CCNA security.hwp
|
|
- 애리 증
- 5 years ago
- Views:
Transcription
1 - 1 - 기술문서 작성 CCNA security ( 네트워크보안가이드 ) 작성자 : 변규석 crsarang@ynu.ac.kr
2 목차 - - 목적 3 - 설정방법 4 1. 불필요한서비스제거 4 2. PASSWORD 설정 4 가. 글로벌모드 PASSWORD 설정 4 나. 콘솔 PASSWORD 설정 4 다. 텔넷 PASSWORD 설정 4 3. ACL 4 가. standard 4 나. extend 4 4. IPsec_VPN 5 5. AAA(TACACS) 6 가. ACS 설정 6 나. client router 설정 7 6. ntp(network Time Protocol) 시간동기화서버 7 7. Logging history 7 8. SSH 8 9. ZFW( Zone-Based Policy Firewall) 8 가. 대표적인서비스들 8 나. Configure Zone-Based Firewall PACKET TRACE 실습 10 - 참고자료및사이트 25 - NSA/SNAC Router Security Configuration Guide v1.1 26
3 목적 - 소프트웨어취약점으로인한보안문제뿐만아니라네트워크설정문제로인한보안사고로때때로발생한다. 조금만신경을쓰고설을함으로써악의적으로접근하는사용자들을손쉽게차단할수있을뿐아니라네트워크의효율도높일수있다. 하지만네트워크관리자가없는사업자또는단체는기본적인통신만을위한설정을해두는경우가많고보안을신경쓰는경우는없다. 이번에작성하는문서는 CCNA_SECURITY 과정에서배울수있는간단한기술에대해작성을할것이다. 이것을이용하여실제 CISCO라우터및기타장비에도실제로적용할수있을것이라생각한다. 또한관심을가지고더욱공부를한차원높아진네트워크보안을유지할수있을것이라생각된다.
4 설정방법 - 1. 불필요한서비스제거 (config)#no ip http server ;http server를굳이사용할필요없음 (config)#no service pad ;pad service를사용하지않는한막는다. (config)#no ip finger ;finger service 막기 (config)#no ip bootp server ;bootp server는필요할때만열것. (config)#no ip domain-lookup ; 필요시만열어줌 (config)#no cdp run ;CDP 관련공격차단, 장비목록을열람할수있는기회없앰. (config-if)#no ip redirects ;icmp redirect 막기 (config-if)#no ip unreachables ;icmp unreachable 막기 (config-if)#no ip directed-broadcast ;smurf 공격막기 (config-if)#no ip proxy-arp ;proxy-arp 기능막기 (config-if)#no ip mask-reply ;icmp mark-reply 막기 2. PASSWORD설정가. 글로벌모드 PASSWORD 설정 security passwords min-length 10 ; 최소 PASSWORD 길이지정 enable secret PASSWORD ; 글로벌모드로전환시확인하는 PASSWORD( 암호화되서저장 ) 나. 콘솔 PASSWORD 설정 (config)#line con 0 (config-line)#password PASSWORD ; 콘솔접속시사용할 PASSWORD (config-line)#exec-timeout 5 0 ; 타임아웃시간 5분 (config-line)#logging synchronous ; 명령어치는도중로그메세지뜨면새로운프롬프트띄움 다. 텔넷 PASSWORD 설정 (config)#line vty 0 4 ; 텔넷설정및동시접속자수설정 (config-line)#password PASSWORD ; 접속시사용할 PASSWORD (config-line)#exec-timeout 5 0 ; 접속유지시간 (config-line)#login authentication default 3. ACL 가. standard (0~99, 1300~1999) ( 목적지에최대한가까운인터페이스에설정 ) (config)#access-list 5 deny ; 네트워크의모든호스트차단 (config)#access-list 5 permit any (config)#int s 0/0 (config-if)#ip access-group acl 번호 in or out 나. extend (100~199, 2000~2699) ( 출발지에최대한가까운인터페이스에설정 ) (config)#access-list 105 permit tcp host SRC host DES range ((config)#access-list 105 permit tcp host SRC host DES eq SERVICE_NAME) (config)#access-list 105 permit ip any any (config)#int s 0/0 (config-if)#ip access-group acl 번호 in or out
5 IPsec_VPN (config)#crypto isakmp policy 10 ; 정책번호는임의설정 (1~65535). IKE 1(ISAKMP SA) 정책설정 (Phase 1) (config-isakmp)#authentication pre-share ; 관리자간미리공유. 인증 pre-share (config-isakmp)#encryption 3des ; 암호화방식은 3des (config-isakmp)#group 2 ;Group 2로설정 (1,2,5중에설정, 상대방과그룹번호가동일해야함 ) (config-isakmp)#hash md5 ; 무결성을위한해쉬알고리즘은 MD5 사용 (config-isakmp)#lifetime 3600 ; 정책사용기간 3600초 (1시간) R1,R2간의수립이성립된후이어지는사용시간 (TTL의의미 ) (config)#crypto isakmp key cisco address ADDRES ; Pre-shared 키설정, 공유키와상대방 IP 주소 ( 공인 ) 설정 (config)#crypto ipsec transform-set ciscotrans esp-3des esp-sha-hmac ; 트랜스폼 - 셋설정 (IPSec 통신설정 ) (config)#access-list 110 permit ip SRC DSE ;IPSec 대상트래픽정의 (R1 의사설단 ~R2 의사설단 ) (config)#crypto map ciscomap ipsec-isakmp ;IKE 2(IPsec SA) 정책설정 (Phase 2) (config-crypto-map)#match address 110 ;ACL 110 으로선언한조건지정 ( 전송시정책에유효한것 ) (config-crypto-map)#set peer DES 공인 IP ; 리모트공인 IP ( 목적지로가기위해지나가야할곳 ) (config-crypto-map)#set transform-set ciscotrans ;ciscotrans 셋트에대해사설단패킷파기로부터보호설정 (config)#interface serial 1/1 (config-if)#crypto map ciscomap ; 인터페이스에 IPSec 정책적용
6 AAA(TACACS) AAA는데이터센터같은곳의많은장비예를들어서버, 라우터, 스위치, 파이어월등에대해접근성제어를하기위한프레임워크. 가. ACS 설정 1) 왼쪽메뉴에 Network Configuration 을선택 (AAA Client 에서 add entry 클릭 ) 2) 입력창이뜨면다음내용입력 AAA Client Hostname : ACS Server 에 Client 로등록할장비의 hostname AAA Client IP Address : Client IP 주소 Shared Secret : 비밀번호 (Router 에서 AAA 를설정할때암호를동일하게입력해야함 ) Authenticate Using : TACACS+ (Cisco IOS) 를선택 3) 왼쪽메뉴에 User Setup 을선택 ( 사용자이름을입력한후 Add/Edit 클릭 ) 4) 입력창이뜨면패스워드입력
7 - 7 - 나. client router 설정 (config)#aaa new-model ; 라우터에서 AAA 기능을활성화시킨다. (config)#aaa authentication login default group tacacs+ none ;AAA 인증방식을설정. 기본인증은 tacacs+ 를통해서인증 (config)#aaa authentication login telnet_login group tacacs+ ;telnet_login 이름으로인증목록을만들고인증방식을 tacacs+ 를사용하도록설정 (config)#tacacs-server host key cisco ;Tacacs Server주소및 key값을입력 (config)#line vty 0 4 (config)#login authentication telnet_login ; 인증수행을 telnet_login항목으로설정 6. ntp(network Time Protocol) 시간동기화서버 (config)#ntp authenticate ;ntp인증활성화 (config)#ntp authentication-key 1 md5 ciscontppa55 ;ntp key MD5암호화및패스워드설정 (config)#ntp trusted-key 1 ;ntp trust키 1설정 (config)#ntp server 서버주소 key 1 ;ntp 서버 IP 설정 (config)#ntp update-calendar ;ntp 시간으로 calendar 업데이트설정 7. Logging history (config)#logging buffered ;logging 정보를 16k 까지저장. (config)#logging trap debugging ;debugging 정보까지 log server 에보냄 (config)#logging SERVER_IP ;logging server 지정 (config)#service timestamps debug datetime localtime show-timezone msec (config)#service timestamps log datetime localtime show-timezone msec
8 SSH (config)#line vty 0 4 ;Remote설정모드접속 (config-line)#transport input ssh ;Remote접속방식을 SSH로만설정 (config-line)#login local ; 로그인시 LOCAL인증사용 (config)#crypto key generate rsa 1024 ; 암호화 RSA방식사용 (config)#ip ssh time-out 90 ;time아웃시간 90분 (config)#ip ssh authentication-retries 2 ;2번의인증실패시접속불가설정 (config)#ip ssh version 2 ;SSH Ver2사용설정 9. ZFW( Zone-Based Policy Firewall) IOS Software Release 12.4(6) 이후버전부터지원가. 대표적인서비스들가 ) Stateful packet Inspection (SPI) 1. STATIC 2. STATEFUL packet의출발지, 목적지 ip 와 port 번호만보는것이아니라, 패킷의내용까지다봄. 택배를예로들면, static이택배송장에쓰여져있는보내는사람주소와받는사람주소만보고택배를전달할지버릴지를결정한다면, stateful은택배를뜯어봐서내용물까지도검사하는것. 나 ) VRF-aware Cisco IOS Firewall 다 ) URL filtering 라 ) Denial-of-service(DoS) mitigation 나. Configure Zone-Based Firewall ( 인터넷자료스크랩자료 ) Figure1. Basic Security Zone Topology Private zone connectivity to the Internet Private zone connectivity to DMZ hosts Internet zone connectivity to DMZ hosts class-map type inspect match-all all-private match access-group 101 class-map type inspect match-all private-ftp match protocol ftp match access-group 101 class-map type inspect match-any netbios match protocol msrpc match protocol netbios-dgm
9 - 9 - match protocol netbios-ns match protocol netbios-ssn class-map type inspect match-all private-netbios match class-map netbios match access-group 101 class-map type inspect match-all private-ssh match protocol ssh match access-group 101 class-map type inspect match-all private-http match protocol http match access-group 101! policy-map type inspect priv-pub-pmap class type inspect private-http inspect class type inspect private-ftp inspect class type inspect private-ssh inspect class type inspect private-netbios inspect class type inspect all-private inspect class class-default! zone security private zone security public zone-pair security priv-pub source private destination public service-policy type inspect priv-pub-pmap! interface FastEthernet4 ip address zone-member security public! interface Vlan1 ip address zone-member security private! access-list 101 permit ip any 확인 ZFW-TEST#sh policy-map type insp zone-pair priv-pub Zone-pair: priv-pub [ 출처 ]
