CCNAv2 Chapter 05
CCNAv2 Chapter 05
Chapter 5
Securing Network Devices
Objectives
• Explain the Role of Network Components
▫ Next-generation firewalls and IPS
• Configure network devices for remote access
using SSH
• Configure device access control using local
passwords
Example Login Security Configuration
Encryption and the service password-
encryption Command
Encryption Is Immediate; Decryption
Awaits Next Password Change
One-Way Nature of MD5 Hash to
Create Secret
Creation of the enable secret
Command
Timeline of Encryptions/Hashes of
Cisco IOS Passwords
Commands and Encoding Types for the
enable secret Command
Command Type Algorithm
enable [algorithm-type md5] secret password 5 MD5
enable algorithm-type sha256 secret password 8 SHA-256
enable algorithm-type scrypt secret password 9 SHA-256
Cisco IOS Encoding Password
“mypass1” as Type 9 (SHA-256)
Commands and Encoding Types for the
username secret Command
Command Type Algorithm
username name [algorithm-type md5] secret 5 MD5
password
username name algorithm-type sha256 secret 8 SHA-256
password
username name algorithm-type scrypt secret 9 SHA-256
password
vty Access Control Using the access-
class Command
Firewall as Positioned in the Packet
Forwarding Path
Allowing Outbound Connections and
Preventing Inbound Connections
Using Security Zones with Firewalls
Using a DMZ for Enterprise Servers
That Need to Be Accessible from the
Internet
IPS and Signature Database
Next-Generation Firewall with Next-
Generation IPS Module