Download pdf - Free Books

More documents

Recommendations

Info

Section 13 IPexpert’s CCIE Security Proctor Guide – Version 4.1 9 - Advanced Security and Attacks Configuration (12 Points) 9.1 - Filtering Java and ActiveX applets (2 Points) a) Setup the PIX to block the downloading of Java and ActiveX applets from anywhere. pixfirewall(config)#filter java 80 0 0 0 0 pixfirewall(config)#filter activex 80 0 0 0 0 9.2 - Allow Remote Management of the PIX (2 Points) a) Setup the PIX firewall so that the PC at 10.1.1.100 can telnet into the PIX for remote management. Change the default Telnet password to ccie. pixfirewall(config)#telnet 10.1.1.100 255.255.255.255 inside pixfirewall(config)#passwd ccie Verify by telnetting from the ACS server. 9.3 - Time-Based Access List (2 Points) a) You do not want users on R6 Ethernet Network access a special application that uses TCP port 25000, during the Weekdays between 9:00 AM to 4:00 PM. b) It is OK for them to use the application at other times. R6(config)#time-range WEEKDAYS R6(config-time-range)#periodic weekdays 09:00 to 15:59 R6(config)#access-list 131 deny tcp 192.1.6.0 0.0.0.255 any eq 25000 time-range WEEKDAYS R6(config)#access-list 131 permit ip any any R6(config)#int fa0/0 R6(config-if)#ip access-group 131 in 9.4 - Time-Based Access List (2 Points) a) You do not want users on R6 Ethernet Network to use a customized application that uses UDP port 20000, on the Weekend between 10:00 AM to 3:00 PM. b) It is OK for them to use the application at other times. Since this is on the same interface, make sure to merge this into the existing accesslist. R6(config)#time-range WEEKEND R6(config-time-range)#periodic weekend 10:00 to 14:59 R6(config)#ip access-list extended 131 R6(config-ext-nacl)#no permit ip any any 364 Copyright IPexpert, Inc. (http://www.ipexpert.com) 2007. All Rights Reserved.
IPexpert’s CCIE Security Proctor Guide – Version 4.1 Section 13 R6(config-ext-nacl)#deny udp 192.1.6.0 0.0.0.255 any eq 20000 timerange WEEKEND R6(config-ext-nacl)#permit ip any any R6#show access-list 131 Extended IP access list 131 10 deny tcp 192.1.6.0 0.0.0.255 any eq 25000 time-range WEEKDAYS (inactive) 20 deny udp 192.1.6.0 0.0.0.255 any eq 20000 time-range WEEKEND (inactive) 30 permit ip any any R6#show time-range time-range entry: WEEKDAYS (inactive) periodic weekdays 9:00 to 15:59 used in: IP ACL entry time-range entry: WEEKEND (inactive) periodic weekend 10:00 to 14:59 used in: IP ACL entry R6# 9.5 - Disable Unnecessary Services (2 Points) a) Disable the DHCP Service on R6. b) Verify that it is disabled by typing Show ip socket. R6#show ip socket Proto Remote Port Local Port In Out Stat TTY OutputIF 17 0.0.0.0 0 6.6.6.6 5060 0 0 211 0 17 --listen-- 6.6.6.6 68 0 0 1 0 17 --listen-- 6.6.6.6 2887 0 0 11 0 17 0.0.0.0 0 6.6.6.6 67 0 0 2211 0 17 0.0.0.0 0 6.6.6.6 2517 0 0 11 0 88 --listen-- 6.6.6.6 26 0 0 0 0 17 192.1.12.65 514 6.6.6.6 56286 0 0 211 0 17 --listen-- 6.6.6.6 123 0 0 1 0 R6# R6(config)#no service dhcp R6#show ip socket Proto Remote Port Local Port In Out Stat TTY OutputIF 17 0.0.0.0 0 6.6.6.6 5060 0 0 211 0 17 --listen-- 6.6.6.6 68 0 0 1 0 17 --listen-- 6.6.6.6 2887 0 0 11 0 17 0.0.0.0 0 6.6.6.6 2517 0 0 11 0 88 --listen-- 6.6.6.6 26 0 0 0 0 17 192.1.12.65 514 6.6.6.6 56286 0 0 211 0 17 --listen-- 6.6.6.6 123 0 0 1 0 R6# Copyright IPexpert, Inc. (http://www.ipexpert.com) 2007. All Rights Reserved. 365
Page 1 and 2:
Ultimate Lab Preparation Workbook F
Page 3 and 4:
Introduction IPexpert’s Ultimate
Page 5 and 6:
Introduction IPexpert’s Ultimate
Page 7 and 8:
EULA IPexpert’s Ultimate Preparat
Page 9 and 10:
Table of Contents IPexpert’s Ulti
Page 11 and 12:
Table of Contents IPexpert’s Ulti
Page 13 and 14:
Section 6 IPexpert’s Ultimate Pre
Page 15 and 16:
Section 6 IPexpert’s Ultimate Pre
Page 17 and 18:
Section 13 IPexpert’s Ultimate Pr
Page 19 and 20:
Page 21 and 22:
Page 23 and 24: Section 13 IPexpert’s Ultimate Pr
Page 25 and 26: Section 13 IPexpert’s Ultimate Pr
Page 27 and 28: IPexpert’s CCIE Security Proctor
Page 73: IPexpert’s CCIE Security Proctor
Page 77: IPexpert, Inc. Product Order Form F
show all

Download pdf - Free Books

Create successful ePaper yourself

Delete template?

Save as template?