Home > Articles > Cisco Certification > CCIE > Basic Cisco IOS Software and Catalyst 3550 Series Security

Basic Cisco IOS Software and Catalyst 3550 Series Security

Chapter Description

Become comfortable with basic Cisco IOS Software and Catalyst 3550 security features with an introduction to password management, disabling unnecessary services, setting up secure HTTP and NTP services, and SSH.

FAQs

  1. What is basic Cisco IOS Software security?

  1. Basic IOS security comprises the features that are available in Cisco IOS Software to protect your router and, in turn, your network from unauthorized activities. It is the first line of software defense that is relatively easy to implement and should always be used unless your particular circumstances dictate otherwise.

  1. How do I protect my NTP services?

  1. You can protect your NTP services by applying an access list to NTP for access restriction. You can also apply an access list that specifies NTP services to an interface. MD5 encryption is used for authenticating NTP peers to ensure their identity.

  1. Why do I need HTTP services on the router?

  1. To simplify the tasks of router access and management, HTTP offers web-based services with a browser look and feel.

  1. What kind of password-management techniques does Cisco IOS Software have?

  1. Cisco IOS Software supports enable passwords, which control access to administrative-level commands on a router. There are also line passwords, which control access to a router, be it locally via a console port or remotely through an auxiliary port or virtual terminal access.

  1. What is the purpose of SSH?

  1. SSH is an alternative to Telnet service. Telnet service sends traffic in cleartext and can easily be intercepted by an attacker. SSH is implemented to provide security by encrypting traffic between the SSH server and a client. It is available in the newer versions of Cisco IOS Software.

  1. Why do I need to disable some services on the router?

  1. Unused services on the router always present a security risk. They can be manipulated in a variety of ways to aid an attacker in his pursuit. If a service is not used, you should turn it off. If you must use the service, make securing that service one of your primary concerns.

  1. Why do I need port security on the switch?

  1. Port security on the switch is a way to limit access to a port to only those devices whose MAC addresses are explicitly allowed, either through manual configuration or by being dynamically learned.