Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:01,390 --> 00:00:05,510
In the section we're going to take a to the sewage that works where we.
2
00:00:07,650 --> 00:00:15,300
If you want to manage as switch remotely You should try an IP address and default gateway to the Duke's
3
00:00:15,630 --> 00:00:21,940
management IP and default gateway is configured on salvages for remote access.
4
00:00:22,050 --> 00:00:29,670
If you want to assign an IP address to allow you to switch you should assign it to the learn not the
5
00:00:29,850 --> 00:00:31,230
physical interface.
6
00:00:31,440 --> 00:00:39,750
As you can see in a year we are getting into the interface mode by typing interface and the real number
7
00:00:40,050 --> 00:00:47,340
then we're as signing our IP address by using the IP address IP address that we want to configure and
8
00:00:47,340 --> 00:00:55,110
the subnet mask command the default gateway configuration is also pretty straightforward to configure
9
00:00:55,110 --> 00:00:57,040
a default gateway on a switch.
10
00:00:57,060 --> 00:01:05,660
Our command is IP default gateway and the IP address of the default gateway.
11
00:01:05,680 --> 00:01:13,400
Let's go ahead with how to configure switch port now to configure as to which port we should go to the
12
00:01:13,460 --> 00:01:20,920
interface mode by typing interface and the interface name on the coffee mug in the same example we are
13
00:01:20,920 --> 00:01:23,400
defining the speed of the port.
14
00:01:23,410 --> 00:01:27,900
And we are defining a full duplex option for the related interface.
15
00:01:27,910 --> 00:01:30,670
Let's take a look to the configuration now.
16
00:01:30,790 --> 00:01:38,260
The interface names first turn you want as you can see and I'm getting into the interface mode by typing
17
00:01:38,590 --> 00:01:46,780
interface and the name of the interface as you can see as soon as I type the answer as soon as I hit
18
00:01:46,780 --> 00:01:50,040
the enter key I'm anywhere in the config.
19
00:01:50,160 --> 00:01:58,840
F I'm in the conflict interface mode and to define a duplex I'm typing Duplaix and Duplaix speed.
20
00:01:58,870 --> 00:02:08,800
And to define the speed for the port I'm typing the speed and the speed that I want command 12:5 to
21
00:02:08,800 --> 00:02:17,620
switch port configuration we can use show on interface and the interface name as the first option.
22
00:02:17,620 --> 00:02:25,240
This command shows us that configuration of the related interface for example in here we are typing
23
00:02:25,240 --> 00:02:27,630
is show run interface.
24
00:02:27,830 --> 00:02:29,590
Fast Internet 0 1.
25
00:02:29,740 --> 00:02:34,990
And here is the whole covert operation of the first Internet 0 1.
26
00:02:34,990 --> 00:02:44,200
As you can see the second option for verifying switchboard configuration is show IP in the race brief
27
00:02:44,200 --> 00:02:45,180
commands.
28
00:02:45,220 --> 00:02:50,020
This command shows the physical status of the interfaces.
29
00:02:50,020 --> 00:02:57,130
And if this is a layered take to recompile build the switch this command also shows the IP addresses
30
00:02:57,370 --> 00:02:59,230
assigned for the interfaces.
31
00:02:59,230 --> 00:03:06,650
For example as you can see here on each one we are typing is show IP interface brave command and vse.
32
00:03:06,810 --> 00:03:11,190
We can't see the physical state of the ports in here.
33
00:03:11,200 --> 00:03:19,330
And as you can see some ports are in up mode some of them are in administratively down mode and we can
34
00:03:19,330 --> 00:03:28,010
see the IP addresses assigned to switch ports because the this layer to recap able to switch.
35
00:03:28,300 --> 00:03:39,550
The third option to verify the switch port configuration is the show interfaces and the interface interface
36
00:03:39,550 --> 00:03:40,510
name command.
37
00:03:40,630 --> 00:03:48,910
This command shows the physical status of the interface such as if this is up or down or something like
38
00:03:48,910 --> 00:03:49,320
that.
39
00:03:49,360 --> 00:03:58,220
And this command also shows some useful information such as NTEU bandwidth delay.
40
00:03:58,270 --> 00:04:06,100
If we have some input errors or not or if we have some secrecies or something like that we can monitor
41
00:04:06,190 --> 00:04:07,060
all of them.
42
00:04:07,180 --> 00:04:19,150
This command Let's take a look at the series security now as we talk before we should we always use
43
00:04:19,250 --> 00:04:30,100
S-sh instead of talent because S-sh and creep's the WHO Conexion to configure the S-sh as a remote connection
44
00:04:30,100 --> 00:04:44,820
portico on asswage or Commandery s crypto key generate RSA general keys models and 1024.
