Scribd
Upload
143 views15 pages

2.6.1.2 Lab

Uploaded by

WIC190705 STUDENT
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
143 views15 pages

2.6.1.2 Lab

Uploaded by

WIC190705 STUDENT
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 15

WIC2002 Network Security 

Sem 2 2020/2021 
2.6.1.2 Lab - Securing the Router for Administrative Access
 
KAMAL KUMAR KHATRI (17207097/1)

R1, R2 & R3 –

Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 15.0(1)M, RELEASE


SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 30-Sep-09 07:48 by prod_rel_team

S1 & S2 –
Cisco IOS Software, 3700 Software (C3745-ADVIPSERVICESK9-M), Version 12.4(19), RELEASE
SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.

End device -
PC-A  IE11 - Window 7 (32 bit)
PC-C  Kali Linux 2021.1 vmbox, Debian (64bit)
List of tests conducted –
Ping PC-A to PC-B

Ping to R1, R2, R3


Telnet Connection (R2  R1, R2  R3)

PC-C to R1

SHOW IP SSH

SSH CONNECTION FROM PC-A to R1


Show snmp group & user configurations

Logging of syslog

R1# show logging


Syslog logging: enabled (0 messages dropped, 3 messages rate-limited, 0
flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.

Console logging: level debugging, 72 messages logged, xml disabled,


filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 72 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabled

No active filter modules.

Trap logging: level warnings, 54 message lines logged


Logging to 192.168.1.13 (udp port 514, audit disabled,
link up),
3 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled
Logging to 192.168.1.3 (udp port 514, audit disabled,
link up),
3 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled
Logging Source-Interface: VRF Name:
<output omitted>

Step 1: Establish an SSH connection from PC-C to R3.

Device Configurations:

R1 :
Current configuration : 3145 bytes
!
! Last configuration change at 18:02:17 UTC Sat May 8 2021 by user01
!
upgrade fpd auto
version 15.0
parser view admin1
secret 5 $1$Mp6Q$nytZj3xyu2rqiiAqDYD9w/
commands exec include all configure terminal
commands exec include configure
commands exec include all show
commands exec include all debug
!
parser view tech
secret 5 $1$XKBD$dIpZtrkE5nY/eOZXuVUUu/
commands exec include all configure terminal
commands exec include configure
commands exec include all show
commands exec include all debug
!
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
security passwords min-length 10
enable secret 5 $1$eWO1$Y7lnof2lkeSCSZ6HekePD/
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
!
!
!
ip source-route
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
ip domain name ccnasecurity.com
no ipv6 cef
!
multilink bundle-name authenticated
!
!
key chain NetAcad
key 1
key-string 7 123A2639333807013338303A3A3B25
!
!
!
!
!
!
!
username user01 secret 5 $1$bA0.$YZ7PlGfP9O0H6dcX9l8R2.
username admin privilege 15 secret 5 $1$uZeg$9iEkf2RWsIZaVcEegpScq.
!
redundancy
!
!
ip tcp synwait-time 5
ip ssh time-out 90
ip ssh authentication-retries 2
ip ssh version 2
ip scp server enable
!
!
!
!
!
!
!
!
interface Ethernet0/0
no ip address
shutdown
duplex auto
!
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex full
speed 1000
media-type gbic
negotiation auto
!
!
interface GigabitEthernet1/0
ip address 192.168.1.1 255.255.255.0
ip ospf authentication message-digest
negotiation auto
!
!
interface Serial2/0
ip address 10.1.1.1 255.255.255.252
ip ospf authentication message-digest
serial restart-delay 0
clock rate 64000
!
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
!
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
!
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
!
!
router ospf 1
log-adjacency-changes
passive-interface GigabitEthernet1/0
network 10.1.1.0 0.0.0.3 area 0
network 192.168.1.0 0.0.0.255 area 0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
ip access-list standard PERMIT-SNMP
permit 192.168.1.0 0.0.0.255
!
no cdp log mismatch duplex
!
!
!
!
snmp-server group SNMP-G1 v3 priv read SNMP-RO access PERMIT-SNMP
snmp-server view SNMP-RO iso included
!
!
control-plane
!
!
!
mgcp fax t38 ecm
mgcp behavior g729-variants static-pt
!
!
!
gatekeeper
shutdown
!
banner motd ^CUnauthorized access strictly prohibited!^C
!
line con 0
exec-timeout 5 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 5 0
privilege level 15
password 7 13061E010803053F3334292026
logging synchronous
stopbits 1
line vty 0 4
exec-timeout 5 0
privilege level 15
password 7 110A1016141D1D181D3A2A373B
transport input ssh
!
ntp authentication-key 1 md5 0721157C5E080A16001D1908 7
ntp authenticate
ntp trusted-key 1
ntp master 3
ntp update-calendar
ntp server 10.1.1.2
end