10 PACKET TRACE 실습 ( 영남대학교컴퓨터네트워크및실습강의자료 ) Configure a Network for Secure Operation 17 페이지참고 Task2 Step1-Step6 for R1, R3 R1#conf t R1(config)#security passwords min-length 10 R1(config)#enable secret ciscoenpa55 R1(config)#service password-encryption R1(config)#line con 0 R1(config-line)#password ciscoconpa55 R1(config-line)#exec-timeout 5 0 R1(config-line)#logging synchronous R1(config-line)#login R1(config-line)#exit R1(config)#line vty 0 4 R1(config-line)#password ciscovtypa55 R1(config-line)#exec-timeout 5 0 R1(config-line)#login authentication default R1(config-line)#exit R1(config)#banner motd $No Unauthorized Access!$ Task3 Step1-Step3 for R1, R3 R1(config)#username Admin01 secret Admin01pa55 R1(config)#aaa new-model
11 R1(config)#aaa authentication login default local none Task4 Step1 PC의 NTP ON, KEY와 password 설정 Step2-Step3 R1(config)#ntp authenticate R1(config)#ntp authentication-key 1 md5 ciscontppa55 R1(config)#ntp trusted-key 1 R1(config)#ntp server key 1 R1(config)#ntp update-calendar Task 5: Configure R1 as Syslog Client R1(config)#service timestamps log datetime msec R1(config)#logging PC-B의 Syslog 서버에서메시지확인 Task 6: Secure Router Against Login Attacks Step1-Step3 Try steps! Task 8: Configure CBAC on R1 Step1-Step4 R1(config)# R1(config)#ip access-list extended OUT-IN R1(config-ext-nacl)#deny ip any any R1(config-ext-nacl)#exit R1(config)#int serial 0/0/0 R1(config-if)#ip access-group OUT-IN in R1(config-if)#exit R1(config)#ip inspect name IN-OUT-IN icmp R1(config)#ip inspect name IN-OUT-IN telnet R1(config)#ip inspect name IN-OUT-IN http R1(config)#int serial 0/0/0 R1(config-if)#ip inspect IN-OUT-IN out R1(config-if)#exit R1(config)#exit Step5 ping PC-A to PA-C R3#conf t R3(config)#security passwords min-length 10 R3(config)#enable secret ciscoenpa55 R3(config)#service password-encryption
12 R3(config)#line con 0 R3(config-line)#password ciscoconpa55 R3(config-line)#exec-timeout 5 0 R3(config-line)#logging synchronous R3(config-line)#login R3(config-line)#exit R3(config)#line vty 0 4 R3(config-line)#password ciscovtypa55 R3(config-line)#exec-timeout 5 0 R3(config-line)#login local R3(config-line)#exit R3(config)#banner motd $No Unauthorized Access!$ R3(config)#username Admin01 secret Admin01pa55 R3(config)#aaa new-model R3(config)#aaa authentication login default local none Task 7: Configure SSH on R3 R3(config)#ip domain-name ccnasecurity.com R3(config)#line vty 0 4 R3(config-line)#transport input ssh R3(config-line)#login local R3(config-line)#exit R3(config)#crypto key generate rsa 1024 입력 R3(config)#ip ssh time-out 90 R3(config)#ip ssh authentication-retries 2 R3(config)#ip ssh version 2 Task 9: Configure ZPF on R3 Step1 Test connectivity! Step2-Step6 R3(config)#zone security IN-ZONE R3(config-sec-zone)#exit R3(config)#zone security OUT-ZONE R3(config-sec-zone)#exit R3(config)#access-list 101 permit ip any R3(config)#class-map type inspect IN-NET-CLASS-MAP R3(config-cmap)#match access-group 101 R3(config-cmap)#exit R3(config)#policy-map type inspect IN-2-OUT-PMAP
13 R3(config-pmap)#class type inspect IN-NET-CLASS-MAP R3(config-pmap-c)#inspect R3(config-pmap-c)#exit R3(config-pmap)#exit R3(config)#zone-pair security IN-2-OUT-ZPAIR source IN-ZONE destination OUT-ZONE R3(config-sec-zone-pair)#service-policy type inspect IN-2-OUT-PMAP R3(config-sec-zone-pair)#exit R3(config)#int fa 0/1 R3(config-if)#zone-member security IN-ZONE R3(config-if)#exit R3(config)#int serial 0/0/1 R3(config-if)#zone-member security OUT-ZONE R3(config-if)#exit R3(config)# Step7 Test Firewall functionality! Task 10: Secure the Switches Step1-Step4 S1>en S1#conf t S1(config)#enable secret ciscoenpa55 S1(config)#service password-encryption S1(config)#line con 0 S1(config-line)#password ciscoconpa55 S1(config-line)#exec-timeout 5 0 S1(config-line)#logging synchronous S1(config-line)#login S1(config-line)#exit S1(config-line)#line vty 0 4 S1(config-line)#password ciscovtypa55 S1(config-line)#exec-timeout 5 0 S1(config-line)#login S1(config-line)#exit S1(config)#int fa 0/1 Step5-Step6. Secure trunk ports on S1. S1(config-if)#switchport mode trunk S1(config-if)# S1(config-if)#switchport trunk native vlan 99
14 S1(config-if)#switchport nonegotiate S1(config-if)#storm-control broadcast level 50 S1(config-if)#exit S1(config)#int range fa 0/2-24 S1(config-if-range)#switchport mode access S1(config-if-range)#spanning-tree portfast S1(config-if-range)#spanning-tree bpduguard enable S1(config-if-range)#shutdown S1(config-if-range)# S1(config-if-range)#exit S1(config)#int range gigabitethernet 1/1-2 S1(config-if-range)#switchport mode access S1(config-if-range)#spanning-tree portfast S1(config-if-range)#spanning-tree bpduguard enable S1(config-if-range)#shutdown S1(config-if-range)#exit S1(config)#int range fa 0/5-6 S1(config-if-range)#switchport port-security S1(config-if-range)#switchport port-security mac-address sticky S1(config-if-range)#no shutdown S1(config-if-range)#exit S1(config)# S2>en S2#conf t S2(config)#enable secret ciscoenpa55 S2(config)#service password-encryption S2(config)#line con 0 S2(config-line)#password ciscoconpa55 S2(config-line)#exec-timeout 5 0 S2(config-line)#logging synchronous S2(config-line)#login S2(config-line)#exit S2(config-line)#line vty 0 4 S2(config-line)#password ciscovtypa55 S2(config-line)#exec-timeout 5 0 S2(config-line)#login S2(config-line)#exit S2(config)#int fa 0/1
15 S2(config-if)#switchport mode trunk S2(config-if)#switchport trunk native vlan 99 S2(config-if)#switchport nonegotiate S2(config-if)#storm-control broadcast level 50 S2(config-if)#exit S2(config)#int range fa 0/2-24 S2(config-if-range)#switchport mode access S2(config-if-range)#spanning-tree portfast S2(config-if-range)#spanning-tree bpduguard enable S2(config-if-range)#shutdown S2(config-if-range)# S2(config-if-range)#exit S2(config)#int range gigabitethernet 1/1-2 S2(config-if-range)#switchport mode access S2(config-if-range)#spanning-tree portfast S2(config-if-range)#spanning-tree bpduguard enable S2(config-if-range)#shutdown S2(config-if-range)#exit S2(config)#int fa 0/18 S2(config-if-range)#switchport port-security S2(config-if-range)#switchport port-security mac-address sticky S2(config-if-range)#no shutdown S2(config-if-range)#exit S2(config)# S3>en S3#conf t S3(config)#enable secret ciscoenpa55 S3(config)#service password-encryption S3(config)#line con 0 S3(config-line)#password ciscoconpa55 S3(config-line)#exec-timeout 5 0 S3(config-line)#logging synchronous S3(config-line)#login S3(config-line)#exit S3(config-line)#line vty 0 4 S3(config-line)#password ciscovtypa55 S3(config-line)#exec-timeout 5 0 S3(config-line)#login
16 S3(config-line)#exit S3(config)#int range fa 0/1-24 S3(config-if-range)#switchport mode access S3(config-if-range)#spanning-tree portfast S3(config-if-range)#spanning-tree bpduguard enable S3(config-if-range)#shutdown S3(config-if-range)# S3(config-if-range)#exit S3(config)#int range gigabitethernet 1/1-2 S3(config-if-range)#switchport mode access S3(config-if-range)#spanning-tree portfast S3(config-if-range)#spanning-tree bpduguard enable S3(config-if-range)#shutdown S3(config-if-range)#exit S3(config)#int range fa 0/5-6 S3(config-if-range)#switchport port-security S3(config-if-range)#switchport port-security mac-address sticky S3(config-if-range)#no shutdown S3(config-if-range)#exit S3(config)# Task11: Verification!!
