1 00:00:01,390 --> 00:00:05,510 In the section we're going to take a to the sewage that works where we. 2 00:00:07,650 --> 00:00:15,300 If you want to manage as switch remotely You should try an IP address and default gateway to the Duke's 3 00:00:15,630 --> 00:00:21,940 management IP and default gateway is configured on salvages for remote access. 4 00:00:22,050 --> 00:00:29,670 If you want to assign an IP address to allow you to switch you should assign it to the learn not the 5 00:00:29,850 --> 00:00:31,230 physical interface. 6 00:00:31,440 --> 00:00:39,750 As you can see in a year we are getting into the interface mode by typing interface and the real number 7 00:00:40,050 --> 00:00:47,340 then we're as signing our IP address by using the IP address IP address that we want to configure and 8 00:00:47,340 --> 00:00:55,110 the subnet mask command the default gateway configuration is also pretty straightforward to configure 9 00:00:55,110 --> 00:00:57,040 a default gateway on a switch. 10 00:00:57,060 --> 00:01:05,660 Our command is IP default gateway and the IP address of the default gateway. 11 00:01:05,680 --> 00:01:13,400 Let's go ahead with how to configure switch port now to configure as to which port we should go to the 12 00:01:13,460 --> 00:01:20,920 interface mode by typing interface and the interface name on the coffee mug in the same example we are 13 00:01:20,920 --> 00:01:23,400 defining the speed of the port. 14 00:01:23,410 --> 00:01:27,900 And we are defining a full duplex option for the related interface. 15 00:01:27,910 --> 00:01:30,670 Let's take a look to the configuration now. 16 00:01:30,790 --> 00:01:38,260 The interface names first turn you want as you can see and I'm getting into the interface mode by typing 17 00:01:38,590 --> 00:01:46,780 interface and the name of the interface as you can see as soon as I type the answer as soon as I hit 18 00:01:46,780 --> 00:01:50,040 the enter key I'm anywhere in the config. 19 00:01:50,160 --> 00:01:58,840 F I'm in the conflict interface mode and to define a duplex I'm typing Duplaix and Duplaix speed. 20 00:01:58,870 --> 00:02:08,800 And to define the speed for the port I'm typing the speed and the speed that I want command 12:5 to 21 00:02:08,800 --> 00:02:17,620 switch port configuration we can use show on interface and the interface name as the first option. 22 00:02:17,620 --> 00:02:25,240 This command shows us that configuration of the related interface for example in here we are typing 23 00:02:25,240 --> 00:02:27,630 is show run interface. 24 00:02:27,830 --> 00:02:29,590 Fast Internet 0 1. 25 00:02:29,740 --> 00:02:34,990 And here is the whole covert operation of the first Internet 0 1. 26 00:02:34,990 --> 00:02:44,200 As you can see the second option for verifying switchboard configuration is show IP in the race brief 27 00:02:44,200 --> 00:02:45,180 commands. 28 00:02:45,220 --> 00:02:50,020 This command shows the physical status of the interfaces. 29 00:02:50,020 --> 00:02:57,130 And if this is a layered take to recompile build the switch this command also shows the IP addresses 30 00:02:57,370 --> 00:02:59,230 assigned for the interfaces. 31 00:02:59,230 --> 00:03:06,650 For example as you can see here on each one we are typing is show IP interface brave command and vse. 32 00:03:06,810 --> 00:03:11,190 We can't see the physical state of the ports in here. 33 00:03:11,200 --> 00:03:19,330 And as you can see some ports are in up mode some of them are in administratively down mode and we can 34 00:03:19,330 --> 00:03:28,010 see the IP addresses assigned to switch ports because the this layer to recap able to switch. 35 00:03:28,300 --> 00:03:39,550 The third option to verify the switch port configuration is the show interfaces and the interface interface 36 00:03:39,550 --> 00:03:40,510 name command. 37 00:03:40,630 --> 00:03:48,910 This command shows the physical status of the interface such as if this is up or down or something like 38 00:03:48,910 --> 00:03:49,320 that. 39 00:03:49,360 --> 00:03:58,220 And this command also shows some useful information such as NTEU bandwidth delay. 40 00:03:58,270 --> 00:04:06,100 If we have some input errors or not or if we have some secrecies or something like that we can monitor 41 00:04:06,190 --> 00:04:07,060 all of them. 42 00:04:07,180 --> 00:04:19,150 This command Let's take a look at the series security now as we talk before we should we always use 43 00:04:19,250 --> 00:04:30,100 S-sh instead of talent because S-sh and creep's the WHO Conexion to configure the S-sh as a remote connection 44 00:04:30,100 --> 00:04:44,820 portico on asswage or Commandery s crypto key generate RSA general keys models and 1024. 