WS-C2960S-24TS-S and WS-C2960S-24TS-S Basic Security configuration.

Similar Messages

• WS-C2960S-24TS-S and WS-C2960X-24TS-L Basic Security configuration.

  Greeting's, I would like to start by apologizing as I would require hand-holding, given my lack of experience in Cisco (or any other switches). I have absolutely no knowledge in switch security management but I've been tasked with it given the shortage of personnel. I have a WS-C2960S-24TS-S and WS-C2960X-24TS-L switch that needs to be securely configured. I've done the basics of upgrading the firmware to the latest. Given my lack of any experience whatsoever, please include complete procedures
  I wanted step-by-step guidance of:
  1. Locking down ports by MAC address.
  2. DDoS protection.
  3. Lock down login from all but 1 IP and only allow browser based SSL login. No TELNET, SSH or other method.
  4. Shutting down any services on the switch.
  5. Shutting down password recovery.
  6. Enabling highest supported encryption for sensitive (passwords). While I'm posting this I've just read that level 7 encryption can be cracked.
  Any other recommended security steps to secure the switch.
  Thanking in advance,
  Parth

  Hello, Parth Maniar.
  1. look at the command "switchport port-security" inside interfaces (documentation: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/port_sec.pdf ).
  2. There is not much you can do for DDoS protection. Also it depend on IOS version (is your IOS lite or base). You can use a command from 1 point, also use a commands of "storm-control" (inside interface), "switchport block [type]" (inside interface), and if your IOS is not lite you can also use arp-spoofing protection and dhcp-spoofing protection.
  3. To turn off ssh and telnet:
  line vty 0 4
   transport input none
  exit
  line vty 5 15
   transport input none
  exit
  For turning off http access: no ip http server
  To limit access only from 1 IP address to HTTPS server:
  access-list 1 remark ------- ACL for HTTPS access ------------------------
  access-list 1 permit [permited IP]
  access-list 1 deny any log
  access-list 1 remark ------- END of ACL for HTTPS access -----------------
  ip http access-class 1
  And for configuration HTTPS server: http://www.cisco.com/c/en/us/td/docs/ios/termserv/command/reference/tsv_book/tsv_s1.pdf
  4. Use the command "service ?" to see all possible services for your swith. And with "no" before the command you can turn off all service that is no need for you (for example "no service dhcp").
  5. You can't shut it down because you can recover password only by rebooting switch and pushing "mode" button after this. Here is procedure for recovery password: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-2950-series-switches/12040-pswdrec-2900xl.html
  After reading it you can undenstand why you can't turn it off.
  6. Yes, level 7 encryption can be cracked. So you can store your passwords as md5. You can use commands:
  enable secret [password]
  username [name] secret [password]
  After this cisco will encrypt your password by md5 hash and at configuration you'll see it as "username [name] secret 5 [md5 hash]"
  What else you can use for securety matters:
  - logging (command "login on-failure log every [numbers of fails]" must be!). Documentation: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_55_se/configuration/guide/scg_2960/swlog.html
  Also you can use a configuration bellow to log all changes at configuration:
  archive
    log config
   exit
  exit
  - turn off lldp and cdp protocols to the end users sides (you can google it).
  - use SNMP for getting status of the switch and ports and analyse it for anomalies.
  - use a command inside interfaces: "spanning-tree guard root" (don't use this connamd at the ports where is connected your another switches) and "spanning-tree bpduguard enable" (use a second command if you are not planing to connect another switch to this port).
  - use a command " switchport nonegotiate" at the all ports.
  - also you can use this commands:
  no ip source-route
  ip arp proxy disable
  no ip icmp redirect

• I tried to buy an app and itunes keeps asking for a security code.  What is a security code?  I do not have one.  I have a password.

  I tried to buy an app and itunes keeps asking for a security code.  What is a security code?  I only have a password! And ID

  Are you using a credit card?
  http://store.apple.com/au/help/payments#creditus
  Security codes
  The credit card security code is a unique three or four digit number printed on the front (American Express) or back (Visa/MasterCard) of your card.

• I'm trying to reset my security questions because I got a new iPad mini and I don't remember the security questions but when I try to reset it it says email sent, but I never get the email. Help!

  I'm trying to reset my security questions because I don't remember them. But every time it says they have been sent to me. I never receive them and I know for sure I'm on the right email address. Help!

