WS-C2960S-24TS-S and WS-C2960S-24TS-S Basic Security configuration.
Greeting's, I would like to start by apologizing. I have absolutely no knowledge in switch security management but I've been tasked with it given the shortage of personnel. I have a WS-C2960S-24TS-S and a WS-C2960S-24TS-S switch that needs to be securely configured. I've done the basic of upgrading the firmware to the latest. Given my lack of any experience whatsoever, please include complete procedures (hand holding, I'm sorry).
I wanted step-by-step guidance of:
1. Locking down ports by MAC address.
2. DDoS protection.
3. Lock down login from all but 1 IP and only allow browser based SSL login. No TELNET, SSH or other method.
4. Shutting down any services on the switch.
5. Shutting down password recovery.
Any other recommended security steps to secure the switch.
Thanking in advance,
Parth
Hi Parth,
I'm not sure if you got this figured out or not but a lot of the stuff you need can be found here: Cisco Guide to Harden Cisco IOS Devices
Regarding the "locking down ports by MAC address", you should think about Port-security.
Similar Messages
-
WS-C2960S-24TS-S and WS-C2960X-24TS-L Basic Security configuration.
Greeting's, I would like to start by apologizing as I would require hand-holding, given my lack of experience in Cisco (or any other switches). I have absolutely no knowledge in switch security management but I've been tasked with it given the shortage of personnel. I have a WS-C2960S-24TS-S and WS-C2960X-24TS-L switch that needs to be securely configured. I've done the basics of upgrading the firmware to the latest. Given my lack of any experience whatsoever, please include complete procedures
I wanted step-by-step guidance of:
1. Locking down ports by MAC address.
2. DDoS protection.
3. Lock down login from all but 1 IP and only allow browser based SSL login. No TELNET, SSH or other method.
4. Shutting down any services on the switch.
5. Shutting down password recovery.
6. Enabling highest supported encryption for sensitive (passwords). While I'm posting this I've just read that level 7 encryption can be cracked.
Any other recommended security steps to secure the switch.
Thanking in advance,
ParthHello, Parth Maniar.
1. look at the command "switchport port-security" inside interfaces (documentation: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/port_sec.pdf ).
2. There is not much you can do for DDoS protection. Also it depend on IOS version (is your IOS lite or base). You can use a command from 1 point, also use a commands of "storm-control" (inside interface), "switchport block [type]" (inside interface), and if your IOS is not lite you can also use arp-spoofing protection and dhcp-spoofing protection.
3. To turn off ssh and telnet:
line vty 0 4
transport input none
exit
line vty 5 15
transport input none
exit
For turning off http access: no ip http server
To limit access only from 1 IP address to HTTPS server:
access-list 1 remark ------- ACL for HTTPS access ------------------------
access-list 1 permit [permited IP]
access-list 1 deny any log
access-list 1 remark ------- END of ACL for HTTPS access -----------------
ip http access-class 1
And for configuration HTTPS server: http://www.cisco.com/c/en/us/td/docs/ios/termserv/command/reference/tsv_book/tsv_s1.pdf
4. Use the command "service ?" to see all possible services for your swith. And with "no" before the command you can turn off all service that is no need for you (for example "no service dhcp").
5. You can't shut it down because you can recover password only by rebooting switch and pushing "mode" button after this. Here is procedure for recovery password: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-2950-series-switches/12040-pswdrec-2900xl.html
After reading it you can undenstand why you can't turn it off.
6. Yes, level 7 encryption can be cracked. So you can store your passwords as md5. You can use commands:
enable secret [password]
username [name] secret [password]
After this cisco will encrypt your password by md5 hash and at configuration you'll see it as "username [name] secret 5 [md5 hash]"
What else you can use for securety matters:
- logging (command "login on-failure log every [numbers of fails]" must be!). Documentation: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_55_se/configuration/guide/scg_2960/swlog.html
Also you can use a configuration bellow to log all changes at configuration:
archive
log config
exit
exit
- turn off lldp and cdp protocols to the end users sides (you can google it).
- use SNMP for getting status of the switch and ports and analyse it for anomalies.
- use a command inside interfaces: "spanning-tree guard root" (don't use this connamd at the ports where is connected your another switches) and "spanning-tree bpduguard enable" (use a second command if you are not planing to connect another switch to this port).
- use a command " switchport nonegotiate" at the all ports.
