SSH, syslog and NTP configuration on Cisco router in Packet Tracer

A Packet Tracer activity, Configure Cisco Routers for Syslog, NTP, and SSH, provides learners additional practice implementing the technologies introduced in this chapter. In particular, learners configure routers with NTP, syslog, timestamp logging of messages, local user accounts, exclusive SSH connectivity, and RSA key pairs for SSH servers. Using SSH client access from a Windows PC and from a Cisco router is also explored. Packet Tracer activities for CCNA Security are found on Academy Connection at cisco.netacad.net.

Playlist – http://www.youtube.com/playlist?list=PLF1D12779A04D70C0
Website – http://www.ciscoarmenia.com/
Facebook – https://www.facebook.com/groups/netacad.am/?ref=ts&fref=ts

Securing outgoing network traffic and scrutinizing incoming traffic are critical aspects of network security. Securing the edge router, which connects to the outside network, is an important first step in securing the network.

Device hardening is a critical task when securing the network. It involves implementing proven methods for physically securing the router and protecting the router’s administrative access using the Cisco IOS command-line interface (CLI) as well as the Cisco Configuration Professional (CCP). Some of these methods involve securing administrative access, including maintaining passwords, configuring enhanced virtual login features, and implementing Secure Shell (SSH). Because not all information technology personnel should have the same level of access to the infrastructure devices, defining administrative roles in terms of access is another important aspect of securing infrastructure devices.

Securing the management and reporting features of Cisco IOS devices is also important. Recommended practices for securing syslog, using Simple Network Management Protocol (SNMP), and configuring Network Time Protocol (NTP) are examined.

Many router services are enabled by default. A number of these features are enabled for historical reasons but are no longer required today. This chapter discusses some of these services and examines router configurations with the Security Audit feature of CCP. This chapter also examines the One-Step Lockdown mode of the CCP Security Audit and the auto secure command, which can be used to automate device-hardening tasks.

A hands-on lab for the chapter, Securing the Router for Administrative Access, is a comprehensive lab that provides an opportunity to practice the wide-ranging security features introduced in this chapter. The lab introduces the various means of securing administrative access to a router, including password best practices, appropriate banner configuration, enhanced login features, and SSH. The role-based CLI access feature relies on creating views as a means of providing different levels of access to routers. The Cisco IOS Resilient Configuration feature permits securing router images and configuration files. Syslog and SNMP are used for management reporting. Cisco AutoSecure is an automated tool for securing Cisco routers using the CLI. The CCP Security Audit feature is based on the Cisco IOS AutoSecure feature.

A Packet Tracer activity, Configure Cisco Routers for Syslog, NTP, and SSH Operations, provides learners additional practice implementing the technologies introduced in this chapter. In particular, learners configure routers with NTP, syslog, timestamp logging of messages, local user accounts, exclusive SSH connectivity, and RSA key pairs for SSH servers. Using SSH client access from a Windows PC and from a Cisco router is also explored.

source

by Edik Mkoyan

snmp protocol