PricingBlogAbout Us

Site ZZZ Network Security Implementation

Verified

Added on  2019/09/25

|2
|476
|67
Report
AI Summary
This report details the network security challenges and proposed solutions for Site ZZZ. The current network is poorly configured, lacking sufficient security at Layer 2, Layer 3, and Layer 4. The proposed solution involves implementing access port security to control MAC address access, configuring VTP in transparent mode to prevent unauthorized device configuration changes, using IP access lists to control network traffic flow based on IP addresses, and implementing a management ACL to restrict access to network devices via SSH, disabling insecure Telnet access. Sample configurations for these security measures are provided using Cisco IOS commands. The report concludes with a bibliography referencing the Cisco Official Certification Guide - CCNA Security.
Document Page
Site “ZZZ” Challenges and Implementation
Site details and Challenges
Site ZZZ network is poorly configure according to network security. Need to improve network
devices security in various division. Need to implement Layer-2, Layer-3 and Layer-4 security
on network devices.
Site Solution and Technologies
Current network devices has less security, so need to improve its security using following
technologies.
1) Layer-2 Security
a. Access Port Security: Access port is used to connect end devices. Need to implement port-
security on access port. If there is a only PC than only on mac address allowed, if there is
an ip-phone with pc then only two mac address allowed, which are not changeable by any
user except network admin.
b. VTP mode: vtp protocol should be configure on transparent mode, because if any attacker
plug devices which has higher revision number than all network will be down.
2) Layer-3 Security
a. Access-list base on IP address: We can restrict network traffic flow base on ip address
using Access-list. Guest user can’t access LAN, they are able to access internet only. So we
can protect LAN user from Guest/attackers.
3) Layer-4 Security
a. Management ACL: Management Access-list is use to restrict network devices access base
on ip address and port address. I’m going to give access to few devices which are the only
can access network devices. Telnet should be disable in all network equipment. Because it
is not secure. Network admin should use SSH rather than Telnet.
Sample Configuration
1) Layer-2 Security
a. Access Port Security
Switch#configure terminal
Switch(config)#interface range 0/1-24
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security mac-address sticky
Switch(config-if)#switchport port-security maximum 1
b. VTP mode
Switch#configure terminal
Switch(config)#vtp mode transparent
2) Layer-3 Security
Router#configure terminal
Router(config)#ip access-list extended L3
Router(config-ext-nacl)#deny ip 192.168.10.0 0.0.0.255 any
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Router(config-ext-nacl)#permit ip any any
Router(config)#interface fa0/0
Router(config-if)#ip access-group L3 in
3) Layer-4 Security
Router#configure terminal
Router(config)#ip access-list extended MGNT
Router(config-ext-nacl)#permit ip 192.168.1.15 0.0.0.0 any eq 22
Router(config-ext-nacl)#permit ip 192.168.1.16 0.0.0.0 any eq 22
Router(config-ext-nacl)#permit ip 192.168.1.17 0.0.0.0 any eq 22
Router(config-ext-nacl)#deny ip any any
Router(config)#line vty 0 15
Router(config-if)#ip access-class MGNT
Bibliography
Cisco Official Certification Guide - CCNA Security by Michael D. Watkins, Kevin
Wallace
chevron_up_icon
1 out of 2
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.