17 Learning Objectives Secure the routers with strong passwords, password encryption and a login banner. Secure the console and VTY lines with passwords. Configure local AAA authentication. Configure SSH server. Configure router for syslog. Configure router for NTP. Secure the router against login attacks. Configure CBAC and ZPF firewalls. Secure network switches. Introduction In this comprehensive practice activity, you will apply a combination of security measures that were introduced in the course. These measures are listed in the objectives. In the topology, R1 is the edge outer for the Company A while R3 is the edge router for Company B. These networks are interconnected via the R2 router which represents the ISP. You will configure various security features on the routers and switches for Company A and Company B. Not all security features will be configured on R1 and R3. The following preconfigurations have been made: Hostnames on all devices IP addresses on all devices R2 console password: ciscoconpa55 R2 password on VTY lines: ciscovtypa55 R2 enable password: ciscoenpa55 Static routing Syslog services on PC-B DNS lookup has been disabled IP default gateways for all switches Task 1: Test Connectivity and Verify Configurations Step 1. Verify IP addresses. Step 2. Verify routing tables. Step 3. Test connectivity. From PC-A, ping PC-C at IP address Task 2: Secure the Routers Step 1. Set minimum a password length of 10 characters on router R1 and R3. Step 2. Configure an enable secret password on router R1 and R3.
18 Use an enable secret password of ciscoenpa55. Step 3. Encrypt plaintext passwords. Step 4. Configure the console lines on R1 and R3. Configure a console password of ciscoconpa55 and enable login. Set the exec-timeout to log out after 5 minutes of inactivity. Prevent console messages from interrupting command entry. Step 5. Configure vty lines on R1. Configure a vty line password of ciscovtypa55 and enable login. Set the exec-timeout to log out after 5 minutes of inactivity. Set the login authentication to use the default AAA list to be defined later. Note: The vty lines on R3 will be configured for SSH in a later task. Step 6. Configure login banner on R1 and R3. Configure a warning to unauthorized users with a message-of-the-day (MOTD) banner that says: No Unauthorized Access!. Task 3: Configure Local Authentication on R1 and R3 Step 1. Configure the local user database. Create a local user account of Admin01 with a secret password of Admin01pa55. Step 2. Enable AAA services. Step 3. Implement AAA services using the local database. Create the default login authentication method list using local authentication with no backup method. Task 4: Configure NTP Step 1. Enable NTP authentication on PC-A. On PC-A, choose the Config tab, and then the NTP button. Select On for NTP service. Enable authentication and enter a Key of 1 and a password of ciscontppa55. Step 2. Configure R1 as an NTP Client. Configure NTP authentication Key 1 with a password of ciscontppa55. Configure R1 to synchronize with the NTP server and authenticate using Key 1.
19 Step 3. Configure routers to update hardware clock. Configure routers to periodically update the hardware clock with the time learned from NTP. Task 5: Configure R1 as Syslog Client Step 1. Configure R1 to timestamp log messages. Configure timestamp service for logging on the routers. Step 2. Configure R1 to log messages to the syslog server. Configure the routers to identify the remote host (syslog server) that will receive logging messages. You should see a console message similar to the following: SYS-6-LOGGINGHOST_STARTSTOP: Logging to host port 514 started - CLI initiated Step 3. Check for syslog messages on PC-B. On R1, exit config mode to generate a syslog message. Open the syslog server on PC-B to view the message sent from R1. You should see a message similar to the following on the syslog server: %SYS-5-CONFIG_I: Configured from console by console Task 6: Secure Router Against Login Attacks Step 1. Log unsuccessful login attempts to R1. Step 2. Telnet to R1 from PC-A. Telnet from PC-A to R1 and provide the username Admin01 and password Admin01pa55. The Telnet should be successful. Step 3. Telnet to R1 from PC-A and check syslog messages on the syslog server. Exit from the current Telnet session and Telnet again to R1 using the username of baduser and any password. Check the syslog server on PC-B. You should see an error message similar to the following that is generated by the failed login attempt. SEC_LOGIN-4-LOGIN_FAILED:Login failed [user:baduser] [Source: ] [localport:23] [Reason:Invalid login] at 15:01:23 UTC Wed June Task 7: Configure SSH on R3
20 Step 1. Configure a domain name. Configure a domain name of ccnasecurity.com on R3. Step 2. Configure the incoming vty lines on R3. Use the local user accounts for mandatory login and validation and accept only SSH connections. Step 3. Configure RSA encryption key pair for R3. Any existing RSA key pairs should be erased on the router. If there are no keys currently configured a message will be displayed indicating this. Configure the RSA keys with a modulus of Step 4. Configure SSH timeouts and authentication parameters. Set the SSH timeout to 90 seconds, the number of authentication retries to 2, and the version to 2. Task 8: Configure CBAC on R1 Step 1. Configure a named IP ACL. Create an IP ACL named OUT-IN to block all traffic originating from the outside network. Apply the access list to incoming traffic on interface Serial 0/0/0. Step 2. Confirm that traffic entering interface Serial 0/0/0 is dropped. From the PC-A command prompt, ping PC-C. The ICMP echo replies are blocked by the ACL. Step 3. Create an inspection rule to inspect ICMP, Telnet and HTTP traffic. Create an inspection rule named IN-OUT-IN to inspect ICMP, Telnet and HTTP traffic. Step 4. Apply the inspect rule to the outside interface. Apply the IN-OUT-IN inspection rule to the interface where traffic exits to outside networks. Step 5. Test operation of the inspection rule. From the PC-A command prompt, ping PC-C. The ICMP echo replies should be inspected and allowed through. Task 9: Configure ZPF on R3 Step 1. Test connectivity.
21 Verify that the internal host can access external resources. From PC-C, test connectivity with ping and Telnet to R2; all should be successful. From R2 ping to PC-C. The pings should be allowed. Step 2. Create the firewall zones. Create an internal zone named IN-ZONE. Create an external zone named OUT-ZONE. Step 3. Create an ACL that defines internal traffic. Create an extended, numbered ACL that permits all IP protocols from the /24 source network to any destination. Use 101 for the ACL number. Step 4. Create a class map referencing the internal traffic ACL. Create a class map named IN-NET-CLASS-MAP to match ACL 101. Step 5. Specify firewall policies. Create a policy map named IN-2-OUT-PMAP to determine what to do with matched traffic. Specify a class type of inspect and reference class map IN-NET-CLASS-MAP. Specify the action of inspect for this policy map You should see the following console message: %No specific protocol configured in class IN-NET-CLASS-MAP for inspection. All protocols will be inspected. Exit to the global config prompt. Step 6. Apply firewall policies. Create a zone pair named IN-2-OUT-ZPAIR. Specify the source and destination zones that were created earlier. Attach a policy map and actions to the zone pair referencing the policy map previously created, IN-2-OUT-PMAP. Exit to the global config prompt and assign the internal and external interfaces to the security zones.
22 Step 7. Test firewall functionality. Verify that the internal host can still access external resources. From PC-C, test connectivity with ping and Telnet to R2; all should be successful. From R2 ping to PC-C. The pings should now be blocked. Task 10: Secure the Switches Step 1. Configure an enable secret password on all switches. Use an enable secret password of ciscoenpa55. Step 2. Encrypt plaintext passwords. Step 3. Configure the console lines on all switches. Configure a console password of ciscoconpa55 and enable login. Set the exec-timeout to log out after 5 minutes of inactivity. Prevent console messages from interrupting command entry. Step 4. Configure vty lines on all switches. Configure a vty line password of ciscovtypa55 and enable login. Set the exec-timeout to log out after 5 minutes of inactivity. Set the basic login parameter. Step 5. Secure trunk ports on S1 and S2. Configure port Fa0/1 on S1 as a trunk port. Configure port Fa0/1 on S2 as a trunk port. Verify that S1 port Fa0/1 is in trunking mode. Set the native VLAN on S1 and S2 trunk ports to an unused VLAN 99. Set the trunk ports on S1 and S2 so that they do not negotiate by turning off the generation of DTP frames. Enable storm control for broadcasts on the S1 and S2 trunk ports with a 50 percent rising suppression level. Step 6. Secure access ports. Disable trunking on S1, S2 and S3 access ports. Enable PortFast on S1, S2, and S3 access ports.
