Cisco CCNA Security - Chapter 2: Securing Network Devices

Primary tabs

By admin on Sat, 06/25/2011 - 12:53

First NTP (Network Time Protocol) to configure
-> NTP Why is it important? To attack a precise time stamp have
- Comes> For manual settings of the time it often discrepancies
(Note: how to actually set the time manually?
Sun: Router # clock set 10:28:00 April 04 2011)

a) Configure a router as an NTP Client
-> It simply specify the NTP server address
R1 (config) # ntp server 192.168.1.5
-> This practice is no key required

b) Configure routers to update hardware clock / update the hardware clock
-> That was nowhere explicitly in the course material, but the Cisco command reference reveals the following:
R1 (config) # ntp update-calendar

c) timestamp (timestamp) use for log notifications
R1 (config) # service timestamps log datetime msec
-> It's also the option for debug messages (debug parameters instead of log), but that is not required here

Second Configuring Syslog
-> A syslog server is a computer that receives the syslog messages from syslog clients
-> Here we configure a router as a syslog client, as we give him the IP address of the syslog server (more is not required here):
R1 (config) # logging host 192.168.1.6

Third Configure SSH
a) SSH needs a domain name, is given: ccnasecurity.com
R3 (config) # ip domain-name ccnasecurity.com

b) SSH requires a user with password and assigned rights. The default is: SSHadmin,>> secret < Login local indicates that the local database to be used, so that we can login with the user we just created
R3 (config-line) # transport input ssh

d) RSA key pair, delete any existing key:
R3 (config) # crypto key rsa zeroize
-> This message is expected% No Signature RSA keys found in configuration.
R3 (config) # crypto key generate rsa
-> Enter in contrast to the teaching material you can not "general-keys modulus 1024"
-> If you press Enter, you can then enter the key length

e) SSH timeouts and authentication parameters
-> The command to ssh is not Configuring your "ssh ...", but" ip ssh ... "
- Display> setting options:
R3 (config) # ip ssh?

Technology