45
00:04:45,430 --> 00:04:52,650
But first we should create a domain name to activate S-sh on our DeWyze.
46
00:04:52,660 --> 00:05:03,220
Here is the domain name configuration IP domain name and we are typing air arbitrary domain name then
47
00:05:03,640 --> 00:05:11,740
to generate the crypto keys we are typing the crypto key generate RSA general keys models and the key
48
00:05:11,740 --> 00:05:16,640
more than the size which is 1024 bits for this example.
49
00:05:18,590 --> 00:05:22,940
Let's take a look to the local arena work ethic to attract types.
50
00:05:22,940 --> 00:05:32,150
Now we do have security measures and controls in place your network might be subject to an attack.
51
00:05:32,150 --> 00:05:36,790
Some attacks are passive meaning information is monitored.
52
00:05:36,920 --> 00:05:45,650
Others are active meaning the information is altered with intent to corrupt or destroy the data or the
53
00:05:45,890 --> 00:05:47,690
network itself.
54
00:05:47,750 --> 00:05:55,390
You're not of works and data are Wooler built to any of the following types of attacks such as Mac faluting
55
00:05:55,650 --> 00:06:01,030
the ACP spoofing Talmud ethics and the CPA attacks.
56
00:06:01,070 --> 00:06:09,370
If you do not have a security plan in place you may face with all of these attack sites.
57
00:06:09,380 --> 00:06:17,930
Let's start with the Mac fluting for us in computer networking emic fluting is a technique employed
58
00:06:17,930 --> 00:06:26,600
to compromise the security of networks to which they attack works by forcing it they get made to make
59
00:06:26,600 --> 00:06:34,190
table contents out of the switch and forcing a unicast flooding the area or potentially sending sensitive
60
00:06:34,190 --> 00:06:43,280
information of portions of the network where it is not normally intended to go sewage maintain a make
61
00:06:43,280 --> 00:06:49,640
table that maps individual Neka addresses on the network to the physical ports on the switch as you
62
00:06:49,650 --> 00:06:58,430
know and this ellos the switch to direct data out of physical port where the recipient is located as
63
00:06:58,520 --> 00:07:07,490
opposed to indiscriminately broadcasting the data out all of its ports as an Internet hub does either
64
00:07:07,520 --> 00:07:17,120
type Mac fooling attack and switch is fed many Ethernet frames each containing different source make
65
00:07:17,140 --> 00:07:18,900
addresses by the attacker.
66
00:07:19,070 --> 00:07:27,290
The intention is to consume the limited memory set aside in the switch to store the Mac address table.
67
00:07:27,290 --> 00:07:36,590
As you can see in here we are an attacker and our attacker Fluke's can table it frames with numerous
68
00:07:36,820 --> 00:07:44,340
and Blitzers make addresses and will hosts cannot create scam entries anymore.
69
00:07:44,540 --> 00:07:53,750
Then in the second step normal traffic is flooded out all of its ports because no Kim into his existe
70
00:07:53,750 --> 00:07:56,150
for the well-led horses.
71
00:07:57,620 --> 00:08:01,290
Let's take a look to the JCP spoofing.
72
00:08:01,300 --> 00:08:10,130
Now this this is a special kind of attack where attackers can gain access to network traffic by spoofing
73
00:08:10,130 --> 00:08:13,210
responses that would miss them by.
74
00:08:13,310 --> 00:08:21,080
Well it did C-p server collect PCs sending DCP requests on the network.
75
00:08:21,080 --> 00:08:28,340
This request is broadcast and all hosts on the local area network will receive it.
76
00:08:28,340 --> 00:08:35,540
As you know guys already DHC server knows what this request means actually.
77
00:08:35,610 --> 00:08:44,480
And in the normal situation only the real delayed sleep is chervil will replied that request DCP So
78
00:08:44,620 --> 00:08:53,000
is there replied the client with a message that will configure the host client PC with IP address subnet
79
00:08:53,000 --> 00:08:59,820
mask and the default gateway when we Ebtekar PC in the network.
80
00:08:59,900 --> 00:09:05,920
He will simulate the ATP server on his host PC with this action.