23 Enable BPDU guard on the switch ports previously configured as access only. Enable basic default port security on all end-user access ports that are in use. Use the sticky option. Re-enable each access port to which port security was applied. Disable any ports not being used on each switch. Task 11: Verification Step 1. Test SSH configuration. Attempt to connect to R3 via Telnet from PC-C. From PC-C, enter the command to connect to R3 via Telnet at IP address This connection should fail, since R3 has been configured to accept only SSH connections on the virtual terminal lines. From PC-C, enter the ssh l Admin command to connect to R3 via SSH. When prompted for the password, enter the password Admin01pa55 configured for the local administrator. Use the show ip ssh command to see the configured settings. Step 2. Verify timestamps, NTP status for R1 and PC-A. Step 3. Test CBAC firewall on R1. Ping from PC-A to R2 at (should succeed) Telnet from PC-A to R (should succeed) Ping from R2 to PC-A at (should fail) Step 4. Test ZPF firewall on R3. Ping from PC-C to R2 at (should succeed) Telnet from PC-C to R2 at (should succeed) Ping from R2 to PC-C at (should fail) Telnet from R2 to R3 at (should fail only SSH is allowed) Step 5. Verify port security.
24 On S2, use the show run command to confirm that S2 has added a sticky MAC address for Fa0/18. This should be the MAC address of PC-B. Record the MAC address for later use. Select PC-B. Go to the Config tab. Select FastEthernet under the Interface section. Edit the MAC address field. This should cause a port security violation and S2 should shut down port Fa0/18. Use the show interface Fa0/18 command to view the status of the port. The port should be in the err-disabled state. On PC-B, go to the Config tab. Select FastEthernet under the Interface section. Change the MAC address to another address. From interface configuration mode on switch S2 for Fa0/18, use the no switchport port-security mac-address sticky address command to remove the original PC-B learned address. Shutdown and then re-enable the Fa0/18 interface. On S2, use the show run command to confirm that the port comes up and that the new MAC address has been learned. Note: If it is desired to reconnect the PC with the original MAC address, you can simply change the MAC address on the PC back to the original one and issue the shutdown and no shut down commands on port Fa0/18. If the PC or a NIC is being replaced and will have a new MAC address, you must first remove the old learned address. Step 6. Check results. Your completion percentage should be 100%. Click Check Results to see feedback and verification of which required components have been completed. All contents are Copyright Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
25 참고자료및사이트 -영남대학교컴퓨터네트워크및실습강의자료 -TACACS 참고자료 -NSA/SNAC Router Security Configuration Guide v1.1 -네트워크전문가따라잡기
26 - 26 -
27 - 27 -
Microsoft PowerPoint - 2.Catalyst Switch Intrastructure Protection_이충용_V1 0.ppt [호환 모드]
Catalyst Switch Infrastructure Protection Cisco Systems Korea SE 이충용 (choolee@cisco.com) Overview DoS (Denial of Service) 공격대상 - Server Resource - Network Resource - Network devices (Routers, Firewalls
More informationMicrosoft PowerPoint - ch13.ppt
chapter 13. 네트워크보안과 ACL 한빛미디어 -1- 학습목표 계층별네트워크보안이슈 시스코라우터의 ACL 시스코라우터의 ACL 설정 한빛미디어 -2- 계층별네트워크보안이슈 데이터링크계층보안 ARP 스푸핑 MAC 플러딩 한빛미디어 -3- 계층별네트워크보안이슈 방화벽 [ 그림 ] 방화벽구조 한빛미디어 -4- 계층별네트워크보안이슈 침입탐지시스템 (IDS)
More information토폴로지 2( 풀이 ) 1. 요구사항 가. 주어진자료 ( 토폴로지 2.pka) 를참고하여네트워크구성작업을완성하시오. 2. 작업내용가. 설명 - 현재토폴로지에이미통신이가능한모든설정이되어있습니다. - 그러나, 보안문제로지금부터주어진조건으로설정을다시하고자합니다. - 총 4개
토폴로지 2( 풀이 ) 1. 요구사항 가. 주어진자료 ( 토폴로지 2.pka) 를참고하여네트워크구성작업을완성하시오. 2. 작업내용가. 설명 - 현재토폴로지에이미통신이가능한모든설정이되어있습니다. - 그러나, 보안문제로지금부터주어진조건으로설정을다시하고자합니다. - 총 4개의네트워크를모두분리하고자동으로 IP를할당하도록설정하려합니다. * 라우터와서버를포함한모든 PC는이전의네트워크설정이되어있습니다.
More informationchapter4
Basic Netw rk 1. ก ก ก 2. 3. ก ก 4. ก 2 1. 2. 3. 4. ก 5. ก 6. ก ก 7. ก 3 ก ก ก ก (Mainframe) ก ก ก ก (Terminal) ก ก ก ก ก ก ก ก 4 ก (Dumb Terminal) ก ก ก ก Mainframe ก CPU ก ก ก ก 5 ก ก ก ก ก ก ก ก ก ก
More information본교재는수업용으로제작된게시물입니다. 영리목적으로사용할경우저작권법제 30 조항에의거법적처벌을받을수있습니다. [ 실습 ] 스위치장비초기화 1. NVRAM 에저장되어있는 'startup-config' 파일이있다면, 삭제를실시한다. SWx>enable SWx#erase sta
[ 실습 ] 스위치장비초기화 1. NVRAM 에저장되어있는 'startup-config' 파일이있다면, 삭제를실시한다. SWx>enable SWx#erase startup-config Erasing the nvram filesystem will remove all configuration files Continue? [confirm] ( 엔터 ) [OK] Erase
More informationPWR PWR HDD HDD USB USB Quick Network Setup Guide xdsl/cable Modem PC DVR 1~3 1.. DVR DVR IP xdsl Cable xdsl Cable PC PC DDNS (
PWR PWR HDD HDD USB USB Quick Network Setup Guide xdsl/cable Modem PC DVR 1~3 1.. DVR DVR IP xdsl Cable xdsl Cable PC PC DDNS (http://ddns.hanwha-security.com) Step 1~5. Step, PC, DVR Step 1. Cable Step
More information정보기기운용기능사모의고사 1 풀이 1. 기억하세요. 가. 명령어가생각나지않을때? 를입력하세요. 나. 명령어앞의 2~3글자를쓰고탭 (Tab) 키를누르세요. 그러면자동으로완성됩니다. 다. 파일을열고곧바로 [File-SaveAs] 눌러서파일이름을 비번호 로바꿔저장하세요. 2
정보기기운용기능사모의고사 1 풀이 1. 기억하세요. 가. 명령어가생각나지않을때? 를입력하세요. 나. 명령어앞의 2~3글자를쓰고탭 (Tab) 키를누르세요. 그러면자동으로완성됩니다. 다. 파일을열고곧바로 [File-SaveAs] 눌러서파일이름을 비번호 로바꿔저장하세요. 2. 작업내용에대한풀이 가. 시스템설정 1) 각장비의호스트이름을도면과같이변경하시오. Switch(config)#host
More informationSena Device Server Serial/IP TM Version
Sena Device Server Serial/IP TM Version 1.0.0 2005. 3. 7. Release Note Revision Date Name Description V1.0.0 2005-03-7 HJ Jeon Serial/IP 4.3.2 ( ) 210 137-130, : (02) 573-5422 : (02) 573-7710 email: support@sena.com
More informationUSB USB DV25 DV25 REC SRN-475S REC SRN-475S LAN POWER LAN POWER Quick Network Setup Guide xdsl/cable Modem PC DVR 1~3 1.. DVR DVR IP xdsl Cable xdsl C
USB USB DV25 DV25 REC SRN-475S REC SRN-475S LAN POWER LAN POWER Quick Network Setup Guide xdsl/cable Modem PC DVR 1~3 1.. DVR DVR IP xdsl Cable xdsl Cable PC PC Step 1~5. Step, PC, DVR Step 1. Cable Step
More informationUDP Flooding Attack 공격과 방어
황 교 국 (fullc0de@gmail.com) SK Infosec Co., Inc MSS Biz. Security Center Table of Contents 1. 소개...3 2. 공격 관련 Protocols Overview...3 2.1. UDP Protocol...3 2.2. ICMP Protocol...4 3. UDP Flood Test Environment...5
More informationRemote UI Guide
Remote UI KOR Remote UI Remote UI PDF Adobe Reader/Adobe Acrobat Reader. Adobe Reader/Adobe Acrobat Reader Adobe Systems Incorporated.. Canon. Remote UI GIF Adobe Systems Incorporated Photoshop. ..........................................................
