Ask a question to Desklib · AI bot
Site “ZZZ” Challenges and Implementation.
Added on -2019-09-25
| 2 pages
| 476 words
| 160 views
Trusted by 2+ million users,
1000+ happy students everyday
Site “ZZZ” Challenges and ImplementationSite details and ChallengesSite ZZZ network is poorly configure according to network security. Need to improve network devices security in various division. Need to implement Layer-2, Layer-3 and Layer-4 security on network devices.Site Solution and TechnologiesCurrent network devices has less security, so need to improve its security using following technologies.1)Layer-2 Security a.Access Port Security: Access port is used to connect end devices. Need to implement port-security on access port. If there is a only PC than only on mac address allowed, if there is an ip-phone with pc then only two mac address allowed, which are not changeable by any user except network admin.b.VTP mode: vtp protocol should be configure on transparent mode, because if any attacker plug devices which has higher revision number than all network will be down.2)Layer-3 Securitya.Access-list base on IP address: We can restrict network traffic flow base on ip address using Access-list. Guest user can’t access LAN, they are able to access internet only. So wecan protect LAN user from Guest/attackers.3)Layer-4 Securitya.Management ACL: Management Access-list is use to restrict network devices access baseon ip address and port address. I’m going to give access to few devices which are the only can access network devices. Telnet should be disable in all network equipment. Because it is not secure. Network admin should use SSH rather than Telnet.Sample Configuration1)Layer-2 Securitya.Access Port SecuritySwitch#configure terminalSwitch(config)#interface range 0/1-24Switch(config-if)#switchport mode accessSwitch(config-if)#switchport port-securitySwitch(config-if)#switchport port-security mac-address stickySwitch(config-if)#switchport port-security maximum 1b.VTP mode Switch#configure terminal Switch(config)#vtp mode transparent2)Layer-3 Security Router#configure terminal Router(config)#ip access-list extended L3 Router(config-ext-nacl)#deny ip 192.168.10.0 0.0.0.255 any
Found this document preview useful?
You are reading a preview
Upload your documents to download
or
Become a Desklib member to get accesss
Paid Plans
Free Plan
Single Unlock
Monthly Plan
Yearly Plan