live-campus-mcs-p-2027.2/Semaine_02/Jour_04.md

# Sécurité en réseau

## Cours

### Travail dirigé

- Sécuriser le port console
- Sécuriser le passage au niveau 2 (*enable*)
- Sécuriser les ports réseau (*port-security*)
- Metter en place le SSH (*sur VLAN dédié*)

- BDPU Guard (*protéger le port d'un branchement à un autre switch*)
- ACLs (*standard et étendue*)
- Théorie des pare-feux

## Exercices

### Exercice 1

### Exercice 2

#### Partie 1

**Routeur**
```
enable
	conf t
		interface Gig0/1
			ip address 192.168.0.1 255.255.255.0
			no shutdown
			ip default-gateway 192.168.0.1
		interface Gig0/1
			ip address 192.168.1.1 255.255.255.0
			no shutdown
			ip default-gateway 192.168.1.1
		no ip domain-lookup
		enable secret class
		line console 0
			password cisco
			login
		line vty 0 4
			password cisco
			login
			transport input all
		service password-encryption
		banner motd # You shan't access this very device without permission #
		end
write memory
```

**Switch**
```
enable
	conf t
		vlan 10
			name VLAN10
			exit
		interface FastEthernet0/5
			switchport mode access
			switchport access vlan 99
			spanning-tree portfast
		interface FastEthernet0/6
			switchport mode access
			switchport access vlan 99
			spanning-tree portfast
		interface vlan 10
			ip address 192.168.1.2 255.255.255.0
			no shutdown
			ip default-gateway 192.168.1.1
		no ip domain-lookup
		enable secret class
		line console 0
			password cisco
			login
		line vty 0 4
			password cisco
			login
			transport input all
		service password-encryption
		banner motd # You shan't access this very device without permission #
		end
write memory
```

### Exercice 3

#### Liste des commandes utiles

| Commandes                                               | Descriptions                                                     |
|---------------------------------------------------------|------------------------------------------------------------------|
| conf t                                                  | Activate configuration from terminal                             |
| interface *interface*                                   | Go in interface to configure it properly                         |
| ip access-group *ACL_name* **{in\|out}**                | Activate and apply ACL to interface                              |
| **ip access-list extended** *ACL_name*                  | Define ACL and go into conf mode                                 |
| **{permit\|deny}** {test conditions}                    | Defined apply policy for said ACL                                |
| **show access-lists** *ACL_name*                        | Display all ACLs content                                         |
| **show ip interface** *interface-type interface number* | Display IP infos from specific interface, including applied ACLs |

####

```
router> enable
router# configure terminal
router(config)# access-list 10 deny 10.1.1.101 0.0.0.0
router(config)# access-list 10 permit any
router(config)# line vty 0 4
router(config-line)# access-class 10 in
router(config-line)# exit
router(config)# interface GigabitEthernet0/0
router(config-if)# ip access-group 10 in
router(config)# exit
router# write memory
```

### Exercice 4

#### Tâche 1

```
ping 172.16.1.100
traceroute 172.16.1.100
```

```
show interfaces Gig0/1
conf t
	ip route 0.0.0.0 0.0.0.0 209.165.201.2
	end
write memory
```

#### Tâche 2

```
telnet 172.16.1.100 23
telnet 172.16.1.100 80
```

### Exercice 5

**R1**
```
enable
	conf t
		interface Gig0/0
			ip address 192.168.0.5 255.255.255.252
			no shutdown
		interface Gig0/1
			ip address 192.168.0.2 255.255.255.252
			no shutdown
		router ospf 21
			network 192.168.0.0 0.0.0.3 area 0
		router ospf 13
			network 192.168.0.4 0.0.0.3 area 0
		no ip domain-lookup
		end
write memory
```

**R2**
```
enable
	conf t
		interface Gig0/0
			ip address 192.168.0.10 255.255.255.252
			no shutdown
		interface Gig0/1
			ip address 192.168.0.6 255.255.255.252
			no shutdown
		interface Gig0/2
			ip address 192.168.100.254 255.255.255.0
			no shutdown
		router ospf 32
			network 192.168.0.8 0.0.0.3 area 0
		router ospf 21
			network 192.168.0.0 0.0.0.3 area 0
		no ip domain-lookup
		ip routing
		end
write memory
```

**R3**
```
enable
	conf t
		interface Gig0/0
			ip address 192.168.0.1 255.255.255.252
			no shutdown
		interface Gig0/1
			ip address 192.168.0.9 255.255.255.252
			no shutdown
		interface Gig0/2
			ip address 192.168.200.254 255.255.255.0
			no shutdown
		router ospf 13
			network 192.168.0.4 0.0.0.3 area 0
		router ospf 32
			network 192.168.0.8 0.0.0.3 area 0
		no ip domain-lookup
		ip routing
		end
write memory
```


### Exercice 6