More information소개 TeraStation 을 구입해 주셔서 감사합니다! 이 사용 설명서는 TeraStation 구성 정보를 제공합니다. 제품은 계속 업데이트되므로, 이 설명서의 이미지 및 텍스트는 사용자가 보유 중인 TeraStation 에 표시 된 이미지 및 텍스트와 약간 다를 수
사용 설명서 TeraStation Pro II TS-HTGL/R5 패키지 내용물: 본체 (TeraStation) 이더넷 케이블 전원 케이블 TeraNavigator 설치 CD 사용 설명서 (이 설명서) 제품 보증서 www.buffalotech.com 소개 TeraStation 을 구입해 주셔서 감사합니다! 이 사용 설명서는 TeraStation 구성 정보를
More informationPowerPoint 프레젠테이션
네트워크기말고사실무과제 91716880 윤솔비 91707815 송유진 I n d e x 01/ 전체토폴로지 02/ 정적경로설정 03/ RIPv2 04/ EIGRP 05/ OSPF 06/ VLAN 07/ VTP 08/ STP 09/ 무선LAN 10/ WAN 11/ VPN 12/ DHCP 13/ NAT 1. 전체토폴로지 1. 전체토폴로지 RIP OSPF EIGRP
More informationPowerChute Personal Edition v3.1.0 에이전트 사용 설명서
PowerChute Personal Edition v3.1.0 990-3772D-019 4/2019 Schneider Electric IT Corporation Schneider Electric IT Corporation.. Schneider Electric IT Corporation,,,.,. Schneider Electric IT Corporation..
More information4. 스위치재부팅을실시한다. ( 만약, Save 질문이나오면 'no' 를실시한다.) SWx#reload System configuration has been modified. Save? [yes/no]: no Proceed with reload? [confirm] (
[ 실습 ] 스위치장비초기화 1. NVRAM 에저장되어있는 'startup-config' 파일이있다면, 삭제를실시한다. SWx>enable SWx#erase startup-config Erasing the nvram filesystem will remove all configuration files Continue? [confirm] ( 엔터 ) [OK] Erase
More informationNetwork seminar.key
Intro to Network .. 2 4 ( ) ( ). ?!? ~! This is ~ ( ) /,,,???? TCP/IP Application Layer Transfer Layer Internet Layer Data Link Layer Physical Layer OSI 7 TCP/IP Application Layer Transfer Layer 3 4 Network
More information최종연습 LAN2 1. 호스트이름, enable 패스워드변경 ( 토폴로지참고 ) - 스위치와라우터의 MD5로암호화된 enable passwod : Cisco123 가. 스위치이름 : SW1, SW2 나. 라우터이름 : RT Switch(config)#hostname S
1. 호스트이름, enable 패스워드변경 ( 토폴로지참고 ) - 스위치와라우터의 MD5로암호화된 enable passwod : Cisco123 가. 스위치이름 : SW1, SW2 나. 라우터이름 : RT Switch(config)#hostname SW1 SW1(config)#enable secret Cisco123 Switch(config)#hostname
More informationSolaris Express Developer Edition
Solaris Express Developer Edition : 2008 1 Solaris TM Express Developer Edition Solaris OS. Sun / Solaris, Java, Web 2.0,,. Developer Solaris Express Developer Edition System Requirements. 768MB. SPARC
More informationAAA AAA란라우터로접속하는사용자에대한인증, 권한, 과금을수행하기위한보안관련기능을수행하며, 클라이언트장비가서버쪽장비와연결되어네트워크서비스연결을시도할때도 AAA 기능을통해서장비인증및권한을실시한다. AAA 기능을사용하기이전에는라우터접근제어는 Console 라인과 VTY
제 9 장 AAA 블로그 : net123.tistory.com - 1 - 저자김정우 AAA AAA란라우터로접속하는사용자에대한인증, 권한, 과금을수행하기위한보안관련기능을수행하며, 클라이언트장비가서버쪽장비와연결되어네트워크서비스연결을시도할때도 AAA 기능을통해서장비인증및권한을실시한다. AAA 기능을사용하기이전에는라우터접근제어는 Console 라인과 VTY 라인에설정된패스워드를통하여접속제어를실시하였다.
More informationORANGE FOR ORACLE V4.0 INSTALLATION GUIDE (Online Upgrade) ORANGE CONFIGURATION ADMIN O
Orange for ORACLE V4.0 Installation Guide ORANGE FOR ORACLE V4.0 INSTALLATION GUIDE...1 1....2 1.1...2 1.2...2 1.2.1...2 1.2.2 (Online Upgrade)...11 1.3 ORANGE CONFIGURATION ADMIN...12 1.3.1 Orange Configuration
More information10X56_NWG_KOR.indd
디지털 프로젝터 X56 네트워크 가이드 이 제품을 구입해 주셔서 감사합니다. 본 설명서는 네트워크 기능 만을 설명하기 위한 것입니다. 본 제품을 올바르게 사 용하려면 이 취급절명저와 본 제품의 다른 취급절명저를 참조하시기 바랍니다. 중요한 주의사항 이 제품을 사용하기 전에 먼저 이 제품에 대한 모든 설명서를 잘 읽어 보십시오. 읽은 뒤에는 나중에 필요할 때
More informationCisco SDN 3.0 DDoS DDoS Cisco DDoS Real Demo 2008 Cisco Systems, Inc. All rights reserved. 2
SDN DDoS (whchoi@cisco.com) Cisco Systems Korea 2008 Cisco Systems, Inc. All rights reserved. 1 Cisco SDN 3.0 DDoS DDoS Cisco DDoS Real Demo 2008 Cisco Systems, Inc. All rights reserved. 2 Cisco SDN 3.0
More informationSMB_ICMP_UDP(huichang).PDF
SMB(Server Message Block) UDP(User Datagram Protocol) ICMP(Internet Control Message Protocol) SMB (Server Message Block) SMB? : Microsoft IBM, Intel,. Unix NFS. SMB client/server. Client server request
More informationSubnet Address Internet Network G Network Network class B networ
Structure of TCP/IP Internet Internet gateway (router) Internet Address Class A Class B Class C 0 8 31 0 netid hostid 0 16 31 1 0 netid hostid 0 24 31 1 1 0 netid hostid Network Address : (A) 1 ~ 127,
More informationbn2019_2
arp -a Packet Logging/Editing Decode Buffer Capture Driver Logging: permanent storage of packets for offline analysis Decode: packets must be decoded to human readable form. Buffer: packets must temporarily
More informationuntitled
CAN BUS RS232 Line Ethernet CAN H/W FIFO RS232 FIFO IP ARP CAN S/W FIFO TERMINAL Emulator COMMAND Interpreter ICMP TCP UDP PROTOCOL Converter TELNET DHCP C2E SW1 CAN RS232 RJ45 Power
More informationMicrosoft PowerPoint - ch15.ppt
chapter 15. CCNA 준비 -1- 학습목표 CCNA 시험대비총정리 -2- OSI 계층별특징 -3- 데이터의인캡슐레이션 -4- TCP/IP 모델과 OSI 계층모델의대응 -5- 캐이블 내 용 동축 STP UTP 광 대역폭 10-100 100-1G -10G 매체크기 큼 보통 작음 작음 전자기장애 작음 작음 큼 없음 최대길이 500m 100m 100m 100km
More informationAssign an IP Address and Access the Video Stream - Installation Guide
설치 안내서 IP 주소 할당 및 비디오 스트림에 액세스 책임 본 문서는 최대한 주의를 기울여 작성되었습니다. 잘못되거나 누락된 정보가 있는 경우 엑시스 지사로 알려 주시기 바랍니다. Axis Communications AB는 기술적 또는 인쇄상의 오류에 대해 책 임을 지지 않으며 사전 통지 없이 제품 및 설명서를 변경할 수 있습니다. Axis Communications
More informationChapter 1
3 Oracle 설치 Objectives Download Oracle 11g Release 2 Install Oracle 11g Release 2 Download Oracle SQL Developer 4.0.3 Install Oracle SQL Developer 4.0.3 Create a database connection 2 Download Oracle 11g
More information4. IP 설정호스트 인터페이스 IP/ 프리픽스 게이트웨이 lock Rate fa 0/ /25 - fa 0/0 R1 fa 0/ /26 - s 0/0/ / ISP fa 0/0
1. hostname/ 패스워드설정 - 라우터 R1, ISP 이름을토폴로지와동일하게변경 - 스위치 S1의이름을토폴로지와동일하게변경 - 모든네트워크장비들의비밀번호를 "isco123" 으로하되, MD5 알고리즘에의해암호화되어저장되어야함. 2. 텔넷및콘솔설정 ( 모든네트워크장비 ) - 콘솔과텔넷접속을허용하되, 텔넷의경우 10개까지접속을허용하도록설정함 - 콘솔과텔넷의비밀번호
More informationuntitled
PowerBuilder 連 Microsoft SQL Server database PB10.0 PB9.0 若 Microsoft SQL Server 料 database Profile MSS 料 (Microsoft SQL Server database interface) 行了 PB10.0 了 Sybase 不 Microsoft 料 了 SQL Server 料 PB10.0
More informationK7VT2_QIG_v3
1......... 2 3..\ 4 5 [R] : Enter Raid setup utility 6 Press[A]keytocreateRAID RAID Type: JBOD RAID 0 RAID 1: 2 7 " RAID 0 Auto Create Manual Create: 2 RAID 0 Block Size: 16K 32K
More information슬라이드 1
네트워크 기말고사 91613624 김민경 91613739 백수연 1 목차 1. 전체토폴로지 2. 정적경로설정 3. VPN 4. PPP-PAP / CHAP 7. Port-Security 8. VTP / STP 9. 무선 LAN 10. DHCP 5. Frame-Relay 11. NAT 6. VLAN 2 1. 전체토폴로지 3 1. 전체토폴로지 ( RIP, EIGRP,
More information슬라이드 1