R2 :
Current configuration : 2076 bytes
!
! Last configuration change at 18:01:54 UTC Sat May 8 2021
!
upgrade fpd auto
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
security passwords min-length 10
enable secret 5 $1$0L8B$jHZHAJAuKF8DS6JEg.oHH0
!
no aaa new-model
!
!
!
ip source-route
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
!
key chain NetAcad
key 1
key-string 7 112A3A2B362100091D393F36213D32
!
!
!
!
!
!
!
username user01 secret 5 $1$4Y/.$LxyJmZ30kAWBMT.39ISfx/
!
redundancy
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
interface Ethernet0/0
no ip address
shutdown
duplex auto
!
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex full
speed 1000
media-type gbic
negotiation auto
!
!
interface GigabitEthernet1/0
no ip address
shutdown
negotiation auto
!
!
interface Serial2/0
ip address 10.1.1.2 255.255.255.252
ip ospf authentication message-digest
serial restart-delay 0
!
!
interface Serial2/1
ip address 10.2.2.2 255.255.255.252
ip ospf authentication message-digest
serial restart-delay 0
clock rate 64000
!
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
!
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
!
!
router ospf 1
log-adjacency-changes
network 10.1.1.0 0.0.0.3 area 0
network 10.2.2.0 0.0.0.3 area 0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
mgcp fax t38 ecm
mgcp behavior g729-variants static-pt
!
!
!
gatekeeper
shutdown
!
banner motd ^CUnauthorized access strictly prohibited!^C
!
line con 0
exec-timeout 5 0
privilege level 15
logging synchronous
login local
stopbits 1
line aux 0
exec-timeout 5 0
privilege level 15
password 7 03075218050020595619181604
logging synchronous
login
stopbits 1
line vty 0 4
exec-timeout 5 0
password 7 03075218050037585719181604
login
transport input telnet
!
end

R3
Current configuration : 2098 bytes
!
! Last configuration change at 18:07:17 UTC Sat May 8 2021 by user01
!
upgrade fpd auto
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
security passwords min-length 10
enable secret 5 $1$fhse$.wqkxSgtsNJxgkcc1gjI8/
!
no aaa new-model
!
!
!
ip source-route
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
ip domain name ccnasecurity.com
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
username user01 secret 5 $1$tIQH$IlbXoM19J94NL/7eEafJT0
username admin privilege 15 secret 5 $1$..S5$D/9Mzhm3xSPcZk23Hf3J0.
!
redundancy
!
!
ip tcp synwait-time 5
ip ssh version 2
!
!
!
!
!
!
!
!
interface Ethernet0/0
no ip address
shutdown
duplex auto
!
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex full
speed 1000
media-type gbic
negotiation auto
!
!
interface GigabitEthernet1/0
ip address 192.168.3.1 255.255.255.0
negotiation auto
!
!
interface Serial2/0
no ip address
shutdown
serial restart-delay 0
!
!
interface Serial2/1
ip address 10.2.2.1 255.255.255.252
serial restart-delay 0
!
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
!
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
!
!
router ospf 1
log-adjacency-changes
passive-interface GigabitEthernet1/0
network 10.2.2.0 0.0.0.3 area 0
network 192.168.3.0 0.0.0.255 area 0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
mgcp fax t38 ecm
mgcp behavior g729-variants static-pt
!
!
!
gatekeeper
shutdown
!
banner motd ^CUnauthorized access strictly prohibited!^C
!
line con 0
exec-timeout 5 0
privilege level 15
logging synchronous
login local
stopbits 1
line aux 0
exec-timeout 5 0
privilege level 15
password 7 104D000A0618131E14142B3837
logging synchronous
login
stopbits 1
line vty 0 4
exec-timeout 5 0
privilege level 15
password 7 14141B180F0B3C3F3D38322631
login
transport input telnet
!
end

You might also like