计算机网络安全技术与实施（旧） 思科网络学院CCNA Security资源 第2章网络设备安全.pptx

网络设备安全Cisco Integrated Services Routers G2Cisco has a new Series of 2nd Generation Routers.G2 ISRs have integrated Gigabit Ethernet interfaces./en/US/products/ps10906/Products_Sub_Category_Home.html/en/US/products/ps10906/Products_Sub_Category_Home.html# Enforcing Perimeter Security PolicyRouters are used to secure the network perimeter.Scenario 1:The router protects the LAN.Scenario 2:The router screens traffic before a firewall (PIX/ASA).Scenario 3:The zone directly connected to the firewall is called a DMZ. Internet-accessible servers are located in the DMZ.Router 1 (R1)LAN 1InternetScenario 1R1FirewallLAN 1InternetScenario 2R1FirewallR2LAN 1InternetDMZScenario 3Three Areas of Router SecurityPhysical securitySecure infrastructure equipment in a locked room that:Is accessible only to authorized personnel.Is free of electrostatic or magnetic interference.Has fire suppression.Has controls for temperature and humidity.Install an uninterruptible power supply (UPS) and keep spare components available to reduce the possibility of a DoS attack from power loss to the building.Three Areas of Router SecurityOperating systemConfigure the router with the maximum amount of memory possible.Helps protect it from some DoS attacks. Use the latest stable version of the operating system that meets the feature requirements of the network. Keep a secure copy of the router operating system image and router configuration file as a backup.Three Areas of Router SecurityRouter hardeningSecure administrative control to ensure that only authorized personnel have access and that their level of access is controlled.Disable unused ports and interfaces to reduce the number of ways a device can be accessed.Disable unnecessary services that can be used by an attacker to gather information or for exploitation.R1Secure Administrative AccessRestrict device accessibilityLimit the accessible ports, restrict the permitted communicators, and restrict the permitted methods of access. Log and account for a