Please enable JavaScript.
Coggle requires JavaScript to display documents.
CHAPTER 5 PHYSICAL SECURITY (5.3) (5.3 Implement Hardening Routers (5.3.6…
CHAPTER 5 PHYSICAL SECURITY (5.3)
5.3 Implement Hardening Routers
5.3.1 Define Routers, Metrics, Algorithm and IOS
Routers
an electronic device that interconnects two or more computer networks
Metrics
Value used to defined the suitability of a particular route
Router use metrics to determine which routes are better than other routers
Algorithm
Is a sequence of instructions that one must perform in order to solve a well formulated problem
IOS
Operating systems of all Cisco devices
Custom Built By Cisco for each platform
5.3.2 Explain Routing Principles and Operation Modes
The routing table is at the core of the routing process. The information contained in the routing table drives all routing decisions made by IP.
Typically the routing table is searched in the following sequence:
Search for a matching host address.
Search for a matching Network Address.
Search for a default entry.
Routing tables may be either static or dynamic.
1.Static - created / updated by the system administrator.
Dynamic - routers communicate directly using a routing protocol.
Wireless Router Mode
-(Default, Home Internet Sharing)
-Connection: Internet -> Modem -> Router -> Computer
Wireless Router Mode
-If you have 1 router, this will almost always be the default router operating mode that you will implement for your basic home use.
-You connect the modem to the router, and then the router “shares” its internet connection to all the devices.
Repeater Mode
-(Home Wi-fi Range Extension)
-Connection: Internet -> Modem -> Router ->Wireless Extend to Repeater
Repeater Mode
-You will generally use repeaters or wireless extenders when you have hard to reach places with your home wifi setup. The repeater acts as a “transition” island between your actual client device with the main router.
Access Point(AP) Mode
-(General Internet Extension – Home, Hotel, Etc)
-Connection: Internet -> Modem -> Router ->Wired Connection to AP
Access Point
-Use Access Point when you cannot alter the main router, but still need a temporary wireless network. This mode is best to be used in an office, hotel, and places where you only have wired network.
5.3.4 adhere to the step to harden a router
Harden a router
Change the default password.
Disable IP directed broadcasts.
Disable HTTP configuration for the router, if possible.
Block ICMP ping requests.
Disable IP source routing.
Determine your packet filtering needs.
Establish Ingress and Egress address filtering policies.
Maintain physical security of the router.
Maintain physical security of the router.
5.3.3 Identify TCPand UDP server proxy and various tools.
TCP server proxy
TCP proxy is a server that acts as an intermediary between a client and the destination server.
proxy server is a service that takes a request and performs it on behalf of the user or another service.
TCP proxy supports a maximum receive window size of 1 MB per session.
Types of Proxies:
CGI (Common Gateway Interface) Proxies.
Transparent Proxy.
Anonymous Proxy.
High Anonymity Proxy.
TCP tools
Hostname -Display the name of the computer.
Ipconfig - Display current TCP/IP network configuration values, update or release Dynamic Host Configuration Protocol (DHCP) allocated leases, and display, register, or flush Domain Name System (DNS) names.
Netstat - Display statistics for current TCP/IP connections. Windows Server 2003 adds IPv6 parameters to the netstat command.
Nslookup - Check records, domain host aliases, domain host services, and operating system information by querying DNS servers..
Ping - Send Internet Control Message Protocol (ICMP) Echo messages to verify IP connectivity. Windows Server 2003 adds IPv6 parameters to the ping command.
Route - Display the IP routing table, and add, edit, or delete IPv4 routes. Route for Windows Server 2003 also displays IPv6 routes.
Tracert - Trace a path to a destination. Windows Server 2003 adds IPv6 parameters to the tracert command.
UDP server proxy
Socket Secure (SOCKS) is an Internet protocol that exchanges network packets between a client and server through a proxy server.
provides authentication ,so only authorized users may access a server.
5.3.5 List ways to secure the routers
List way to secure the router
Lock down the router with passwords
Set the correct time and date
-Back up router configurations to a central source
Secure other network devices such as switches and wireless access
5.3.6 Explain router command s, router types and routing protocols
Router commands
Use enable command to enter in privilege exec mode.
Router# show interfaces
This command shows the status and configuration of interfaces.
Router# show ip interface brief
This command provides a quick overview of all interfaces on the router including their IP addresses and status.
Router# show version
This command will display information about software version of running IOS. It also provides information about configuration setting.
Router# show ip route
Routers use routing table to take packet forward decision. This command displays routing table.
Router types
Broadband Routers
-Broadband routers can be used to connect computers or to connect to the Internet.
Wireless Routers
-Wireless routers create a wireless signal in your home or office. So, any PC within range of Wireless routers can connect it and use your Internet.
Core Router
-Is used to connect different cities.
Edge Router
-This type of router are placed at the edge of the ISP network, the are normally configured to external protocol like BGP (Border gateway protocol) to another BGP of other ISP or large organisation.
Routing Protocols
A routing protocol specifies how routers communicate with each other, distributing information that enables them to select routes between any two nodes on a computer network.
A routing protocol uses software and routing algorithms to determine optimal network data transfer and communication paths between network nodes.
Routing protocols facilitate router communication and overall network topology understanding.
5.3.7 Apply Access Control Lists(ACL) based on security policy
