Bab 1
Bab 1
Bab 1
Telkom University
School of Industrial Engineering
System Information Program
2024
BAB 2
2.0 Pendahuluan
2.1 Dasar Konfigurasi Switch
2.2 Switch Security: Manajemen dan Implementasi
BAB 2: TUJUAN
Setelah mempelajari bab ini, mahasiswa diharapkan dapat:
• Explain the advantages and disadvantages of static routing.
• Configure initial settings on a Cisco switch.
• Configure switch ports to meet network requirements.
• Configure the management switch virtual interface.
• Describe basic security attacks in a switched environment.
• Describe security best practices in a switched environment.
• Configure the port security feature to restrict network access.
BASIC SWITCH CONFIGURATION
JENIS KOMUNIKASI
CONFIGURING SWITCH PORTS
AUTO-MDIX FASILITAS
SSH OPERATION
• Secure Shell (SSH) is a protocol that provides a secure (encrypted),
command-line based connection to a remote device.
• SSH is commonly used in UNIX-based systems.
• The Cisco IOS software also supports SSH.
• A version of the IOS software, including cryptographic (encrypted)
features and capabilities, is required to enable SSH on Catalyst 2960
switches.
• Because its strong encryption features, SSH should replace Telnet for
management connections.
• SSH uses TCP port 22, by default. Telnet uses TCP port 23.
SECURE REMOTE ACCESS
CONFIGURING SSH
SECURE REMOTE ACCESS
VERIFYING SSH
SECURITY CONCERNS IN LANS
DHCP SPOOFING
DHCP is a network protocol used to automatically assign IP information.
Two types of DHCP attacks are:
• DHCP spoofing
• DHCP starvation
In DHCP spoofing attacks, a fake DHCP server is placed in the network
to issue DHCP addresses to clients.
DHCP starvation is often used before a DHCP spoofing attack to deny
service to the legitimate DHCP server.
SECURITY CONCERNS IN LANS
LEVERAGING TELNET
The Telnet protocol is insecure and should be replaced by SSH.
An attacker can use Telnet as part of other attacks:
• Brute force password attack
• Telnet DOS attack
When passwords cannot be captured, attackers will try as many
combinations of characters as possible. This attempt to guess the password
is known as brute force password attack.
Telnet can be used to test the guessed password against the system.
SECURITY CONCERNS IN LANS
10 BEST PRACTICES
Develop a written security policy for the organization.
Shut down unused services and ports.
Use strong passwords and change them often.
Control physical access to devices.
Use HTTPS instead of HTTP.
Perform backup operations on a regular basis.
Educate employees about social engineering attacks.
Encrypt and password-protect sensitive data.
Implement firewalls.
Keep software up-to-date.
SECURITY BEST PRACTICES
DHCP SNOOPING
DHCP Snooping specifies which switch ports can respond to DHCP
requests
SWITCH PORT SECURITY
CONFIGURING NTP
SWITCH PORT SECURITY
VERIFYING NTP
CHAPTER 2: SUMMARY
In this chapter, you learned:
• Cisco LAN switch boot sequence.
• Cisco LAN switch LED modes.
• How to remotely access and manage a Cisco LAN switch through a secure
connection.
• Cisco LAN switch port duplex modes.
• Cisco LAN switch port security, violation modes, and actions.
• Best practices for switched networks.
PENUTUP
04/19/2024
TERIMA KASIH