45 00:04:45,430 --> 00:04:52,650 But first we should create a domain name to activate S-sh on our DeWyze. 46 00:04:52,660 --> 00:05:03,220 Here is the domain name configuration IP domain name and we are typing air arbitrary domain name then 47 00:05:03,640 --> 00:05:11,740 to generate the crypto keys we are typing the crypto key generate RSA general keys models and the key 48 00:05:11,740 --> 00:05:16,640 more than the size which is 1024 bits for this example. 49 00:05:18,590 --> 00:05:22,940 Let's take a look to the local arena work ethic to attract types. 50 00:05:22,940 --> 00:05:32,150 Now we do have security measures and controls in place your network might be subject to an attack. 51 00:05:32,150 --> 00:05:36,790 Some attacks are passive meaning information is monitored. 52 00:05:36,920 --> 00:05:45,650 Others are active meaning the information is altered with intent to corrupt or destroy the data or the 53 00:05:45,890 --> 00:05:47,690 network itself. 54 00:05:47,750 --> 00:05:55,390 You're not of works and data are Wooler built to any of the following types of attacks such as Mac faluting 55 00:05:55,650 --> 00:06:01,030 the ACP spoofing Talmud ethics and the CPA attacks. 56 00:06:01,070 --> 00:06:09,370 If you do not have a security plan in place you may face with all of these attack sites. 57 00:06:09,380 --> 00:06:17,930 Let's start with the Mac fluting for us in computer networking emic fluting is a technique employed 58 00:06:17,930 --> 00:06:26,600 to compromise the security of networks to which they attack works by forcing it they get made to make 59 00:06:26,600 --> 00:06:34,190 table contents out of the switch and forcing a unicast flooding the area or potentially sending sensitive 60 00:06:34,190 --> 00:06:43,280 information of portions of the network where it is not normally intended to go sewage maintain a make 61 00:06:43,280 --> 00:06:49,640 table that maps individual Neka addresses on the network to the physical ports on the switch as you 62 00:06:49,650 --> 00:06:58,430 know and this ellos the switch to direct data out of physical port where the recipient is located as 63 00:06:58,520 --> 00:07:07,490 opposed to indiscriminately broadcasting the data out all of its ports as an Internet hub does either 64 00:07:07,520 --> 00:07:17,120 type Mac fooling attack and switch is fed many Ethernet frames each containing different source make 65 00:07:17,140 --> 00:07:18,900 addresses by the attacker. 66 00:07:19,070 --> 00:07:27,290 The intention is to consume the limited memory set aside in the switch to store the Mac address table. 67 00:07:27,290 --> 00:07:36,590 As you can see in here we are an attacker and our attacker Fluke's can table it frames with numerous 68 00:07:36,820 --> 00:07:44,340 and Blitzers make addresses and will hosts cannot create scam entries anymore. 69 00:07:44,540 --> 00:07:53,750 Then in the second step normal traffic is flooded out all of its ports because no Kim into his existe 70 00:07:53,750 --> 00:07:56,150 for the well-led horses. 71 00:07:57,620 --> 00:08:01,290 Let's take a look to the JCP spoofing. 72 00:08:01,300 --> 00:08:10,130 Now this this is a special kind of attack where attackers can gain access to network traffic by spoofing 73 00:08:10,130 --> 00:08:13,210 responses that would miss them by. 74 00:08:13,310 --> 00:08:21,080 Well it did C-p server collect PCs sending DCP requests on the network. 75 00:08:21,080 --> 00:08:28,340 This request is broadcast and all hosts on the local area network will receive it. 76 00:08:28,340 --> 00:08:35,540 As you know guys already DHC server knows what this request means actually. 77 00:08:35,610 --> 00:08:44,480 And in the normal situation only the real delayed sleep is chervil will replied that request DCP So 78 00:08:44,620 --> 00:08:53,000 is there replied the client with a message that will configure the host client PC with IP address subnet 79 00:08:53,000 --> 00:08:59,820 mask and the default gateway when we Ebtekar PC in the network. 80 00:08:59,900 --> 00:09:05,920 He will simulate the ATP server on his host PC with this action. 