Site ZZZ Network Security Implementation

Verified

Added on 2019/09/25

AI Summary

This report details the network security challenges and proposed solutions for Site ZZZ. The current network is poorly configured, lacking sufficient security at Layer 2, Layer 3, and Layer 4. The proposed solution involves implementing access port security to control MAC address access, configuring VTP in transparent mode to prevent unauthorized device configuration changes, using IP access lists to control network traffic flow based on IP addresses, and implementing a management ACL to restrict access to network devices via SSH, disabling insecure Telnet access. Sample configurations for these security measures are provided using Cisco IOS commands. The report concludes with a bibliography referencing the Cisco Official Certification Guide - CCNA Security.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Site “ZZZ” Challenges and Implementation
Site details and Challenges
Site ZZZ network is poorly configure according to network security. Need to improve network
devices security in various division. Need to implement Layer-2, Layer-3 and Layer-4 security
on network devices.
Site Solution and Technologies
Current network devices has less security, so need to improve its security using following
technologies.
1) Layer-2 Security
a. Access Port Security: Access port is used to connect end devices. Need to implement port-
security on access port. If there is a only PC than only on mac address allowed, if there is
an ip-phone with pc then only two mac address allowed, which are not changeable by any
user except network admin.
b. VTP mode: vtp protocol should be configure on transparent mode, because if any attacker
plug devices which has higher revision number than all network will be down.
2) Layer-3 Security
a. Access-list base on IP address: We can restrict network traffic flow base on ip address
using Access-list. Guest user can’t access LAN, they are able to access internet only. So we
can protect LAN user from Guest/attackers.
3) Layer-4 Security
a. Management ACL: Management Access-list is use to restrict network devices access base
on ip address and port address. I’m going to give access to few devices which are the only
can access network devices. Telnet should be disable in all network equipment. Because it
is not secure. Network admin should use SSH rather than Telnet.
Sample Configuration
1) Layer-2 Security
a. Access Port Security
Switch#configure terminal
Switch(config)#interface range 0/1-24
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security mac-address sticky
Switch(config-if)#switchport port-security maximum 1
b. VTP mode
Switch#configure terminal
Switch(config)#vtp mode transparent
2) Layer-3 Security
Router#configure terminal
Router(config)#ip access-list extended L3
Router(config-ext-nacl)#deny ip 192.168.10.0 0.0.0.255 any

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Router(config-ext-nacl)#permit ip any any
Router(config)#interface fa0/0
Router(config-if)#ip access-group L3 in
3) Layer-4 Security
Router#configure terminal
Router(config)#ip access-list extended MGNT
Router(config-ext-nacl)#permit ip 192.168.1.15 0.0.0.0 any eq 22
Router(config-ext-nacl)#permit ip 192.168.1.16 0.0.0.0 any eq 22
Router(config-ext-nacl)#permit ip 192.168.1.17 0.0.0.0 any eq 22
Router(config-ext-nacl)#deny ip any any
Router(config)#line vty 0 15
Router(config-if)#ip access-class MGNT
Bibliography
Cisco Official Certification Guide - CCNA Security by Michael D. Watkins, Kevin
Wallace