1 / 8

Logging – Audit Steps

Logging – Audit Steps. Verify that timestamps for debugging and logging messages has been enabled. Verify the severity level of events that are being captured. Verify that the source interface command has been configured. Verify the IP address of the syslog server.

irene-ramsey
Download Presentation

Logging – Audit Steps

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Logging – Audit Steps • Verify that timestamps for debugging and logging messages has been enabled. • Verify the severity level of events that are being captured. • Verify that the source interface command has been configured. • Verify the IP address of the syslog server.

  2. Dynamic Configuration Controls • ACLs • Routing Protocol Authentication • CDP • VLANs • Switchport Security • VTP • DTP

  3. ACLs • Cisco IOS uses access control lists to separate data traffic into that which it will process (permitted packets) and that which it will not process (denied packets). • Cisco routers makes very heavy use of access lists: • restrict access to services • filter traffic passing through the router.

  4. ACLs • An ACL is a sequential list of permit or deny statements that apply to addresses or upper-layer protocols. • Static packet filtering controls access to a network by analyzing the incoming and outgoing packets • By default, a router does not have any ACLs configured and therefore does not filter traffic.

  5. ACLs

  6. ACLs • Standard ACLs - Allow you to filter traffic based on source IP address. • Extended ACLs filter IP packets based on: • Protocol type, • Source IP address, • Destination IP address • TCP or UDP ports.

  7. Extended ACLs • Extended ACLs are used for more precise traffic-filtering control and are used more often than standard ACLs to provide a greater range of control.

  8. ACLs – Used to Protect the Network • ICMP Packet Filtering - filter ICMP messages by name or type and code. • Filter IP Fragments – Fragmentation is often used in attempts to evade detection by intrusion detection systems, deny IP fragments. • Anti IP Address Spoofing – Deny any inbound IP packet that contains a source address from the internal network. • Smurf Attack - deny packets destined for broadcast addresses.

More Related