81 00:09:05,930 --> 00:09:16,190 He will be able to reply to the DCP request before the real day is over because it's closer to the client 82 00:09:16,250 --> 00:09:25,010 husked it will configure the client host with IP address of that subnet but it will also give to host 83 00:09:25,020 --> 00:09:34,220 false default gateway address and maybe even false DNS server address DNS server and default gateway 84 00:09:34,280 --> 00:09:39,530 address will both be IP address of attacking attackers. 85 00:09:39,680 --> 00:09:47,540 Computers in this manner he will point out all the communication of the client host to himself. 86 00:09:47,690 --> 00:09:55,010 Later he will make it possible to forward friends from class host to real destinations in order to make 87 00:09:55,340 --> 00:09:58,410 communication of client possible. 88 00:09:58,410 --> 00:10:07,490 Clients will not know that his communication is always going to Ebtekar PC and that attacker can easily 89 00:10:07,490 --> 00:10:08,770 sniff friends. 90 00:10:08,810 --> 00:10:17,950 To mitigate this attack we can use the HCB snooping method which we are going to see on our later slides. 91 00:10:18,680 --> 00:10:21,690 And let's go ahead with the telnet issues. 92 00:10:21,690 --> 00:10:31,070 We talked a lot of about this thing as you know and as we talked before tell that is an unsecure remote 93 00:10:31,370 --> 00:10:39,770 connection protocol because it does not encrypted communication tell it can also be used as a part of 94 00:10:39,770 --> 00:10:47,850 the didoes attacks and because of this we should always use S-sh instead of telnet. 95 00:10:48,540 --> 00:10:57,170 And let's go with how we can secure our So which parts to secure our suites ports which means their 96 00:10:57,290 --> 00:10:58,560 interfaces. 97 00:10:58,610 --> 00:11:01,130 We have three options. 98 00:11:01,130 --> 00:11:07,010 First we should shut down our Onias ports. 99 00:11:07,010 --> 00:11:10,770 Second we should use DHC snooping. 100 00:11:10,820 --> 00:11:14,940 And third we should use port security 101 00:11:17,360 --> 00:11:21,480 if we are not using a physical port. 102 00:11:21,500 --> 00:11:30,620 We should always shut down it manually because of mitigating the physical layer attacks unused ports 103 00:11:30,650 --> 00:11:33,560 always must be kept shut on. 104 00:11:33,920 --> 00:11:39,600 So to configure manual shutdown we are getting into the interface mode again. 105 00:11:40,410 --> 00:11:47,640 Interface and the interface name that we want to shut down and the command is pretty straightforward 106 00:11:47,940 --> 00:11:58,150 we're using shut down command and we are shut down and administratively shut down the port and let's 107 00:11:58,150 --> 00:12:04,090 go ahead with the SEP snooping in computer networking. 108 00:12:04,300 --> 00:12:14,330 Snooping is a series of techniques like to improve the security of the sleepy infrastructure when the 109 00:12:14,780 --> 00:12:22,330 servers are allocating IP addresses to the clients on the local area network disappeared snooping can 110 00:12:22,330 --> 00:12:31,220 be configured on a local area network so it's to prevent malicious or malformed DHC traffic or road 111 00:12:31,330 --> 00:12:41,320 did C-p service in additional information on a horse which have successfully completed the DCP transaction 112 00:12:41,410 --> 00:12:51,940 is reeled in a database of bindings which made them be used by other security or accounting features. 113 00:12:52,260 --> 00:12:56,460 So let's go ahead how we can configure it DHC snooping. 114 00:12:56,490 --> 00:13:05,910 Now to call here at DGP snooping we're getting into the coffee more than first we're global enabling 115 00:13:06,180 --> 00:13:12,960 the snooping by typing IP DCP snooping command. 116 00:13:12,960 --> 00:13:22,880 The second thing we are going to do is we're tapping IP diciples snooping Melanne and we're defining 117 00:13:22,880 --> 00:13:24,400 the real numbers. 118 00:13:24,560 --> 00:13:29,990 Then we are going to use for the database snooping in the third step. 119 00:13:30,020 --> 00:13:35,060 We are enabling DGP auction 18:3 by typing. 120 00:13:35,150 --> 00:13:45,560 I did see this snooping information option then we're defining the number of acceptable DCP packet per 121 00:13:45,560 --> 00:13:55,320 second force which ports by typing IP the snooping limit rate and the rate that we want. 122 00:13:55,640 --> 00:14:04,140 Then in the last step we're defining the seeping through us to port IP the city snooping. 123 00:14:04,140 --> 00:14:07,970 Trust is the comment that we are using for this. 124 00:14:08,030 --> 00:14:13,770 Please keep in mind that for transports and DCP So we're ports. 125 00:14:13,910 --> 00:14:19,830 We should define these command. 