네트워크기초 피터전 1 차례 1. IOS 기초 2. IP 주소 3. LAN 토폴로지구성 4. WAN 토폴로지구성 2 1. IOS 기초 3 차례 IOS 명령어모드 IOS 도움말기능 기본설정 4 IOS 명령어모드 5 대화식설정모드 공장출하시 관리자모드에서 setup 명령어사용 설정레지스터의끝에서두번째값이 0X2142처럼 4 일때 설정파일을삭제한후재부팅할때 불편하여잘사용하지않음
More informationo o o 8.2.1. Host Error 8.2.2. Message Error 8.2.3. Recipient Error 8.2.4. Error 8.2.5. Host 8.5.1. Rule 8.5.2. Error 8.5.3. Retry Rule 8.11.1. Intermittently
More informationTCP.IP.ppt
TCP/IP TCP/IP TCP/IP TCP/IP TCP/IP Internet Protocol _ IP Address Internet Protocol _ Subnet Mask Internet Protocol _ ARP(Address Resolution Protocol) Internet Protocol _ RARP(Reverse Address Resolution
More information<3035313230325FBBE7B0EDB3EBC6AE5FB5F0C6FAC6AEC6D0BDBABFF6B5E5C3EBBEE0C1A128BCF6C1A4292E687770>
네트워크 장비의 디폴트 로그인 패스워드 취약점 및 대책 2005. 11. 30 본 보고서의 전부나 일부를 인용시 반드시 [자료: 한국정보보호진흥원(KISA)]룰 명시하여 주시기 바랍니다. - 1 - 1. 개요 패스워드 관리는 보안의 가장 기본적인 사항으로 유추하기 어려운 패스워드를 사용하고, 주기적 으로 패스워드를 변경하는 등 패스워드 관리에 신경을 많이 쓰고
More informationMicrosoft PowerPoint - ch07.ppt
chapter 07. 시스코라우터기본동작 한빛미디어 -1- 학습목표 시스코라우터외적, 내적구성요소 시스코라우터부팅단계 시스코라우터명령어모드 한빛미디어 -2- 시스코라우터구성요소 라우터외부구성요소 (1) [ 그림 ] 2600 라우터전면도 인터페이스카드 전원부 LED 라우터조건 한빛미디어 -3- 시스코라우터구성요소 라우터외부구성요소 (2) [ 그림 ] VTY 를이용한라우터접속
More information<C0CCBCBCBFB52DC1A4B4EBBFF82DBCAEBBE7B3EDB9AE2D313939392D382E687770>
i ii iii iv v vi 1 2 3 4 가상대학 시스템의 국내외 현황 조사 가상대학 플랫폼 개발 이상적인 가상대학시스템의 미래상 제안 5 웹-기반 가상대학 시스템 전통적인 교수 방법 시간/공간 제약을 극복한 학습동기 부여 교수의 일방적인 내용전달 교수와 학생간의 상호작용 동료 학생들 간의 상호작용 가상대학 운영 공지사항,강의록 자료실, 메모 질의응답,
More informationhd1300_k_v1r2_Final_.PDF
Starter's Kit for HelloDevice 1300 Version 11 1 2 1 2 3 31 32 33 34 35 36 4 41 42 43 5 51 52 6 61 62 Appendix A (cross-over) IP 3 Starter's Kit for HelloDevice 1300 1 HelloDevice 1300 Starter's Kit HelloDevice
More informationARMBOOT 1
100% 2003222 : : : () PGPnet 1 (Sniffer) 1, 2,,, (Sniffer), (Sniffer),, (Expert) 3, (Dashboard), (Host Table), (Matrix), (ART, Application Response Time), (History), (Protocol Distribution), 1 (Select
More informationTTA Verified : HomeGateway :, : (NEtwork Testing Team)
TTA Verified : HomeGateway :, : (NEtwork Testing Team) : TTA-V-N-05-006-CC11 TTA Verified :2006 6 27 : 01 : 2005 7 18 : 2/15 00 01 2005 7 18 2006 6 27 6 7 9 Ethernet (VLAN, QoS, FTP ) (, ) : TTA-V-N-05-006-CC11
More informationInterstage5 SOAP서비스 설정 가이드
Interstage 5 Application Server ( Solaris ) SOAP Service Internet Sample Test SOAP Server Application SOAP Client Application CORBA/SOAP Server Gateway CORBA/SOAP Gateway Client INTERSTAGE SOAP Service
More information슬라이드 제목 없음
2006-09-27 경북대학교컴퓨터공학과 1 제 5 장서브넷팅과슈퍼넷팅 서브넷팅 (subnetting) 슈퍼넷팅 (Supernetting) 2006-09-27 경북대학교컴퓨터공학과 2 서브넷팅과슈퍼넷팅 서브넷팅 (subnetting) 하나의네트워크를여러개의서브넷 (subnet) 으로분할 슈퍼넷팅 (supernetting) 여러개의서브넷주소를결합 The idea
More information제20회_해킹방지워크샵_(이재석)
IoT DDoS DNS (jaeseog@sherpain.net) (www.sherpain.net) DDoS DNS DDoS / DDoS(Distributed DoS)? B Asia Broadband B Bots connect to a C&C to create an overlay network (botnet) C&C Provider JP Corp. Bye Bye!
More informationAnalytics > Log & Crash Search > Unity ios SDK [Deprecated] Log & Crash Unity ios SDK. TOAST SDK. Log & Crash Unity SDK Log & Crash Search. Log & Cras
Analytics > Log & Crash Search > Unity ios SDK [Deprecated] Log & Crash Unity ios SDK. TOAST SDK. Log & Crash Unity SDK Log & Crash Search. Log & Crash Unity SDK... Log & Crash Search. - Unity3D v4.0 ios
More information슬라이드 1
DHCP (Dynamic Host Configuration Protocol) Oct 2006 Technical Support Div. Tel : 031-739-6800 Mail : support@corecess.com DHCP Motivations Automatic network configuration for clients No administrator intervention
More informationDE1-SoC Board
실습 1 개발환경 DE1-SoC Board Design Tools - Installation Download & Install Quartus Prime Lite Edition http://www.altera.com/ Quartus Prime (includes Nios II EDS) Nios II Embedded Design Suite (EDS) is automatically
More information歯I-3_무선통신기반차세대망-조동호.PDF
KAIST 00-03-03 / #1 1. NGN 2. NGN 3. NGN 4. 5. 00-03-03 / #2 1. NGN 00-03-03 / #3 1.1 NGN, packet,, IP 00-03-03 / #4 Now: separate networks for separate services Low transmission delay Consistent availability
More informationPowerPoint 프레젠테이션
V5724G 기능추가사항 Global Broadband No.1 NOS 3.13 NOS 3.15 Technology Service 1 Team 기능추가내용 고정 IP 차단및 ARP spoofing 차단기능 기능구현개요 : DHCP Snoop Table + ARP inspection Table ARP Spoofing 공격에의한 Switch 내부의 ARP table
More informationIntro to Servlet, EJB, JSP, WS
! Introduction to J2EE (2) - EJB, Web Services J2EE iseminar.. 1544-3355 ( ) iseminar Chat. 1 Who Are We? Business Solutions Consultant Oracle Application Server 10g Business Solutions Consultant Oracle10g
More informationCD-RW_Advanced.PDF
HP CD-Writer Program User Guide - - Ver. 2.0 HP CD-RW Adaptec Easy CD Creator Copier, Direct CD. HP CD-RW,. Easy CD Creator 3.5C, Direct CD 3.0., HP. HP CD-RW TEAM ( 02-3270-0803 ) < > 1. CD...3 CD...5
More informationPowerPoint 프레젠테이션
(Host) set up : Linux Backend RS-232, Ethernet, parallel(jtag) Host terminal Target terminal : monitor (Minicom) JTAG Cross compiler Boot loader Pentium Redhat 9.0 Serial port Serial cross cable Ethernet
More informationATXEVZTBNXGP.hwp
CCNA : 라우터및스위치설정방법총정리 - 1 - < 내용구성 > 1. 기본설정 - 3 Page 1) 패스워드설정 2) 편리한기능설정 3) 자주사용하는명령어들 4) 단축키설정 2. 정적라우팅 - 4 Page 1) 넥스트-홉 IP 주소지정 2) 데이터가나가는발신인터페이스지정 3) 정적경로신뢰도 (Administrative Distance) 변경 4) 정적경로삭제
More informationMicrosoft Word - access-list.doc
8. Access List Access List 란단어그자체에서의미하듯이라우터를경유하는트래픽에대한제어를할수있는것으로어떤트래픽을어떻게제어할것인지정의한다. 이 Access List 는일반적으로 Interface 에적용되거나 Routing Protocol 에적용되는데이때 Interface 에적용된것을 Access Group 이라고하고, Routing Protocol
More informationAPOGEE Insight_KR_Base_3P11
Technical Specification Sheet Document No. 149-332P25 September, 2010 Insight 3.11 Base Workstation 그림 1. Insight Base 메인메뉴 Insight Base Insight Insight Base, Insight Base Insight Base Insight Windows
More informationCitrix Workload Balancing 2.1 설치 가이드
Citrix Workload Balancing 2.1 설치 가이드 2011-7 펴냄 버전 1.0 Citrix Workload Balancing 2.1 설치 가이드 Copyright 2011 Citrix 판권 소유. 버전: Workload Balancing 2.1 Citrix, Inc. 851 West Cypress Creek Road Fort Lauderdale,
More informationMicrosoft Word Question.doc
1. Switching 1. Frame-relay 구성 PVC만을사용할수있으며어떠한 Dynamic Circuit도허용되지않는다. FR 구간을설정하시오 A. R3, R4, R5를제외한나머지 Router에서는 Sub interface를사용할수없다. B. R4, R5는 FR point-to-point로구성하고, R3는 multipoint로구성하되반드시 subinterface를이용하여구성하시오.
