CCNA 4

Chapter 4
Network Security

Rainier Pimentel
Chap 4 – Net Sec – Lab 1

200.1.3.1/24 200.1.3.1/24

200.1.3.1/24 200.1.3.2/24

200.1.4.100/24
200.1.1.100/24

200.1.1.1/24 200.1.4.1/24

Rainier Pimentel
Minimum Password Length

2620-R3(config)#security passwords MIN-length 10

2620-R3(config)#enable secret cisco

% Password too short - must be at least

10 characters. Password configuration
failed

2620-R3(config)#enable secret cisco12345

CANNOT BE DONE IN PACKET TRACER 5.2

Rainier Pimentel
FOUR Primary Classes Of Attacks

1. Reconnaissance
2. Access
3. Denial of Service
4. Worms, Viruses, and Trojan Horses
Reconnaissance
 Reconnaissance is the unauthorized discovery
and mapping of systems, services, or
vulnerabilities.
 Reconnaissance is similar to a thief surveying a
neighborhood for vulnerable homes to break
into.

It is also known as information

gathering.
Reconnaissance attacks can consist of the
following:
 Internet information queries
 Ping sweeps
 Port scans
 Packet sniffers
Reconnaissance : Internet information queries
Reconnaissance : Internet information queries
Reconnaissance : Ping sweeps using Net Tools (IP
scanner)

A ping sweep (also known

as an ICMP sweep) is a
basic network
scanning technique used
to determine which of a
range of IP addresses map
to live hosts (computers). 
Reconnaissance : Port scans
Reconnaissance : Port scans using Port scanner
Reconnaissance : Packet sniffers
Access
 System access is the ability for an intruder to
gain access to a device for which the intruder
does not have password.
 L0phtCrack
 CAIN
Denial of service
 Denial of service (DoS) is when an attacker disables or corrupts networks, systems, with the intent to deny services to intended
users.
 Net Tools (pinger)

C:\> Ping –t 192.168.1.98

C:\>fping –n 1000 –a 192.168.1.47
-n=number of echo request to send
-a=resolve addresses to hostnames
-c=continuous ping
Users are unable to access a company server. The system
logs show that the server is operating slowly because it is
receiving a high level of fake requests for service. Which
type of attack is occurring? 

a. reconnaissance
b. access
c. DoS
d. worm
e. virus
f. Trojan horse

Rainier Pimentel
Users are unable to access a company server. The system
logs show that the server is operating slowly because it is
receiving a high level of fake requests for service. Which
type of attack is occurring? 

a. reconnaissance
b. access
c. DoS
d. worm
e. virus
f. Trojan horse

Rainier Pimentel
Worms, Viruses, and Trojan Horses
 Malicious software can be inserted onto a host to damage or corrupt a
system, replicate itself, or deny access to networks, systems, or services
Simulation: VIRUS
• Create a batch file that will
automatically restart or shutdown or
logoff a computer
• Save the batch file as
love.txt_____________________.bat
• Send the file by email

Rainier Pimentel
An IT director has begun a campaign to remind users to
avoid opening e-mail messages from suspicious sources.
Which type of attack is the IT director trying to protect
users from? 

a. DoS
b. DDoS
c. virus
d. access
e. reconnaissance

Rainier Pimentel
An IT director has begun a campaign to remind users to
avoid opening e-mail messages from suspicious sources.
Which type of attack is the IT director trying to protect
users from? 

a. DoS
b. DDoS
c. virus
d. access
e. reconnaissance

Rainier Pimentel
Stages of an Attack
• Today’s attackers have a abundance of targets. In fact
their greatest challenge is to select the most
vulnerable victims. This has resulted in very well-
planned and structured attacks. These attacks have
common logistical and strategic stages. These stages
include;
– Reconnaissance
– Scanning (addresses, ports, vulnerabilities)
– Gaining access
– Maintaining Access
– Covering Tracks
Tools of the Attacker

