Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • Port Security PDF

    Загружено:

    nucleur_13
    26 просмотров12 страниц
    IP network

    Оригинальное название

    Port security.pdf

    Авторское право

    © Attribution Non-Commercial (BY-NC)

    Доступные форматы

    PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    IP network

    Авторское право:

    Attribution Non-Commercial (BY-NC)
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    26 просмотров12 страниц

    Port Security PDF

    Загружено:

    nucleur_13
    IP network

    Авторское право:

    Attribution Non-Commercial (BY-NC)
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 12

    Cho s mng:

    Yu cu: 1. 2. 3. 4. 5. 6. Telnet: PC1 c th cu hnh R1, R2 bng telnet. PC2 ,PC3 khng cu hnh c SSH: tng t cu 1 nhng dng SSH Cho php kt ni PC2 PC1 ng thi khng cho php kt ni PC3 PC1 PC1, PC2 ping c PC4 ng thi PC3 khng bing c PC4. Set passwords cho console (phi in pass khi khi ng router). Hack khi qun pass cu 5 Bi lm c th d dng hn trong thao tc, ta dng phn mm VMWare to hai my o C1 v C2 v kt ni vo mng cho. Bng cch configure cc interface cho cc Cloud C1 v C2. To kt ni:

    Chnh IP:

    Cu hnh router on a stick v RIP version 2 cho mng cc my c th ping c ti nhau: - Switch R3:
    R3-SW#vlan database R3-SW(vlan)#vlan 10 name ADMIN R3-SW(vlan)#vlan 20 name FINANCE R3-SW(vlan)#exit R3-SW#conf t R3-SW(config)#int f1/1 R3-SW(config-if)#no shut R3-SW(config-if)#switchport R3-SW(config-if)#switchport R3-SW(config-if)#int f1/2 R3-SW(config-if)#no shut R3-SW(config-if)#switchport R3-SW(config-if)#switchport R3-SW(config-if)#int f1/3 R3-SW(config-if)#no shut R3-SW(config-if)#switchport R3-SW(config-if)#switchport R3-SW(config-if)#int f1/10 R3-SW(config-if)#no shut R3-SW(config-if)#switchport R3-SW(config-if)#end

    mode access access vlan 10

    mode access access vlan 20

    mode access access vlan 20

    mode trunk

    Router R1: R1#conf t R1(config)#int f0/0 R1(config-if)#no shut R1(config-if)#int f0/0.10 R1(config-subif)#encapsulation dot1q R1(config-subif)#ip add 192.168.1.33 R1(config-subif)#no shut R1(config-subif)# R1(config-subif)#int f0/0.20 R1(config-subif)#encapsulation dot1q R1(config-subif)#ip add 192.168.1.49 R1(config-subif)#no shut R1(config-subif)# R1(config-subif)#exit

    10 255.255.255.240

    20 255.255.255.240

    R1(config)#int f0/1 R1(config-if)#ip add 10.0.1.17 255.255.255.252 R1(config-if)#no shut R1(config-if)#exit R1(config)#router rip R1(config-router)#version R1(config-router)#network R1(config-router)#network R1(config-router)#network R1(config-router)#end -

    2 192.168.1.38 192.168.1.32 10.0.1.16

    Router R2: R2#conf t R2(config)#int f0/1 R2(config-if)#ip add 10.0.1.18 255.255.255.252 R2(config-if)#no shut R2(config-if)#exit R2(config-if)#int f0/0 R2(config-if)#ip add 192.168.1.1 255.255.255.240 R2(config-if)#no shut R2(config-if)#exit R2(config)#router rip R2(config-router)#version 2 R2(config-router)#network 192.168.1.0 R2(config-router)#network 10.0.1.16 R2(config-router)#end

    **Kim tra cu hnh mng: - Th ping t PC2 ti cc a ch trong mng ni b: tt c u thnh cng

    1. Cu hnh Telnet Cu hnh cho cc router c th thc hin telnet. Router 1:


    R1#conf t R1(config)#line vty 0 15 R1(config-line)#password 1234 R1(config-line)#login R1(config-line)#exit R1(config)#enable secret 5678 R1(config)#end

    Router 2:
    R2#conf t R2(config)#line vty 0 15 R2(config-line)#password 1234 R2(config-line)#login R2(config-line)#exit R2(config)#enable secret 5678 R2(config)#end

    Kt qu thc hin: tt c cc my u c th telnet ti router 1 v router 2 nu bit mt khu.