81
00:09:05,930 --> 00:09:16,190
He will be able to reply to the DCP request before the real day is over because it's closer to the client
82
00:09:16,250 --> 00:09:25,010
husked it will configure the client host with IP address of that subnet but it will also give to host
83
00:09:25,020 --> 00:09:34,220
false default gateway address and maybe even false DNS server address DNS server and default gateway
84
00:09:34,280 --> 00:09:39,530
address will both be IP address of attacking attackers.
85
00:09:39,680 --> 00:09:47,540
Computers in this manner he will point out all the communication of the client host to himself.
86
00:09:47,690 --> 00:09:55,010
Later he will make it possible to forward friends from class host to real destinations in order to make
87
00:09:55,340 --> 00:09:58,410
communication of client possible.
88
00:09:58,410 --> 00:10:07,490
Clients will not know that his communication is always going to Ebtekar PC and that attacker can easily
89
00:10:07,490 --> 00:10:08,770
sniff friends.
90
00:10:08,810 --> 00:10:17,950
To mitigate this attack we can use the HCB snooping method which we are going to see on our later slides.
91
00:10:18,680 --> 00:10:21,690
And let's go ahead with the telnet issues.
92
00:10:21,690 --> 00:10:31,070
We talked a lot of about this thing as you know and as we talked before tell that is an unsecure remote
93
00:10:31,370 --> 00:10:39,770
connection protocol because it does not encrypted communication tell it can also be used as a part of
94
00:10:39,770 --> 00:10:47,850
the didoes attacks and because of this we should always use S-sh instead of telnet.
95
00:10:48,540 --> 00:10:57,170
And let's go with how we can secure our So which parts to secure our suites ports which means their
96
00:10:57,290 --> 00:10:58,560
interfaces.
97
00:10:58,610 --> 00:11:01,130
We have three options.
98
00:11:01,130 --> 00:11:07,010
First we should shut down our Onias ports.
99
00:11:07,010 --> 00:11:10,770
Second we should use DHC snooping.
100
00:11:10,820 --> 00:11:14,940
And third we should use port security
101
00:11:17,360 --> 00:11:21,480
if we are not using a physical port.
102
00:11:21,500 --> 00:11:30,620
We should always shut down it manually because of mitigating the physical layer attacks unused ports
103
00:11:30,650 --> 00:11:33,560
always must be kept shut on.
104
00:11:33,920 --> 00:11:39,600
So to configure manual shutdown we are getting into the interface mode again.
105
00:11:40,410 --> 00:11:47,640
Interface and the interface name that we want to shut down and the command is pretty straightforward
106
00:11:47,940 --> 00:11:58,150
we're using shut down command and we are shut down and administratively shut down the port and let's
107
00:11:58,150 --> 00:12:04,090
go ahead with the SEP snooping in computer networking.
108
00:12:04,300 --> 00:12:14,330
Snooping is a series of techniques like to improve the security of the sleepy infrastructure when the
109
00:12:14,780 --> 00:12:22,330
servers are allocating IP addresses to the clients on the local area network disappeared snooping can
110
00:12:22,330 --> 00:12:31,220
be configured on a local area network so it's to prevent malicious or malformed DHC traffic or road
111
00:12:31,330 --> 00:12:41,320
did C-p service in additional information on a horse which have successfully completed the DCP transaction
112
00:12:41,410 --> 00:12:51,940
is reeled in a database of bindings which made them be used by other security or accounting features.
113
00:12:52,260 --> 00:12:56,460
So let's go ahead how we can configure it DHC snooping.
114
00:12:56,490 --> 00:13:05,910
Now to call here at DGP snooping we're getting into the coffee more than first we're global enabling
115
00:13:06,180 --> 00:13:12,960
the snooping by typing IP DCP snooping command.
116
00:13:12,960 --> 00:13:22,880
The second thing we are going to do is we're tapping IP diciples snooping Melanne and we're defining
117
00:13:22,880 --> 00:13:24,400
the real numbers.
118
00:13:24,560 --> 00:13:29,990
Then we are going to use for the database snooping in the third step.
119
00:13:30,020 --> 00:13:35,060
We are enabling DGP auction 18:3 by typing.
120
00:13:35,150 --> 00:13:45,560
I did see this snooping information option then we're defining the number of acceptable DCP packet per
121
00:13:45,560 --> 00:13:55,320
second force which ports by typing IP the snooping limit rate and the rate that we want.
122
00:13:55,640 --> 00:14:04,140
Then in the last step we're defining the seeping through us to port IP the city snooping.
123
00:14:04,140 --> 00:14:07,970
Trust is the comment that we are using for this.
124
00:14:08,030 --> 00:14:13,770
Please keep in mind that for transports and DCP So we're ports.