126 00:14:19,940 --> 00:14:23,180 Let's go ahead with the port security now. 127 00:14:23,360 --> 00:14:31,520 You can use port security feature to restrict input to an interface by limiting and identifying the 128 00:14:31,690 --> 00:14:37,670 make up addresses of the workstations that are allowed to access port. 129 00:14:38,060 --> 00:14:45,740 If airport is configured as a secure port and the maximum number of secure Miracle-Gro aggressors is 130 00:14:46,010 --> 00:14:53,930 reached when the Mac address of every workstation attempting to access to the port is different from 131 00:14:54,050 --> 00:14:59,760 any identified secure MAC addresses and securely elation or cures. 132 00:14:59,930 --> 00:15:07,340 And we have three violation modes and they are shut down protect and restrict. 133 00:15:08,360 --> 00:15:19,380 So as they go to the port security in our slide now or at any year we ever switch port and we have a 134 00:15:19,380 --> 00:15:21,470 hop connect to to this. 135 00:15:21,570 --> 00:15:31,940 So which part as you get seen here in the hub we have two pieces and they are p.s. one and PC two which 136 00:15:31,940 --> 00:15:40,310 means we have to make calderas this behind the hour. 137 00:15:40,380 --> 00:15:49,920 So which part are if we define port security for this part of the switch and if we go every year in 138 00:15:49,920 --> 00:15:55,820 the year we put security of maximum mix of three for example. 139 00:15:56,100 --> 00:16:10,440 And if I plug a PC which is PC 3 and more PC which is PC for that means airport security while lation 140 00:16:12,890 --> 00:16:19,700 as I told you we have three ports they killed the Welshman's and they are shut down. 141 00:16:19,820 --> 00:16:29,900 Pro-sex and restraint in shut down but we're blocking all traffic and placed the port into errored disable 142 00:16:29,910 --> 00:16:30,330 mode. 143 00:16:30,350 --> 00:16:34,300 We are shut down and our ports are switch port. 144 00:16:34,670 --> 00:16:41,270 If a violation occurs in the project we are blocking the traffic who makes the wireless. 145 00:16:41,300 --> 00:16:45,920 And we are allowing our other means for example in here. 146 00:16:45,920 --> 00:16:49,780 We are just looking through traffic of the PC for. 147 00:16:49,850 --> 00:16:59,070 But PC one two and three is to can go hat and in the restrict month we are booking through every room 148 00:16:59,150 --> 00:17:02,450 makes the world Asian and EHLO either. 149 00:17:02,480 --> 00:17:11,560 And this time we are also creating a log message to configure Iris port security. 150 00:17:11,710 --> 00:17:20,210 We're getting into the interface more by typing interface and the name of the interface then we're typing 151 00:17:20,210 --> 00:17:20,960 switchboard. 152 00:17:20,960 --> 00:17:31,430 Port security and enabling the port security now but as you can see in here command is rejected because 153 00:17:32,030 --> 00:17:40,970 Frist is zero one is a dynamic port which means we need to type we need to define air access we want 154 00:17:40,970 --> 00:17:49,380 for the switch port that we need to configure the port security because of this when we are typing switchboard. 155 00:17:49,390 --> 00:17:53,630 More access then we're typing the switchboard. 156 00:17:53,630 --> 00:18:04,130 Port security command after switchboard port secure the maximum and we're defining the maximum MAC addresses 157 00:18:04,460 --> 00:18:06,390 that can be learned from that. 158 00:18:06,380 --> 00:18:14,330 So each port l the last step we are typing switchboard port security to whale Asian and we are defending 159 00:18:14,350 --> 00:18:17,180 the violation more which is. 160 00:18:17,180 --> 00:18:27,440 For this example airport security will wishing can make airport to and error or disable Maut ports must 161 00:18:27,440 --> 00:18:36,250 be read to it by using shut down and the nose shut down commands after the device is removed. 162 00:18:36,250 --> 00:18:41,690 To me each makes the way election we can't use the show interfaces. 163 00:18:41,700 --> 00:18:47,270 There is an air disabled command to monitor the disabled ports. 164 00:18:47,270 --> 00:18:56,770 For example let's say that first 0 1 got into the area disabled mode to react to it. 165 00:18:56,780 --> 00:19:04,730 This port we are getting into the conflict if more by typing interface faster 0 1 and we're typing shut 166 00:19:04,730 --> 00:19:10,340 down first then we need to type no shut down to activate it.