    Mt ty chn khc khi cu hnh pass word l: R2#conf t R2(config)#line vty 0 15 R2(config-line)#login local R2(config-line)#exit R1(config)#username vannhan password vp09 R2(config)#enable secret 5678 R2(config)#end

    Khi nu Telnet n R1 s yu cu thm username v password:

    Bt gi tin Telnet bng wireshark, ta d dng ly c username v pasword trong trng Telnet v n khng c m ha. Mi k t nm trong cc frame lin tip nhau c gi t PC1 ti router:

    cu hnh ch cho php PC1 telnet v khng cho php cc PC khc, ta cu hnh access list cho router R1 v R2:
    R1#conf t R1(config)#access-list 1 permit 192.168.1.34 0.0.0.0 R1(config)#access-list 1 deny any R1(config)#line vty 0 15 R1(config-line)#access-class 1 in R1(config-line)#exit

    Cu hnh tng t R2 Nu mun cho php ton b vlan 10 c quyn telnet, th ta chnh li lnh permit thnh:
    R1(config)#access-list 1 permit 192.168.1.32 0.0.0.15

    Vi 1510 = 11112 l 4 bit dng chia ip trong mng vlan 10. Kt qu: PC1 telnet c R1 v R2, trong khi cc PC khc ch ping c m khng telnet c R1 v R2:

    2. Cu hnh SSH Cu hnh cho cc router, dng thut ton RSA 512 bit m ha username v password.
    R1#conf t R1(config)#ip domain-name pfiev R1(config)#crypto key generate rsa How many bits in the modulus [512]: 512 R1(config)#ip ssh time-out 15 R1(config)#ip ssh authentication-retries 2 R1(config)#username vannhan password vp09 R1(config)#line vty 0 4 R1(config-line)#transport input ssh R1(config-line)#exit

    Ta vn cu hnh access list nh phn trc cho php PC1 c th dng giao thc SSH cu hnh Router R1 v R2, cn cc PC cn li khng c quyn ny. Kim tra kt qu cu hnh mng: Vi PC1, khi bit username v password, ta c th d dng ng nhp v cu hnh R1, R2:

    Vi cc PC khc, ch c th ping ti router m khng SSH cu hnh c:

    Dng wireshark bt gi tin SSH, ta khng th xem c cc thng tin v n c m ha:

    3. Cho php kt ni PC2 PC1 ng thi khng cho php kt ni PC3 PC1 Ta cu hnh access list vo router R1 cho php PC2 v chn PC3 ping ti PC1:
    R1#conf t R1(config)#access-list 101 permit ip host 192.168.1.50 host 192.168.1.34 R1(config)#access-list 101 deny ip host 192.168.1.51 host 192.168.1.34 R1(config)#int f0/0.20 R1(config-subif)#ip access-group 101 in R1(config-subif)#end

    Kt qu: PC2 ping thnh cng cn PC3 b chn (prohibited):

    PC2:

    PC3:

    4. PC1, PC2 ping c PC4 ng thi PC3 khng bing c PC4. Tng t nh trn, ta s cu hnh access list cho R2:
    R2#conf t R2(config)#no access-list 102 R2(config)#access-list 102 deny ip host 192.168.1.51 host 192.168.1.2 R2(config)#access-list 102 permit ip host 192.168.1.50 host 192.168.1.2 R2(config)#access-list 102 permit ip host 192.168.1.34 host 192.168.1.2 R2(config)#access-list 102 permit ip any any R2(config)#int f0/1 R2(config-if)#ip access-group 102 in R2(config-if)#end

    Kt qu: PC1, 2 ping c PC4, cn PC3 khng ping c.

    o PC1:

    o PC 2:

    o PC3:

    5. Set passwords cho console C hai ty chn khi set password: login local v login. Tng t nh line vty, nu chn login local th phi set thm username v pasword tng ng, cng vi password enable, cn login th ch cn in 1 ln pasword l . Login local: in username v 2 ln password
    R1#conf t R1(config)#line console 0 R1(config-line)#login local R1(config-line)#exit R1(config)#enable secret 5678 R1(config)#username vannhan password vp09 R1(config)#end

    Kt qu:

    Login: in 1 password
    R1#conf t R1(config)#line console 0 R1(config-line)#login R1(config-line)#password 1234 R1(config-line)#exit R1(config)#end

    Kt qu:

    6. Qun password Thc hin qua cc bc: Rt ngun, ch khong 10s v cp li ngun cho router. B qua qu trnh boot. ch ROM Monitor, i thanh ghi cu hnh sang 0x2142 bng lnh
    rommon 1 > confreg 0x2142 rommon 2 > reset

    reload router v b qua lu thng tin cu hnh. Vo ch privileged mode khng c password. Copy thng tin cu hnh lu trong NVRAM sang DRAM Ci li password i thanh ghi cu hnh v li 0x2102 bng t hp lnh
    R1#conf t R1(config)#configure-register 0x2102

    Lu cu hnh. Reload router.

    Вам также может понравиться