Scribd
Upload
206 views4 pages

Ch6: PT Activity 4 - Device Hardening: Objective

Uploaded by

Mercy Tendage
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
206 views4 pages

Ch6: PT Activity 4 - Device Hardening: Objective

Uploaded by

Mercy Tendage
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Cisco Health Information Networking

Ch6: PT Activity 4 – Device Hardening

Objective
• Configure basic network device hardening to adhere to the organization’s security policies.

Background and Preparation


The network administrator of the MedGroup network is configuring the HQ router for device hardening. The
security policies specify that:
1. Passwords with a minimum length of 10 characters are required to access network devices.
2. Connections to the console port and vty lines should disconnect if left idle for 20 minutes.
3. All passwords in the configuration file must be encrypted.
4. CDP should be enabled for the internal network but disabled for the external network. That is, network
devices inside the MedGroup network can use CDP to learn about each other, but devices on the Internet
cannot use CDP to learn about network devices in the MedGroup network.
In this lab, you will configure the HQ router to implement these security policies.

Step 1: Configure the minimum-length-of-password requirement.


a. Configure the HQ router to accept passwords with a minimum length of 10 characters.
b. Enter the enable secret cisco command on HQ. What message is displayed?

…………………………………………..…………………………………………...
c. Enter the enable secret ciscoclass command on HQ.
d. Verify that the password has been accepted.

Step 2: Configure the console and vty lines with a password and timeout value.
a. Enter the password ciscoline0 and login commands at the console port.

b. Enter password ciscovty15 and login commands for vty lines 0 to 15.
c. Use the exec-timeout command to configure the console port and vty lines so that a session will be
automatically disconnected if it is idle for more than 20 minutes.

All contents are Copyright © 1992– Page 1 of 4


2010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Cisco Health Information Networking

Step 3: Enable password encryption for all clear text passwords in the configuration file.
a. Use the show running-config command on the HQ router. Verify that the passwords show in
plain text.
b. Issue the service password-encryption command on the HQ router.

c. Use the show running-config command on the HQ router. Verify that the passwords are now
shown in an encrypted format.

Step 4: Configure CDP operation.


a. Use the show cdp neighbors command on the HQ router. How many devices are listed?
…………………………………………..
b. Use the show cdp neighbors command on the ISP router. How many devices are listed?
…………………………………………..
c. Use the no cdp enable command on the HQ router so that the ISP router cannot see CDP
information about HQ router. On which interface should the command be entered?
…………………………………………..
d. Issue the clear cdp table command on both the HQ and ISP routers. Wait 60 seconds.
e. Access the ISP router. The password to access EXEC mode is ciscoclass. Issue the clear cdp
table command. Wait 60 seconds.

f. Issue the show cdp neighbors command on the HQ router. How many devices are listed?
…………………………………………..
g. Issue the show cdp neighbors command on the ISP router. How many devices are listed?
…………………………………………..
HQ Router Configuration
HQ#sh
run
Building configuration...

Current configuration : 903 bytes


!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption security
passwords min-length 10
!
hostname HQ
!
enable secret 5 $1$mERr$UBS6AqpcFjkupAnmSUCGG.
! ! interface
FastEthernet0/0
ip address [Link] [Link]
duplex auto speed auto
! interface
FastEthernet0/1 no ip
address duplex auto
speed auto shutdown

All contents are Copyright © 1992– Page 2 of 4


2010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Cisco Health Information Networking

!
interface Serial0/0/0
ip address [Link] [Link]
encapsulation ppp
no cdp enable
!
interface Serial0/0/1
no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
!
line con 0
exec-timeout 20 0
password 7 0822455D0A16091E1C0E5C
logging synchronous
login
line vty 0 4
exec-timeout 20 0
password 7 0822455D0A1613030B5A59
login
line vty 5 15
exec-timeout 20 0
password 7 0822455D0A1613030B5A59
login
!
!
end

All contents are Copyright © 1992– Page 3 of 4


2010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

All contents are Copyright © 1992– Page 4 of 4

You might also like