Industrial Training on Network security

Industrial Training on Network security-By Nishant DwivediB.Tech CSE 7th semSection B,Class Roll no.04OverviewCourse-Basics of Network SecurityLevel-AssociateIncludes-1.CCNA Security course 2.Network Administration(includes Nmap-Zenmap GUI) 3.Some other network tools-snort,hydra.

Contd.Company Overview-:

About-The company provides different specialized trainings as per the requirement of industry and their candidates.

1.CCNA SecurityFundamentals1.CIA Triad must be satisfied.2.Securing Borderless Networks3.Network Foundation Protection Framework-1.Management Plane-includes the protocols and traffic that an administrator uses between his workstation and the router or switch itself.An example is using a remote management protocol such as Secure Shell (SSH) to monitor or configure the router or switch.If a failure occurs in the management plane, it may result in losing the ability to manage a network device.Implement by SSH or separate vpn tunnel.

Contd.2.Control plane: includes protocols and traffic that the network devices use ontheir own without direct interaction from an administrator.An example is a routing protocol. A routing protocol can dynamically learn and share routing information that the router can then use to maintain an updated routing table. If a failure occurs in the control plane, a router may lose the ability to share or correctly learn dynamic routing information, and as a result not have the routing intelligence to be able to route for the network.While Implementation, authenticate routers communication to avoid rogue ones.Contd.3.Data planeThis includes traffic that is being forwarded through the network(sometimes called transit traffic). An example is a user on one part of the network who is accessing a server. The data plane represents the traffic that is either being switched or forwarded by the network devices between the client and server. Failure of some component in the data plane results in the customers traffic notbeing able to be forwarded. Other times, based on policy, you might want to denyspecific types of traffic on the data plane.Implement using ACL(Access control lists);IOS,IPS Zone based firewalls,Layer 2 Controls such as spanning tree guards(STP) to avoid rogue switches.Using Cisco Configuration Professional to Protect the Network Infrastructure

Contd.Example 5-1 Preparing the Router to Accept HTTP/HTTPS Connections from CCP

! Enable HTTP services on the router to be managed and discovered (less! secure)R1(config)# ip http server

! Enable HTTPS services on the router to be managed and discovered (more! secure)R1(config)# ip http secure-server

! Create a local user account on the router with "Level 15" permissions! (privileged! mode), and creates an MD5 hashed password R1(config)# username admin privilege 15 secret cisco

! Tell the router that when people connect via HTTP or HTTPS, request a! user name and password, and use the local running-configuration (also! called the local database) to verify the username and password supplied! during authentication to verify if the username and password are correct,! before allowing accessR1(config)# ip http authentication local

Contd.

Contd.

Contd.

Contd.

Contd.(Templates)

Contd.

Contd.

Contd.(CCP Security Audit)Go via Config-Security-Security audit.

Contd.

Contd.

Contd.(Access Lists)

Contd.

Contd.(Config. Firewall)

Contd.

Contd.

2.Network Administration using Zeemap

Contd.

3.Other Tools