- also you can use this commands:
no ip source-route
ip arp proxy disable
no ip icmp redirect -
I tried to buy an app and itunes keeps asking for a security code. What is a security code? I only have a password! And ID
Are you using a credit card?
http://store.apple.com/au/help/payments#creditus
Security codes
The credit card security code is a unique three or four digit number printed on the front (American Express) or back (Visa/MasterCard) of your card. -
I'm trying to reset my security questions because I don't remember them. But every time it says they have been sent to me. I never receive them and I know for sure I'm on the right email address. Help!
You can contact iTunes Support and have them reset them:
ACCOUNT SECURITY CONTACT NUMBERS
Cheers,
GB -
I am trying to get minecraft for my iPod touch. When I put in my apple ID it says that I have to verify that I can buy it. I click ok I pulls up a site ask me for my apple ID and then I put in my security questions. After that it ask me some weird question like Who Is your favorite teacher and another question like what is your least favorite car model. I did not set those as my secure questions. So can u please help me
Forgotten Security Questions/Answers
You need to contact Apple by:
1 - Use the Express lane and start here:
https://expresslane.apple.com
then click More Products and Services>Apple ID>Other Apple ID Topics>Forgotten Apple ID security questions.
or
Apple - Support -form iTunes Store - Contact Us
2 - Call Apple in your country by getting the number from here:
http://support.apple.com/kb/HE57
or
Apple ID: Contacting Apple for help with Apple ID account security
3 - Use your rescue email address if you set one up
Rescue email address and how to reset Apple ID security questions
For general information see:
Apple ID: All about Apple ID security questions -
I want to change some security settings in my Apple ID and it asks to answer some security questions that I have no clue why I am answering them wrong. So then I check off send a reset email to change them and the email address comes up with an old email address I no longer can access. That email address is nowhere in my profile! My profile has 3 email address that are active but not this one. HELP... Thank you so much beforehand
You need to ask Apple to reset your security questions. To do this, click here and pick a method; if that page doesn't list one for your country or you're unable to call, fill out and submit this form.
(121062) -
Problem with Rescue and Recovery after installing Norton Internet Security 2010
Hi all.
It's my first time in this forum.
I have a problem, with Rescue and Recovery, after installing Norton Internet Security 2010 on my T43.
The message I get it:
"Rescue and Recovery is unable to back up the file 'C:\Documents and settings\all Users\Application Data\ Norton\ 00000082\00000109\000003c1\cltMLS1.bat' Because the file is either corrupted or being used by another application. Please close any application that could be using the file.
I tried to close the Norton but I couldn't find how.
Tanks
Doron71Hi and welcome to the forum,
the reason for this situation is, that the antivir files are protected from being modified.
This is the reason, why this file cannot be backed up. I assume, that you would get much more such messages, as there are surelly multiple files files, that are protected like this.
So the solution is to block folders from being archived. Please start RnR application and in the configuration set this folder as the excluded one.
This will skip the backup of this file and will fix your situation.
Please let me know, if you have covered this.
Cheers -
safari, chrome and firefox cannot verify identity of secure websites after upgrading to 10.7.4, apple engineers have tried multiple things including operating system with no success
There are several threads about this problem, most notably one called 'Invalid Certificates' is over 4 pages long. Many of us have experienced difficulty connecting to banking and other secure sites. On my Macbook Pro, I cannot get to my banking site with any browser, however I can get there on my iMac using Safari, but get the 'Invalid Certificate' notice with FF and Chrome. The problem started after the installation of 10.7.4. I have sent a message to Apple--they will be dismayed to hear that I cannot complete an order at their online store!
-
I just created an iCloud email and I want to use that email for my iTunes account as well. I need help switching the old apple ID because I do not remember anything associated with that email and I don't know the security questions or the login for that old email.
You cannot do that. The AppleID you used to create the iCloud account is an active primary email address. The email address you created with the iCloud account is also an active primary email address (all Apple domain email address automatically become AppleIDs as well). You cannot replace the primary email address on one active AppleID with the primary email address on another, active AppleID.
You can use your iCloud email/AppleID with iTunes, but it will be a separate account, so all your previous purchases remain tied to the other AppleID you have.
I don't understand your statement that you could not remeber your old AppleID password, as you would have had to use it to create the iCloud account in the first place (the first step of creating the iCloud account required you to login with your existing AppleID and password)? -
I have to reset factory settings but Apple ID is old email no longer used. I can't recall the password and when I went to answer security questions it told me my date of birth was wrong. How do i rest password but get it sent to my current email address
Go to http://iforgot.apple.com to get help with your password.