  You can contact iTunes Support and have them reset them:
  ACCOUNT SECURITY CONTACT NUMBERS
  Cheers,
  GB

• I am trying to get minecraft for my iPod touch. When I put in my apple ID it says that I have to verify that I can buy it. I click ok I pulls up a site ask me for my apple ID and then I put in my security questions. After that it ask me some weird questio

  I am trying to get minecraft for my iPod touch. When I put in my apple ID it says that I have to verify that I can buy it. I click ok I pulls up a site ask me for my apple ID and then I put in my security questions. After that it ask me some weird question like Who Is your favorite teacher and another question like what is your least favorite car model. I did not set those as my secure questions. So can u please help me

  Forgotten Security Questions/Answers
  You need to contact Apple by:
  1 - Use the Express lane and start here:
  https://expresslane.apple.com
  then click More Products and Services>Apple ID>Other Apple ID Topics>Forgotten Apple ID security questions.
  or
  Apple - Support -form iTunes Store - Contact Us
  2 - Call Apple in your country by getting the number from here:
  http://support.apple.com/kb/HE57
  or           
  Apple ID: Contacting Apple for help with Apple ID account security
  3 - Use your rescue email address if you set one up
  Rescue email address and how to reset Apple ID security questions
  For general  information see:
  Apple ID: All about Apple ID security questions

• I am trying to change some settings in my Apple and I do not remember my security question answers. When I click on sent a reset email, an old email address (no longer accessible ) comes up. This email address is nowhere in my profile. Ideas??

  I want to change some security settings in my Apple ID and it asks to answer some security questions that I have no clue why I am answering them wrong. So then I check off send a reset email to change them and the email address comes up with an old email address I no longer can access. That email address is nowhere in my profile! My profile has 3 email address that are active but not this one. HELP... Thank you so much beforehand

  You need to ask Apple to reset your security questions. To do this, click here and pick a method; if that page doesn't list one for your country or you're unable to call, fill out and submit this form.
  (121062)

• Problem with Rescue and Recovery after installing Norton Internet Security 2010

  Hi all.
  It's my first time in this forum.
  I have a problem, with Rescue and Recovery, after installing Norton Internet Security 2010 on my T43.
  The message I get it:
  "Rescue and Recovery is unable to back up the file 'C:\Documents and settings\all Users\Application Data\ Norton\ 00000082\00000109\000003c1\cltMLS1.bat' Because the file is either corrupted or being used by another application. Please close any application that could be using the file.
  I tried to close the Norton but I couldn't find how.
  Tanks
  Doron71

  Hi and welcome to the forum,
  the reason for this situation is, that the antivir files are protected from being modified.
  This is the reason, why this file cannot be backed up. I assume, that you would get much more such messages, as there are surelly multiple files files, that are protected like this.
  So the solution is to block folders from being archived. Please start RnR application and in the configuration set this folder as the excluded one.
  This will skip the backup of this file and will fix your situation.
  Please let me know, if you have covered this.
  Cheers

• Safari, chrome and firefox cannot verify identity of secure websites after upgrading to 10.7.4,  apple engineers have tried multiple things including operating system with no success

  safari, chrome and firefox cannot verify identity of secure websites after upgrading to 10.7.4,  apple engineers have tried multiple things including operating system with no success

  There are several threads about this problem, most notably one called 'Invalid Certificates' is over 4 pages long.  Many of us have experienced difficulty connecting to banking and other secure sites.  On my Macbook Pro, I cannot get to my banking site with any browser, however I can get there on my iMac using Safari, but get the 'Invalid Certificate' notice with FF and Chrome.  The problem started after the installation of 10.7.4.  I have sent a message to Apple--they will be dismayed to hear that I cannot complete an order at their online store!

• I just created an iCloud email and I want to use that email for my iTunes account as well. I need help suiting the old apple I'd because I do not remember anything associated with that email and I don't know the security questions

  I just created an iCloud email and I want to use that email for my iTunes account as well. I need help switching the old apple ID because I do not remember anything associated with that email and I don't know the security questions or the login for that old email.

  You cannot do that.  The AppleID you used to create the iCloud account is an active primary email address.  The email address you created with the iCloud account is also an active primary email address (all Apple domain email address automatically become AppleIDs as well).  You cannot replace the primary email address on one active AppleID with the primary email address on another, active AppleID.
  You can use your iCloud email/AppleID with iTunes, but it will be a separate account, so all your previous purchases remain tied to the other AppleID you have.
  I don't understand your statement that you could not remeber your old AppleID password, as you would have had to use it to create the iCloud account in the first place (the first step of creating the iCloud account required you to login with your existing AppleID and password)?