More information휠세미나3 ver0.4
andromeda@sparcs:/$ ls -al dev/sda* brw-rw---- 1 root disk 8, 0 2014-06-09 18:43 dev/sda brw-rw---- 1 root disk 8, 1 2014-06-09 18:43 dev/sda1 brw-rw---- 1 root disk 8, 2 2014-06-09 18:43 dev/sda2 andromeda@sparcs:/$
More informationMicrosoft PowerPoint - 06-IPAddress [호환 모드]
Chapter 06 IP Address IP Address Internet address IP 계층에서사용되는식별자 32 bit 2 진주소 The address space of IPv4 is 2 32 or 4,294,967,296 netid 와 hostid 로구분 인터넷에서호스트와라우터를유일하게구분 IP Address Structure 2-Layer Hierarchical
More information본교재는수업용으로제작된게시물입니다. 영리목적으로사용할경우저작권법제 30 조항에의거법적처벌을받을수있습니다. 제 28 장이더체널 블로그 : net123.tistory.com 저자김정우
제 28 장이더체널 블로그 : net123.tistory.com - 1 - 저자김정우 이더체널 (Etherchannel) 이더체널는스위치간에연결된다수의포트를논리적인하나의포트로구성하여대역폭확장과이중화링크구현기능을수행한다. 예를들어스위치 F0/1~F0/4 포트를이더체널로구성하면, 400M 대역폭을제공하는논리적인포트를구성할수있다. 또한, F0/1 포트가장애가발생되면,
More information시스코 무선랜 설치운영 매뉴얼(AP1200s_v1.1)
[ Version 1.3 ] Access Point,. Access Point IP 10.0.0.1, Subnet Mask 255.255.255.224, DHCP Client. DHCP Server IP IP,, IP 10.0.0.X. (Tip: Auto Sensing Straight, Cross-over.) step 1]. step 2] LAN. step
More informationVPN.hwp
Linksys VPN Router RV042&RV082 VPN Router 용 VPN 터널설정 한국어사용자설명서 V1.0 Table of Content 1 Gateway to Gateway 설정... 1 STEP 1 - Gateway to Gateway 터널생성하기... 1 STEP 2 - 터널정보입력하기... 1 STEP 3 - Gateway to Gateway
More information6강.hwp
----------------6강 정보통신과 인터넷(1)------------- **주요 키워드 ** (1) 인터넷 서비스 (2) 도메인네임, IP 주소 (3) 인터넷 익스플로러 (4) 정보검색 (5) 인터넷 용어 (1) 인터넷 서비스******************************* [08/4][08/2] 1. 다음 중 인터넷 서비스에 대한 설명으로
More informationH3050(aap)
USB Windows 7/ Vista 2 Windows XP English 1 2 3 4 Installation A. Headset B. Transmitter C. USB charging cable D. 3.5mm to USB audio cable - Before using the headset needs to be fully charged. -Connect
More informationthesis-shk
DPNM Lab, GSIT, POSTECH Email: shk@postech.ac.kr 1 2 (1) Internet World-Wide Web Web traffic Peak periods off-peak periods peak periods off-peak periods 3 (2) off-peak peak Web caching network traffic
More informationMicrosoft Word doc
TCP/IP 구조 1. I.P 구조설명 2. ARP 구조설명 3. TCP 구조설명 4. UDT 구조설명 5. RIP 구조설명 6. BOOTP 구조설명 7. TFTP 구조설명 destination addr source addr type data CRC 6 6 2 46-1500 4 type 0X0800 IP datagram 2 46-1500 type 0X0806
More informationSRC PLUS 제어기 MANUAL
,,,, DE FIN E I N T R E A L L O C E N D SU B E N D S U B M O TIO
More informationCopyright 2012, Oracle and/or its affiliates. All rights reserved.,.,,,,,,,,,,,,.,...,. U.S. GOVERNMENT END USERS. Oracle programs, including any oper
Windows Netra Blade X3-2B( Sun Netra X6270 M3 Blade) : E37790 01 2012 9 Copyright 2012, Oracle and/or its affiliates. All rights reserved.,.,,,,,,,,,,,,.,...,. U.S. GOVERNMENT END USERS. Oracle programs,
More information00 SPH-V6900_....
SPH-V6900 사용설명서 사용전에 안전을 위한 경고 및 주의사항을 반드시 읽고 바르게 사용해 주세요. 사용설명서의 화면과 그림은 실물과 다를 수 있습니다. 사용설명서의 내용은 휴대전화의 소프트웨어 버전 또는 KTF 사업자의 사정에 따라 다를 수 있으며, 사용자에게 통보없이 일부 변경될 수 있습니다. 휴대전화의 소프트웨어는 사용자가 최신 버전으로 업그레이드
More information°í¼®ÁÖ Ãâ·Â
Performance Optimization of SCTP in Wireless Internet Environments The existing works on Stream Control Transmission Protocol (SCTP) was focused on the fixed network environment. However, the number of
More informationS NIPER FW/UTM은 인터넷과 같은 외부망과 조직의 내부망을 연결하는 곳에 위치하여 보호하고자 하는 네트워크에 대한 서비스 요청을 통제하여 허가되지 않은 접근을 차단하는 침입차단(FW)기능 및 침입방지(IPS), 컨텐츠 필터링, 가상사설망(VPN)의 기능을 수행
S NIPER FW/UTM은 인터넷과 같은 외부망과 조직의 내부망을 연결하는 곳에 위치하여 보호하고자 하는 네트워크에 대한 서비스 요청을 통제하여 허가되지 않은 접근을 차단하는 침입차단(FW)기능 및 침입방지(IPS), 컨텐츠 필터링, 가상사설망(VPN)의 기능을 수행하는 고성능 침입차단(FW) 및 통합위협관리 (Unified Threat Management)
More information서버설정 1. VLAN 설정 1.1 토폴로지를참고로 SW1 에 vlan 설정을한다. (vlan 이름을설정하고해당인터페이스에 vlan 이름과동일한코멘트를처리하시오.) 1.2 PC에토폴로지에부여된 IP를설정하고, 게이트웨이는네트워크의마지막주소를사용합니다. - 서버에는 DN
1. VLAN 설정 1.1 토폴로지를참고로 SW1 에 vlan 설정을한다. (vlan 이름을설정하고해당인터페이스에 vlan 이름과동일한코멘트를처리하시오.) 1.2 PC에토폴로지에부여된 IP를설정하고, 게이트웨이는네트워크의마지막주소를사용합니다. - 서버에는 DNS를설정하지않습니다. 1.3 R1에 inter-vlan 및모든 IP를설정합니다. vlan 30을위한게이트웨이는
More informationFileMaker 15 WebDirect 설명서
FileMaker 15 WebDirect 2013-2016 FileMaker, Inc.. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker FileMaker Go FileMaker, Inc.. FileMaker WebDirect FileMaker, Inc... FileMaker.
