0% found this document useful (0 votes)
54 views18 pages

CCNAv2 Chapter 05

This chapter discusses securing network devices and remote access. It covers configuring devices for remote SSH access using passwords and secrets encrypted with algorithms like MD5, SHA-256, and scrypt. Commands are provided for setting enable secrets, username secrets, and vty access controls. The roles of next-generation firewalls and IPS are explained, including using firewalls to control inbound and outbound connections through security zones like a DMZ. IPS works with signature databases to detect threats. Next-generation firewalls can include next-generation IPS modules.

Uploaded by

medrek
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
54 views18 pages

CCNAv2 Chapter 05

This chapter discusses securing network devices and remote access. It covers configuring devices for remote SSH access using passwords and secrets encrypted with algorithms like MD5, SHA-256, and scrypt. Commands are provided for setting enable secrets, username secrets, and vty access controls. The roles of next-generation firewalls and IPS are explained, including using firewalls to control inbound and outbound connections through security zones like a DMZ. IPS works with signature databases to detect threats. Next-generation firewalls can include next-generation IPS modules.

Uploaded by

medrek
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 18

CCNA 200-301, Volume 2

Chapter 5
Securing Network Devices
Objectives
• Explain the Role of Network Components
▫ Next-generation firewalls and IPS
• Configure network devices for remote access
using SSH
• Configure device access control using local
passwords
Example Login Security Configuration
Encryption and the service password-
encryption Command
Encryption Is Immediate; Decryption
Awaits Next Password Change
One-Way Nature of MD5 Hash to
Create Secret
Creation of the enable secret
Command
Timeline of Encryptions/Hashes of
Cisco IOS Passwords
Commands and Encoding Types for the
enable secret Command
Command Type Algorithm
enable [algorithm-type md5] secret password 5 MD5
enable algorithm-type sha256 secret password 8 SHA-256
enable algorithm-type scrypt secret password 9 SHA-256
Cisco IOS Encoding Password
“mypass1” as Type 9 (SHA-256)
Commands and Encoding Types for the
username secret Command
Command Type Algorithm
username name [algorithm-type md5] secret 5 MD5
password
username name algorithm-type sha256 secret 8 SHA-256
password
username name algorithm-type scrypt secret 9 SHA-256
password
vty Access Control Using the access-
class Command
Firewall as Positioned in the Packet
Forwarding Path
Allowing Outbound Connections and
Preventing Inbound Connections
Using Security Zones with Firewalls
Using a DMZ for Enterprise Servers
That Need to Be Accessible from the
Internet
IPS and Signature Database
Next-Generation Firewall with Next-
Generation IPS Module

You might also like