4.5 KiB
4.5 KiB
Sécurité en réseau
Cours
Travail dirigé
-
Sécuriser le port console
-
Sécuriser le passage au niveau 2 (enable)
-
Sécuriser les ports réseau (port-security)
-
Metter en place le SSH (sur VLAN dédié)
-
BDPU Guard (protéger le port d'un branchement à un autre switch)
-
ACLs (standard et étendue)
-
Théorie des pare-feux
Exercices
Exercice 1
Exercice 2
Partie 1
Routeur
enable
conf t
interface Gig0/1
ip address 192.168.0.1 255.255.255.0
no shutdown
ip default-gateway 192.168.0.1
interface Gig0/1
ip address 192.168.1.1 255.255.255.0
no shutdown
ip default-gateway 192.168.1.1
no ip domain-lookup
enable secret class
line console 0
password cisco
login
line vty 0 4
password cisco
login
transport input all
service password-encryption
banner motd # You shan't access this very device without permission #
end
write memory
Switch
enable
conf t
vlan 10
name VLAN10
exit
interface FastEthernet0/5
switchport mode access
switchport access vlan 99
spanning-tree portfast
interface FastEthernet0/6
switchport mode access
switchport access vlan 99
spanning-tree portfast
interface vlan 10
ip address 192.168.1.2 255.255.255.0
no shutdown
ip default-gateway 192.168.1.1
no ip domain-lookup
enable secret class
line console 0
password cisco
login
line vty 0 4
password cisco
login
transport input all
service password-encryption
banner motd # You shan't access this very device without permission #
end
write memory
Exercice 3
Liste des commandes utiles
| Commandes | Descriptions |
|---|---|
| conf t | Activate configuration from terminal |
| interface interface | Go in interface to configure it properly |
| ip access-group ACL_name {in|out} | Activate and apply ACL to interface |
| ip access-list extended ACL_name | Define ACL and go into conf mode |
| {permit|deny} {test conditions} | Defined apply policy for said ACL |
| show access-lists ACL_name | Display all ACLs content |
| show ip interface interface-type interface number | Display IP infos from specific interface, including applied ACLs |
router> enable
router# configure terminal
router(config)# access-list 10 deny 10.1.1.101 0.0.0.0
router(config)# access-list 10 permit any
router(config)# line vty 0 4
router(config-line)# access-class 10 in
router(config-line)# exit
router(config)# interface GigabitEthernet0/0
router(config-if)# ip access-group 10 in
router(config)# exit
router# write memory
Exercice 4
Tâche 1
ping 172.16.1.100
traceroute 172.16.1.100
show interfaces Gig0/1
conf t
ip route 0.0.0.0 0.0.0.0 209.165.201.2
end
write memory
Tâche 2
telnet 172.16.1.100 23
telnet 172.16.1.100 80
Exercice 5
R1
enable
conf t
interface Gig0/0
ip address 192.168.0.5 255.255.255.252
no shutdown
interface Gig0/1
ip address 192.168.0.2 255.255.255.252
no shutdown
router ospf 21
network 192.168.0.0 0.0.0.3 area 0
router ospf 13
network 192.168.0.4 0.0.0.3 area 0
no ip domain-lookup
end
write memory
R2
enable
conf t
interface Gig0/0
ip address 192.168.0.10 255.255.255.252
no shutdown
interface Gig0/1
ip address 192.168.0.6 255.255.255.252
no shutdown
interface Gig0/2
ip address 192.168.100.254 255.255.255.0
no shutdown
router ospf 32
network 192.168.0.8 0.0.0.3 area 0
router ospf 21
network 192.168.0.0 0.0.0.3 area 0
no ip domain-lookup
ip routing
end
write memory
R3
enable
conf t
interface Gig0/0
ip address 192.168.0.1 255.255.255.252
no shutdown
interface Gig0/1
ip address 192.168.0.9 255.255.255.252
no shutdown
interface Gig0/2
ip address 192.168.200.254 255.255.255.0
no shutdown
router ospf 13
network 192.168.0.4 0.0.0.3 area 0
router ospf 32
network 192.168.0.8 0.0.0.3 area 0
no ip domain-lookup
ip routing
end
write memory