Fin de la semaine 3

2025-12-19 14:14:02 +01:00
parent a90f2385f3
commit aad907f110
64 changed files with 2622 additions and 0 deletions
--- a/Semaine_02/Jour_04.md
+++ b/Semaine_02/Jour_04.md
@@ -0,0 +1,207 @@
+# Sécurité en réseau
+
+## Cours
+
+### Travail dirigé
+
+- Sécuriser le port console
+- Sécuriser le passage au niveau 2 (*enable*)
+- Sécuriser les ports réseau (*port-security*)
+- Metter en place le SSH (*sur VLAN dédié*)
+
+- BDPU Guard (*protéger le port d'un branchement à un autre switch*)
+- ACLs (*standard et étendue*)
+- Théorie des pare-feux
+
+## Exercices
+
+### Exercice 1
+
+### Exercice 2
+
+#### Partie 1
+
+**Routeur**
+```
+enable
+	conf t
+		interface Gig0/1
+			ip address 192.168.0.1 255.255.255.0
+			no shutdown
+			ip default-gateway 192.168.0.1
+		interface Gig0/1
+			ip address 192.168.1.1 255.255.255.0
+			no shutdown
+			ip default-gateway 192.168.1.1
+		no ip domain-lookup
+		enable secret class
+		line console 0
+			password cisco
+			login
+		line vty 0 4
+			password cisco
+			login
+			transport input all
+		service password-encryption
+		banner motd # You shan't access this very device without permission #
+		end
+write memory
+```
+
+**Switch**
+```
+enable
+	conf t
+		vlan 10
+			name VLAN10
+			exit
+		interface FastEthernet0/5
+			switchport mode access
+			switchport access vlan 99
+			spanning-tree portfast
+		interface FastEthernet0/6
+			switchport mode access
+			switchport access vlan 99
+			spanning-tree portfast
+		interface vlan 10
+			ip address 192.168.1.2 255.255.255.0
+			no shutdown
+			ip default-gateway 192.168.1.1
+		no ip domain-lookup
+		enable secret class
+		line console 0
+			password cisco
+			login
+		line vty 0 4
+			password cisco
+			login
+			transport input all
+		service password-encryption
+		banner motd # You shan't access this very device without permission #
+		end
+write memory
+```
+
+### Exercice 3
+
+#### Liste des commandes utiles
+
+| Commandes                                               | Descriptions                                                     |
+|---------------------------------------------------------|------------------------------------------------------------------|
+| conf t                                                  | Activate configuration from terminal                             |
+| interface *interface*                                   | Go in interface to configure it properly                         |
+| ip access-group *ACL_name* **{in\|out}**                | Activate and apply ACL to interface                              |
+| **ip access-list extended** *ACL_name*                  | Define ACL and go into conf mode                                 |
+| **{permit\|deny}** {test conditions}                    | Defined apply policy for said ACL                                |
+| **show access-lists** *ACL_name*                        | Display all ACLs content                                         |
+| **show ip interface** *interface-type interface number* | Display IP infos from specific interface, including applied ACLs |
+
+####
+
+```
+router> enable
+router# configure terminal
+router(config)# access-list 10 deny 10.1.1.101 0.0.0.0
+router(config)# access-list 10 permit any
+router(config)# line vty 0 4
+router(config-line)# access-class 10 in
+router(config-line)# exit
+router(config)# interface GigabitEthernet0/0
+router(config-if)# ip access-group 10 in
+router(config)# exit
+router# write memory
+```
+
+### Exercice 4
+
+#### Tâche 1
+
+```
+ping 172.16.1.100
+traceroute 172.16.1.100
+```
+
+```
+show interfaces Gig0/1
+conf t
+	ip route 0.0.0.0 0.0.0.0 209.165.201.2
+	end
+write memory
+```
+
+#### Tâche 2
+
+```
+telnet 172.16.1.100 23
+telnet 172.16.1.100 80
+```
+
+### Exercice 5
+
+**R1**
+```
+enable
+	conf t
+		interface Gig0/0
+			ip address 192.168.0.5 255.255.255.252
+			no shutdown
+		interface Gig0/1
+			ip address 192.168.0.2 255.255.255.252
+			no shutdown
+		router ospf 21
+			network 192.168.0.0 0.0.0.3 area 0
+		router ospf 13
+			network 192.168.0.4 0.0.0.3 area 0
+		no ip domain-lookup
+		end
+write memory
+```
+
+**R2**
+```
+enable
+	conf t
+		interface Gig0/0
+			ip address 192.168.0.10 255.255.255.252
+			no shutdown
+		interface Gig0/1
+			ip address 192.168.0.6 255.255.255.252
+			no shutdown
+		interface Gig0/2
+			ip address 192.168.100.254 255.255.255.0
+			no shutdown
+		router ospf 32
+			network 192.168.0.8 0.0.0.3 area 0
+		router ospf 21
+			network 192.168.0.0 0.0.0.3 area 0
+		no ip domain-lookup
+		ip routing
+		end
+write memory
+```
+
+**R3**
+```
+enable
+	conf t
+		interface Gig0/0
+			ip address 192.168.0.1 255.255.255.252
+			no shutdown
+		interface Gig0/1
+			ip address 192.168.0.9 255.255.255.252
+			no shutdown
+		interface Gig0/2
+			ip address 192.168.200.254 255.255.255.0
+			no shutdown
+		router ospf 13
+			network 192.168.0.4 0.0.0.3 area 0
+		router ospf 32
+			network 192.168.0.8 0.0.0.3 area 0
+		no ip domain-lookup
+		ip routing
+		end
+write memory
+```
+
+
+### Exercice 6