-
My iPhone 5 has broken and is being replaced with a new iPhone tomorrow. However, My carrier (orange) will b picking up my broken iPhone and I am unsure how to secure the content and icloud data on the broken phone. Is there a way to disable the data held on it and ensure that if it is fixed, nobody can use/see my data and access my account?
Hi Gazpan,
Thanks for visiting Apple Support Communities.
I recommend using the steps in this article to back up your iPhone if possible:
iOS: Back up and restore your iOS device with iCloud or iTunes
http://support.apple.com/kb/ht1766
You may also find this advice helpful for your situation:
What to do before selling or giving away your iPhone, iPad, or iPod touch
http://support.apple.com/kb/ht5661
If you no longer have your iOS device
If you're using iCloud and Find My iPhone on the device, you can erase the device remotely and remove it from your account by signing in to icloud.com/find, selecting the device, and clicking Erase. When the device has been erased, click Remove from Account.
If you're unable to complete either of the above steps, you should change your Apple ID password. Changing your password won't remove any personal information that is cached on the device, but it will make sure that the new owner can't delete your information from iCloud.
Cheers,
Jeremy -
Dear Team,
I want a powershell script to export servers event logs into excel and it send that file to IT administrators.
Excel format:
Server Name, Log Name, Time, Source, Event ID and Message.
Require logs:
Application, Security, System, DFS Replication and Directory service.
And these excel file has to be send to Email address.
And it would be good, if i get a script same for Hard disk space and RAM and CPU utilization.Here are some examples:
http://gallery.technet.microsoft.com/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=logs&f%5B0%5D.Text=Logs%20and%20monitoring&f%5B1%5D.Type=SubCategory&f%5B1%5D.Value=eventlogs&f%5B1%5D.Text=Event%20Logs
¯\_(ツ)_/¯ -
I have the iphone 4 and PC with Windows Vista Basic. When I bought my iPhone syncs with iTunes on my computer, but now when I try to sync it tells me that Mobile Device Service was closed and I can not synchronize the phone. Try restarting Mobile Device Service and uninstall and reinstall Itunes but still giving me the same error.
http://support.apple.com/kb/HT3965
-
I forgot my password for my iTunes account and the email that is associated with my iTunes account no longer works. How do I recover my password and be able to change my security questions?
Forgotten Security Questions / Answers...
See Here > Apple ID: Contacting Apple for help with Apple ID account security
Ask to speak with the Account Security Team...
Or Email Here > Apple Support iTunes Store Contact
More Info > Apple ID: All about Apple ID security questions
Note:
You can only set up and/or change a Rescue Email Before you forget the questions/answers -
I updated my Iphone 3gs to last version of iOS and now I can't change my configurations of Mail, Contacts, Calendars.
Generally that is a sign that the iPhone had previously been jailbroken
or hacked to work with other than the original wireless provider. The update
has relocked the iPhone to the original wireless provider. You must
contact them to see if they provide unlocking and if you qualify.
If you can get that far, what does it say when you look at
Settings=>General=>About=>Carrier?
Maybe you are looking for
-
External Drive No Longer Recognized
I have a DiskGo Edge 500GB external hard drive that will no longer mount on my computer. It was dropped from about two feet, and no longer pops up on my desktop. Originally, when I launched Disk Utility, it would appear on the sidebar, but after abou
-
Facebook export doesn't show all existing albums
Lightroom 5.3 CR 8.3 Windows 8 Hello everyone I have a client who is running into an issue when trying to export pictures to facebook from lightroom 5.3. Everything works great, except, the list of existing albums contains only 25 of their 83 albums
-
Mail - GMAIL - Attachments Not Showing UP
Suddenly on my iPad, for no apparent reasons, some of emails with attachments are showing up just plain ordinary emails with no attachments. There is no paperclip logo on the e-mail. I logged into the account on Safari browser and it appears those em
-
How can i send a MESSAGE from an object to another object?
i've following code: class Receiver { private String str = "Your message is recieved to me."; String sendBack() { return str; class Sender { public static void main(String[] args) { Receiver r = new Receiver();
-
I give an error when installing Mavericks
Hello there. I've downloaded Mavericks installation .dmg, but when start ti install it, in seccend page (after Apple verifing my computer) it says "Could not find installation information on for this machine". What should I do? I have Macbook pro wit