125
00:14:13,910 --> 00:14:19,830
We should define these command.
126
00:14:19,940 --> 00:14:23,180
Let's go ahead with the port security now.
127
00:14:23,360 --> 00:14:31,520
You can use port security feature to restrict input to an interface by limiting and identifying the
128
00:14:31,690 --> 00:14:37,670
make up addresses of the workstations that are allowed to access port.
129
00:14:38,060 --> 00:14:45,740
If airport is configured as a secure port and the maximum number of secure Miracle-Gro aggressors is
130
00:14:46,010 --> 00:14:53,930
reached when the Mac address of every workstation attempting to access to the port is different from
131
00:14:54,050 --> 00:14:59,760
any identified secure MAC addresses and securely elation or cures.
132
00:14:59,930 --> 00:15:07,340
And we have three violation modes and they are shut down protect and restrict.
133
00:15:08,360 --> 00:15:19,380
So as they go to the port security in our slide now or at any year we ever switch port and we have a
134
00:15:19,380 --> 00:15:21,470
hop connect to to this.
135
00:15:21,570 --> 00:15:31,940
So which part as you get seen here in the hub we have two pieces and they are p.s. one and PC two which
136
00:15:31,940 --> 00:15:40,310
means we have to make calderas this behind the hour.
137
00:15:40,380 --> 00:15:49,920
So which part are if we define port security for this part of the switch and if we go every year in
138
00:15:49,920 --> 00:15:55,820
the year we put security of maximum mix of three for example.
139
00:15:56,100 --> 00:16:10,440
And if I plug a PC which is PC 3 and more PC which is PC for that means airport security while lation
140
00:16:12,890 --> 00:16:19,700
as I told you we have three ports they killed the Welshman's and they are shut down.
141
00:16:19,820 --> 00:16:29,900
Pro-sex and restraint in shut down but we're blocking all traffic and placed the port into errored disable
142
00:16:29,910 --> 00:16:30,330
mode.
143
00:16:30,350 --> 00:16:34,300
We are shut down and our ports are switch port.
144
00:16:34,670 --> 00:16:41,270
If a violation occurs in the project we are blocking the traffic who makes the wireless.
145
00:16:41,300 --> 00:16:45,920
And we are allowing our other means for example in here.
146
00:16:45,920 --> 00:16:49,780
We are just looking through traffic of the PC for.
147
00:16:49,850 --> 00:16:59,070
But PC one two and three is to can go hat and in the restrict month we are booking through every room
148
00:16:59,150 --> 00:17:02,450
makes the world Asian and EHLO either.
149
00:17:02,480 --> 00:17:11,560
And this time we are also creating a log message to configure Iris port security.
150
00:17:11,710 --> 00:17:20,210
We're getting into the interface more by typing interface and the name of the interface then we're typing
151
00:17:20,210 --> 00:17:20,960
switchboard.
152
00:17:20,960 --> 00:17:31,430
Port security and enabling the port security now but as you can see in here command is rejected because
153
00:17:32,030 --> 00:17:40,970
Frist is zero one is a dynamic port which means we need to type we need to define air access we want
154
00:17:40,970 --> 00:17:49,380
for the switch port that we need to configure the port security because of this when we are typing switchboard.
155
00:17:49,390 --> 00:17:53,630
More access then we're typing the switchboard.
156
00:17:53,630 --> 00:18:04,130
Port security command after switchboard port secure the maximum and we're defining the maximum MAC addresses
157
00:18:04,460 --> 00:18:06,390
that can be learned from that.
158
00:18:06,380 --> 00:18:14,330
So each port l the last step we are typing switchboard port security to whale Asian and we are defending
159
00:18:14,350 --> 00:18:17,180
the violation more which is.
160
00:18:17,180 --> 00:18:27,440
For this example airport security will wishing can make airport to and error or disable Maut ports must
161
00:18:27,440 --> 00:18:36,250
be read to it by using shut down and the nose shut down commands after the device is removed.
162
00:18:36,250 --> 00:18:41,690
To me each makes the way election we can't use the show interfaces.
163
00:18:41,700 --> 00:18:47,270
There is an air disabled command to monitor the disabled ports.
164
00:18:47,270 --> 00:18:56,770
For example let's say that first 0 1 got into the area disabled mode to react to it.
165
00:18:56,780 --> 00:19:04,730
This port we are getting into the conflict if more by typing interface faster 0 1 and we're typing shut
166
00:19:04,730 --> 00:19:10,340
down first then we need to type no shut down to activate it.
18960
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.