• I have to reset factory settings but Apple ID is old email no longer used. I can't recall the password and when I went to answer security questions it told me my date of birth was wrong. How do i rest password but get it sent to my current email addr

  I have to reset factory settings but Apple ID is old email no longer used. I can't recall the password and when I went to answer security questions it told me my date of birth was wrong. How do i rest password but get it sent to my current email address

  Go to http://iforgot.apple.com to get help with your password.

• My iPhone 5 has broken and is being replaced with a new iPhone tomorrow. However, My carrier (orange) will b picking up my broken iPhone and I am unsure how to secure the content and icloud data on the broken phone. Is there a way to display the data?

  My iPhone 5 has broken and is being replaced with a new iPhone tomorrow. However, My carrier (orange) will b picking up my broken iPhone and I am unsure how to secure the content and icloud data on the broken phone. Is there a way to disable the data held on it and ensure that if it is fixed, nobody can use/see my data and access my account?

  Hi Gazpan,
  Thanks for visiting Apple Support Communities.
  I recommend using the steps in this article to back up your iPhone if possible:
  iOS: Back up and restore your iOS device with iCloud or iTunes
  http://support.apple.com/kb/ht1766
  You may also find this advice helpful for your situation:
  What to do before selling or giving away your iPhone, iPad, or iPod touch
  http://support.apple.com/kb/ht5661
  If you no longer have your iOS device
  If you're using iCloud and Find My iPhone on the device, you can erase the device remotely and remove it from your account by signing in to icloud.com/find, selecting the device, and clicking Erase. When the device has been erased, click Remove from Account.
  If you're unable to complete either of the above steps, you should change your Apple ID password. Changing your password won't remove any personal information that is cached on the device, but it will make sure that the new owner can't delete your information from iCloud.
  Cheers,
  Jeremy

• Export all Errors and warnings event logs from Application, security and system for last 24 hours and send it to IT administrators.

  Dear Team,
  I want a powershell script to export servers event logs into excel and it send that file to IT administrators.
  Excel format:
  Server Name, Log Name, Time, Source, Event ID and Message.
  Require logs:  
  Application, Security, System, DFS Replication and Directory service.
  And these excel file has to be send to Email address.
   And it would be good, if i get a script same for Hard disk space and RAM and CPU utilization.

  Here are some examples:
  http://gallery.technet.microsoft.com/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=logs&f%5B0%5D.Text=Logs%20and%20monitoring&f%5B1%5D.Type=SubCategory&f%5B1%5D.Value=eventlogs&f%5B1%5D.Text=Event%20Logs
  ¯\_(ツ)_/¯

• I have the iphone 4 and PC with Windows Vista Basic. When I bought my iPhone syncs with iTunes on my computer, but now when I try to sync it tells me that Mobile Device Service was closed and I can not synchronize the phone. Try restarting Mobile Device S

  I have the iphone 4 and PC with Windows Vista Basic. When I bought my iPhone syncs with iTunes on my computer, but now when I try to sync it tells me that Mobile Device Service was closed and I can not synchronize the phone. Try restarting Mobile Device Service and uninstall and reinstall Itunes but still giving me the same error.

  http://support.apple.com/kb/HT3965

• I forgot my password for my iTunes account and the email that is associated with my iTunes account no longer works. How do I recover my password and be able to change my security questions?

  I forgot my password for my iTunes account and the email that is associated with my iTunes account no longer works. How do I recover my password and be able to change my security questions?

  Forgotten Security Questions / Answers...
  See Here > Apple ID: Contacting Apple for help with Apple ID account security
            Ask to speak with the Account Security Team...
  Or Email Here  >  Apple  Support  iTunes Store  Contact
  More Info >  Apple ID: All about Apple ID security questions
  Note:
  You can only set up and/or change a Rescue Email Before you forget the questions/answers

• I updated my Iphone 3gs to last version of iOS and now I can't change my configurations of Mail, Contacts, Calendars.

  I updated my Iphone 3gs to last version of iOS and now I can't change my configurations of Mail, Contacts, Calendars.

  Generally that is a sign that the iPhone had previously been jailbroken
  or hacked to work with other than the original wireless provider. The update
  has relocked the iPhone to the original wireless provider. You must
  contact them to see if they provide unlocking and if you qualify.
  If you can get that far, what does it say when you look at
  Settings=>General=>About=>Carrier?