More informationMAX+plus II Getting Started - 무작정따라하기
무작정 따라하기 2001 10 4 / Version 20-2 0 MAX+plus II Digital, Schematic Capture MAX+plus II, IC, CPLD FPGA (Logic) ALTERA PLD FLEX10K Series EPF10K10QC208-4 MAX+plus II Project, Schematic, Design Compilation,
More information1217 WebTrafMon II
(1/28) (2/28) (10 Mbps ) Video, Audio. (3/28) 10 ~ 15 ( : telnet, ftp ),, (4/28) UDP/TCP (5/28) centralized environment packet header information analysis network traffic data, capture presentation network
More informationOPCTalk for Hitachi Ethernet 1 2. Path. DCOMwindow NT/2000 network server. Winsock update win95. . . 3 Excel CSV. Update Background Thread Client Command Queue Size Client Dynamic Scan Block Block
More informationMicrosoft PowerPoint - L4-7Switch기본교육자료.ppt
L4-7 Switch 기본교육자료 Pumpkin Networks. Inc. http://www.pumpkinnet.co.kr (Tel) 02-3280-9380 (Fax) 02-3280-9382 info@pumpkinnet.co.kr 기본개념 L4/L7 Switch 란? -2- 기본개념 - Switching & Routing Switching & Routing
More informationSecurity Overview
May. 14, 2004 Background Security Issue & Management Scope of Security Security Incident Security Organization Security Level Security Investment Security Roadmap Security Process Security Architecture
More informationChapter11OSPF
OSPF 111 OSPF Link state Interior Gateway Protocol OSPF 1988 IETF OSPF workgroup OSPF RFC 2383 version 2 Chapter OSPF Version 2 OSPFIGP AS 1 1111 Convergence Traffic Distance Vector Link state OSPF (Flooding),
More information네트워크 안정성을 지켜줄 최고의 기술과 성능 TrusGuard는 국내 최초의 통합보안솔루션으로서 지난 5년간 약 4천여 고객 사이트에 구축 운영되면서 기술의 안정성과 성능면에서 철저한 시장 검증을 거쳤습니다. 또한 TrusGuard는 단독 기능 또는 복합 기능 구동 시
네트워크 보안도 안철수연구소입니다 통합 보안의 No.1 파트너, AhnLab TrusGuard 네트워크 환경을 수호하는 최고의 통합 보안 시스템 고성능 방화벽ㆍVPN Security 기술과 고품질 Integrated Security 기술의 강력한 결합 네트워크 안정성을 지켜줄 최고의 기술과 성능 TrusGuard는 국내 최초의 통합보안솔루션으로서 지난 5년간
More informationNetwork Security - Wired Sniffing 실습 ICNS Lab. Kyung Hee University
Network Security - Wired Sniffing 실습 ICNS Lab. Kyung Hee University Outline Network Network 구조 Source-to-Destination 간 packet 전달과정 Packet Capturing Packet Capture 의원리 Data Link Layer 의동작 Wired LAN Environment
More information歯김병철.PDF
3G IETF byckim@mission.cnu.ac.kr kckim@konkuk.ac.kr Mobile IP WG Seamoby WG ROHC WG 3G IETF 3G IETF Mobile IP WG 3GIP Seamoby WG ROHC WG MIP WG / NAI Mobile IP / AAA IPv4 / MIP WG RFC2002bis MIPv6 INRIA
More informationGRE(Generic Routing Encapsulation) GRE는 Cisco에서개발한터널링프로토콜으로써특정네트워크망에서새로운 IP 헤더를인캡슐레이션하여패켓을전송하는 VPN 기능을제공한다. GRE 터널링을이용하여패켓을전송하면, 데이터를암호화하지않기때문에보안적으로는취
제 16 장 GRE 터널 블로그 : net123.tistory.com - 1 - 저자김정우 GRE(Generic Routing Encapsulation) GRE는 Cisco에서개발한터널링프로토콜으로써특정네트워크망에서새로운 IP 헤더를인캡슐레이션하여패켓을전송하는 VPN 기능을제공한다. GRE 터널링을이용하여패켓을전송하면, 데이터를암호화하지않기때문에보안적으로는취약하지만,
More informationF1-1(수정).ppt
, thcho@kisaorkr IPAK (Information Protection Assessment Kit) IAM (INFOSEC Assessment Methodology) 4 VAF (Vulnerability Assessment Framework) 5 OCTAVE (Operationally Critical Threat, Asset, and Vulnerability
More informationcam_IG.book
설치 안내서 AXIS P3301 고정형 돔 네트워크 카메라 AXIS P3301-V 고정형 돔 네트워크 카메라 한국어 AXIS P3304 고정형 돔 네트워크 카메라 AXIS P3304-V 고정형 돔 네트워크 카메라 문서 정보 본 문서에는 사용자 네트워크에 AXIS P3301/P3304 고정형 돔 네트워크 카메라를 설치하는 방법에 대 한 지침이 포함되어 있습니다.
More information슬라이드 1
PKI Kerberos SAML & Shibboleth OpenID Cardspace & ID 2 < > (= ) password, OTP, bio, smartcard, pki CardSpace, ID What you have.., 2 factor, strong authentication 4 (SSO) Kerberos, OpenID 5 Shared authentication
More informationVZ94-한글매뉴얼
KOREAN / KOREAN VZ9-4 #1 #2 #3 IR #4 #5 #6 #7 ( ) #8 #9 #10 #11 IR ( ) #12 #13 IR ( ) #14 ( ) #15 #16 #17 (#6) #18 HDMI #19 RGB #20 HDMI-1 #21 HDMI-2 #22 #23 #24 USB (WLAN ) #25 USB ( ) #26 USB ( ) #27
More informationvm-웨어-앞부속
VMware vsphere 4 This document was created using the official VMware icon and diagram library. Copyright 2009 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright
More information<30353132BFCFB7E15FC7D1B1B9C1A4BAB8B9FDC7D0C8B85F31352D31BCF6C1A4C8AEC0CE2E687770>
지상파 방송의 원격송신과 공중송신권 침해여부에 관한 사례연구 Case Study on Copyright Infringement of Remote Transmission of Television Program 최정열(Choe, Jeong-Yeol) * 목 차 Ⅰ. 서론 Ⅱ. 사실 관계 및 재판의 경과 1. 원격시청기기 및 그 사용방법 등 2. 피고의 서비스 3.
More information<30362E20C6EDC1FD2DB0EDBFB5B4EBB4D420BCF6C1A42E687770>
327 Journal of The Korea Institute of Information Security & Cryptology ISSN 1598-3986(Print) VOL.24, NO.2, Apr. 2014 ISSN 2288-2715(Online) http://dx.doi.org/10.13089/jkiisc.2014.24.2.327 개인정보 DB 암호화
More information<32B1B3BDC32E687770>
008년도 상반기 제회 한 국 어 능 력 시 험 The th Test of Proficiency in Korean 일반 한국어(S-TOPIK 중급(Intermediate A 교시 이해 ( 듣기, 읽기 수험번호(Registration No. 이 름 (Name 한국어(Korean 영 어(English 유 의 사 항 Information. 시험 시작 지시가 있을
More informationKISA-GD
KISA-GD-2011-0002 2011.9 1) RD(Recursive Desired) 플래그 : 리커시브네임서버로하여금재귀적 (recursive) 질의 ( 항목 1.3. 참고 ) 요청을표시함. RD 플레그값이 0 이면반복적 (iterative) 질의를요청 2) AA 플래그 : Authoritative Answer 의약자로써, 네임서버가해당응답데이터를자신이보유하고있는지유무를표시
More information강의10
Computer Programming gdb and awk 12 th Lecture 김현철컴퓨터공학부서울대학교 순서 C Compiler and Linker 보충 Static vs Shared Libraries ( 계속 ) gdb awk Q&A Shared vs Static Libraries ( 계속 ) Advantage of Using Libraries Reduced
More informationuntitled
Push... 2 Push... 4 Push... 5 Push... 13 Push... 15 1 FORCS Co., LTD A Leader of Enterprise e-business Solution Push (Daemon ), Push Push Observer. Push., Observer. Session. Thread Thread. Observer ID.
More information자바-11장N'1-502
C h a p t e r 11 java.net.,,., (TCP/IP) (UDP/IP).,. 1 ISO OSI 7 1977 (ISO, International Standards Organization) (OSI, Open Systems Interconnection). 6 1983 X.200. OSI 7 [ 11-1] 7. 1 (Physical Layer),
More informationthesis
CORBA TMN Surveillance System DPNM Lab, GSIT, POSTECH Email: mnd@postech.ac.kr Contents Motivation & Goal Related Work CORBA TMN Surveillance System Implementation Conclusion & Future Work 2 Motivation
More informationBackup Exec
(sjin.kim@veritas.com) www.veritas veritas.co..co.kr ? 24 X 7 X 365 Global Data Access.. 100% Storage Used Terabytes 9 8 7 6 5 4 3 2 1 0 2000 2001 2002 2003 IDC (TB) 93%. 199693,000 TB 2000831,000 TB.
More informationPRO1_04E [읽기 전용]
Siemens AG 1999 All rights reserved File: PRO1_04E1 Information and S7-300 2 S7-400 3 EPROM / 4 5 6 HW Config 7 8 9 CPU 10 CPU : 11 CPU : 12 CPU : 13 CPU : / 14 CPU : 15 CPU : / 16 HW 17 HW PG 18 SIMATIC
More informationETL_project_best_practice1.ppt
ETL ETL Data,., Data Warehouse DataData Warehouse ETL tool/system: ETL, ETL Process Data Warehouse Platform Database, Access Method Data Source Data Operational Data Near Real-Time Data Modeling Refresh/Replication
More information