• The following are a few of the most popular tools used by

network attackers:
– Enumeration tools (dumpreg, netview and netuser)
– Port/address scanners (AngryIP, nmap, Nessus)
– Vulnerability scanners (Meta Sploit, Core Impact, ISS)
– Packet Sniffers (Snort, Wire Shark, Air Magnet)
– Root kits
– Cryptographic cracking tools (Cain, WepCrack)
– Malicious codes (worms, Trojan horse, time bombs)
– System hijack tools (netcat, MetaSploit, Core Impact)
Password Recovery Procedures
1. Connect to the console port.
2. Use the show version command to view and record
the configuration register
3. Use the power switch to turn off the router, and then
turn the router back on.
4. Press Break on the terminal keyboard within 60 seconds
of power up to put the router into ROMmon.
5. At the rommon 1> prompt Type confreg 0x2142.
6. Type reset at the rommon 2> prompt. The router
reboots, but ignores the saved configuration.
7. Type no after each setup question, or press Ctrl-C to
skip the initial setup procedure.
8. Type enable at the Router> prompt.
Password Recovery Procedures, 2
9. Type copy startup-config running-config to copy the
NVRAM into memory.
10. Type show running-config.
11. Enter global configuration and type the enable secret command
to change the enable secret password.
12. Issue the no shutdown command on every interface to be used.
Once enabled, issue a show ip interface brief command.
Every interface to be used should display ‘up up’.
13. Type config-register
configuration_register_setting. The
configuration_register_setting is either the value recorded in Step 2
or 0x2102 .
14. Save configuration changes using the copy running-config
startup-config command.
Password Recovery (summary)

• Press Break on the terminal keyboard within 60

seconds of power up in order to put the router
into ROMMON.
• rommon 1> confreg 0x2142
• rommon 2> reset
• The router reboots, but ignores the saved
configuration.
• Type no after each setup question

Rainier Pimentel
Password Recovery: Configuration Register

Binary Bit Number

15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
0 0 1 0 0 0 0 1 0 0 0 0 0 0 1 0

Binary Number

Rainier Pimentel
Password Recovery: Configuration Register
0x2102 tells the router to load from flash & NVRAM. It uses bits 13, 8 and 1.

2102
2 1 2
15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
0 0 1 0 0 0 0 1 0 0 0 0 0 0 1 0

• Ignores break
• Boots into ROM if initial boot fails
• 9600 console baud rate default value for most platforms

Rainier Pimentel
Password Recovery: Configuration Register

2142
2 1 4 2
15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
0 0 1 0 0 0 0 1 0 1 0 0 0 0 1 0

• Ignores break
• Boots into ROM if initial boot fails
• 9600 console baud rate
• Ignores the contents of Non-Volatile RAM (NVRAM)
(ignores configuration)

Rainier Pimentel
Password Recovery: Configuration Register

2100
2 1
15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
0 0 1 0 0 0 0 1 0 0 0 0 0 0 1 0

• configures the router to boot to ROM monitor mode.

Rainier Pimentel
The password recovery process begins in which operating
mode and using what type of connection? (Choose two.) 

a. ROM monitor
b. boot ROM
c. Cisco IOS
d. direct connection through the console port
e. network connection through the Ethernet port
f. network connection through the serial port

Rainier Pimentel
The password recovery process begins in which operating
mode and using what type of connection? (Choose two.) 

a. ROM monitor
b. boot ROM
c. Cisco IOS
d. direct connection through the console port
e. network connection through the Ethernet port
f. network connection through the serial port

Rainier Pimentel
END
Rainier Pimentel
Configure a Router to Support SDM

2620-R3#config t
2620-R3(config)#ip http server
2620-R3(config)#ip http secure-server
2620-R3(config)#ip http authentication local
2620-R3(config)#ip http timeout-policy idle 600 life
86400 requests 10000
2620-R3(config)#exit

Rainier Pimentel
Configure a Router to Support SDM

2620-R3(config)#username admin privilege 15

secret 0 cisco
2620-R3(config)#line vty 0 4
2620-R3(config-line)#privilege level 15
2620-R3(config-line)#login local
2620-R3(config-line)#transport input telnet ssh
2620-R3(config-line)#

Rainier Pimentel