• Quản trị mạng - Chapter 4: Implementing firewall technologiesQuản trị mạng - Chapter 4: Implementing firewall technologies

    Zone-Based Policy Firewall (ZPF) , introduced in 2006, is the state of the art in modern firewalling. • ZPF operation centers around the creation of zones associated with various security levels. • Implementing ZPF with CLI is much more structured and easier to understand than CBAC . ZPF utilizes class maps and policy maps enabled by C3PL. •...

    pdf132 trang | Chia sẻ: nguyenlam99 | Ngày: 09/01/2019 | Lượt xem: 21 | Lượt tải: 0

  • Quản trị mạng - Chapter 3: Authentication, authorization, and accountingQuản trị mạng - Chapter 3: Authentication, authorization, and accounting

    In large or complex networks, AAA authentication can be implemented using server-based AAA. • AAA servers can use RADIUS or TACACS+ protocols to communicate with client routers. • The Cisco Access Control Server (ACS) can be used to provide AAA server services. • Server-based AAA authentication can be configured using CLI or SDM. • Server-b...

    pdf78 trang | Chia sẻ: nguyenlam99 | Ngày: 09/01/2019 | Lượt xem: 23 | Lượt tải: 0

  • Quản trị mạng - Chapter 2: Securing network devicesQuản trị mạng - Chapter 2: Securing network devices

    Released in IOS version 12.3, Cisco AutoSecure is a feature that is initiated from the CLI and executes a script. • AutoSecure first makes recommendations for fixing security vulnerabilities and then modifies the security configuration of the router. • There are three forwarding plane services and functions: 1. Enables Cisco Express Forwardin...

    pdf175 trang | Chia sẻ: nguyenlam99 | Ngày: 09/01/2019 | Lượt xem: 27 | Lượt tải: 0

  • Quản trị mạng - Chapter 1: Modern network security threatsQuản trị mạng - Chapter 1: Modern network security threats

    Keep patches up to date by installing them weekly or daily, if possible, to prevent buffer overflow and privilege escalation attacks. 2. Shut down unnecessary services and ports. 3. Use strong passwords and change them often 4. Control physical access to systems. 5. Mitigating Network Attacks Avoid unnecessary web page inputs. 6. Perform ba...

    pdf75 trang | Chia sẻ: nguyenlam99 | Ngày: 09/01/2019 | Lượt xem: 21 | Lượt tải: 0

  • Quản trị mạng - Chapter 8: Network troubleshootingQuản trị mạng - Chapter 8: Network troubleshooting

    The difficulty in troubleshooting Layer 2 technologies, such as PPP and Frame Relay, is the unavailability of common Layer 3 troubleshooting tools, such as ping, to assist with anything but the identification that the network is down. • Most of the problems that occur with PPP involve link negotiation.

    pdf73 trang | Chia sẻ: nguyenlam99 | Ngày: 09/01/2019 | Lượt xem: 23 | Lượt tải: 0

  • Quản trị mạng - Chapter 7: Implementing ip addressing servicesQuản trị mạng - Chapter 7: Implementing ip addressing services

    access-list 1 permit 10.0.0.0 0.0.0.255 • ip nat pool POOL200 200.0.0.3 200.0.0.6 netmask 255.255.255.248 • ip nat inside source list 1 pool POOL200 overload • Int f0/1 • Ip nat inside • Int s0/0/0 • Ip nat outside

    pdf107 trang | Chia sẻ: nguyenlam99 | Ngày: 09/01/2019 | Lượt xem: 22 | Lượt tải: 0

  • Quản trị mạng - Chapter 6: Teleworker ServicesQuản trị mạng - Chapter 6: Teleworker Services

    Components required to establish this VPN include: 1. An existing network with servers and workstations 2. A connection to the Internet 3. VPN gateways, such as routers, firewalls, VPN concentrators, and ASAs, that act as endpoints to establish, manage, and control VPN connections 4. Appropriate software to create and manage VPN tunnels

    pdf54 trang | Chia sẻ: nguyenlam99 | Ngày: 09/01/2019 | Lượt xem: 11 | Lượt tải: 0

  • Quản trị mạng - Chapter 5: AclsQuản trị mạng - Chapter 5: Acls

    Deny the DNS requests from the net1, net2 • Permit all other traffics • Access-list 111 deny udp any any eq 53 • Access-list 111 permit ip any any

    pdf86 trang | Chia sẻ: nguyenlam99 | Ngày: 09/01/2019 | Lượt xem: 12 | Lượt tải: 0

  • Quản trị mạng - Chapter 4: Network securityQuản trị mạng - Chapter 4: Network security

    Which two conditions should the network administrator verify before attempting to upgrade a Cisco IOS image using a TFTP server? –Verify connectivity between the router and TFTP server using the ping command. –Verify that there is enough flash memory for the new Cisco IOS image using the show flash command.

    pdf157 trang | Chia sẻ: nguyenlam99 | Ngày: 09/01/2019 | Lượt xem: 11 | Lượt tải: 0

  • Quản trị mạng - Chapter 2: PPPQuản trị mạng - Chapter 2: PPP

    Link Quality Monitoring (LQM) is available on all serial interfaces running PPP. LQM will monitor the link quality, and if the quality drops below a configured percentage, the router shuts down the link. • The percentages are calculated for both the incoming and outgoing directions. – The outgoing quality is calculated by comparing the total n...

    pdf95 trang | Chia sẻ: nguyenlam99 | Ngày: 09/01/2019 | Lượt xem: 12 | Lượt tải: 0