logo

Site “ZZZ” Challenges and Implementation.

2 Pages476 Words160 Views
   

Added on  2019-09-25

Site “ZZZ” Challenges and Implementation.

   Added on 2019-09-25

ShareRelated Documents
Site “ZZZ” Challenges and ImplementationSite details and ChallengesSite ZZZ network is poorly configure according to network security. Need to improve network devices security in various division. Need to implement Layer-2, Layer-3 and Layer-4 security on network devices.Site Solution and TechnologiesCurrent network devices has less security, so need to improve its security using following technologies.1)Layer-2 Security a.Access Port Security: Access port is used to connect end devices. Need to implement port-security on access port. If there is a only PC than only on mac address allowed, if there is an ip-phone with pc then only two mac address allowed, which are not changeable by any user except network admin.b.VTP mode: vtp protocol should be configure on transparent mode, because if any attacker plug devices which has higher revision number than all network will be down.2)Layer-3 Securitya.Access-list base on IP address: We can restrict network traffic flow base on ip address using Access-list. Guest user can’t access LAN, they are able to access internet only. So wecan protect LAN user from Guest/attackers.3)Layer-4 Securitya.Management ACL: Management Access-list is use to restrict network devices access baseon ip address and port address. I’m going to give access to few devices which are the only can access network devices. Telnet should be disable in all network equipment. Because it is not secure. Network admin should use SSH rather than Telnet.Sample Configuration1)Layer-2 Securitya.Access Port SecuritySwitch#configure terminalSwitch(config)#interface range 0/1-24Switch(config-if)#switchport mode accessSwitch(config-if)#switchport port-securitySwitch(config-if)#switchport port-security mac-address stickySwitch(config-if)#switchport port-security maximum 1b.VTP mode Switch#configure terminal Switch(config)#vtp mode transparent2)Layer-3 Security Router#configure terminal Router(config)#ip access-list extended L3 Router(config-ext-nacl)#deny ip 192.168.10.0 0.0.0.255 any
Site “ZZZ” Challenges and Implementation._1

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Introduction to Enterprise SWITCHED NETWORKS
|32
|8619
|177

BN202 Assignment on Internetworking Technologies
|15
|1064
|65

Network Information Technology
|9
|743
|270

CMIT 350 Interconnecting Cisco Devices
|6
|1107
|171

Network Solution for Top Network Company (TNC)
|9
|709
|207

Configuring VLANs, ROS, DHCP and PPP for Sacramento and Los Angeles sites
|4
|610
|197