User Database External User Database Cisco Secure ACS for Windows Server: External User Databases Slide 26 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 26 Administering Cisco Secure ACS for Windows Server Slide 27 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 27 TACACS+ Overview TCP Supports AAA Encrypts entire body LAN and WAN security RCMD, PPP, ARA, and NASI Supports PAP, CHAP, and MS-CHAP Router command authorization Blocks specific ports PSTN/ISDN Corporate Network TACACS+ Client TACACS+ Security Server NAS Remote User Slide 28 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 28 RADIUS Background RADIUS was developed by Livingston Enterprises, now part of Lucent Technologies. It contains a: Protocol with a frame format that uses UDP Server Client Slide 29 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 29 Enable AAA-USING SDM 1.Create a local user with privilege level 15 1 2 3 4 5 Slide 30 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 30 Enable AAA-USING SDM (Cont.) 2. Enable AAA on the router 1 2 3 4 5 Slide 31 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 31 Enable AAA-USING SDM (Cont.) 6 7 Slide 32 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 32 Define AAA Servers-USING SDM Slide 33 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 33 Define AAA Servers-USING SDM 1 2 3 Slide 34 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 34 Define AAA Servers-USING SDM Slide 35 CTT Corp. Derechos reservados 11-2005 CHANNEL READINESS PROGRAM FOR CISCO PARTNERS 1 - 35 Lab Exercise 2005 Cisco Systems, I