Enterasys ANG-3000 Guide de l'utilisateur Page 349
- Page / 414
- Table des matières
- DEPANNAGE
- MARQUE LIVRES
Noté. / 5. Basé sur avis des utilisateurs
XSR User’s Guide 315
Chapter 13 General Security Precautions
Configuring Security on the XSR
The attacker does not send any other packet, and the state machine of the host
remains in CLOSE_WAIT state until the keep-alive timer resets it to the
CLOSED state. To protect against this attack the XSR checks for TCP packets
with both SYN and FIN flags set. With protection always enabled, these
packets are harmlessly dropped.
This feature is supported for packets destined for the XSR. Transit packets
will be checked.
General Security Precautions
To ensure security on the XSR, we recommend you take these precautions:
Limit physical access
Avoid connecting a modem to the console port
Download the latest security patches
Retain secured backup copies of device configurations
Plan all configuration changes and prepare a back-out procedure if
they go wrong
Keep track of all configuration changes made to all devices
Create a database that tracks the OS version, description of last
change, back-out procedure, and administrative owner of all routers
Avoid entering clear text passwords in the configuration script
Be sure to change all default passwords
Use strong passwords not found in the dictionary
Change passwords when the IT staff departs
Age passwords after 30 to 60 days
Grant the correct privilege levels to particular users only
Set reasonable timeouts for console and remote management sessions
If you must enable PPP on the WAN, use CHAP authentication
Disable all unnecessary router services (e.g., HTTP, if not used)
Write strict ACLs to limit HTTP, Telnet and SNMP access
Write ACLs to limit the type of ICMP messages
- XSR-1805 1
- User’s Guide 1
- APPROVED 3
- TE-2002/195 3
- Industry Canada Notices 4
- Product Safety 4
- Class A ITE Notice 4
- VCCI Notice 5
- BSMI (EMC) Statement - Taiwan 5
- Australian Telecom 6
- Enterasys Networks, Inc 6
- PROGRAM LICENSE AGREEMENT 6
- DECLARATION OF CONFORMITY 9
- Table of Contents 11
- Chapter 5 – Configuring IP 15
- Chapter 6 – Configuring PPP 17
- Chapter 12 – Configuring DHCP 27
- About This Guide 31
- CTRL+ALT+DEL) 33
- Getting Help 34
- 2 XSR User’s Guide 36
- Chapter 1 36
- Managing the XSR 39
- Connecting via Telnet 40
- Connecting via SSH 41
- Table 1 CLI Session Limits 42
- XSR User’s Guide 9 43
- XSR(config)# 45
- XSR User’s Guide 13 47
- Table 4 CLI Syntax 48
- 16 XSR User’s Guide 50
- XSR User’s Guide 17 51
- This adds serial port 2/1:1 54
- This adds serial port 2/1:2 54
- XSR User’s Guide 21 55
- Managing XSR Interfaces 57
- Managing Message Logs 59
- Performing Fault Management 60
- Using the Real-Time Clock 60
- XSR User’s Guide 27 61
- SWITCHCORD 62
- ELAN 1 ELAN 2 COM 62
- Bulk Configuration Management 63
- Managing the Software Image 65
- XSR User’s Guide 33 67
- XSR User’s Guide 35 69
- XSR User’s Guide 37 71
- XSR User’s Guide 39 73
- Shaping Trap Traffic 75
- Network Management Tools 76
- Fault Report 77
- Auto-discovery 77
- Statistics 77
- Alarm Management (Traps) 77
- Software Image Download 78
- Managing LAN/WAN Interfaces 79
- Configuring the LAN 80
- MIB Statistics 81
- Overview of WAN Interfaces 82
- WAN Features 82
- Configuring the WAN 83
- Configuring T1/E1 Interfaces 85
- T1/E1 Subsystem Configuration 86
- XSR User’s Guide 53 87
- Troubleshooting T1/E1 Links 88
- T1/E1 Alarm Analysis 91
- 58 XSR User’s Guide 92
- T1/E1 Error Events Analysis 94
- 64 XSR User’s Guide 98
- interface loopback 98
- ARP and Proxy ARP 99
- BOOTP/DHCP Relay 100
- Broadcast 100
- XSR User’s Guide 67 101
- command 102
- XSR User’s Guide 69 103
- IP Interface 104
- Secondary IP 104
- Table 7 105
- XSR User’s Guide 106
- Chapter 5 General IP Features 107
- Configuring IP 107
- 74 XSR User’s Guide 108
- General IP Features Chapter 5 108
- Traceroute 109
- IP Routing Protocols 110
- Triggered-on-Demand RIP 111
- 80 XSR User’s Guide 114
- XSR User’s Guide 81 115
- Static Routes 116
- Routing Priorities 116
- Default Network 117
- Network Address Translation 118
- 86 XSR User’s Guide 120
- 88 XSR User’s Guide 122
- IETF MIBs Supported 127
- Configuring RIP Examples 128
- XSR User’s Guide 95 129
- Configuring OSPF Example 130
- Configuring NAT Examples 131
- Internet 133
- Configuring VRRP Example 134
- Router XSRb 135
- Configuring PPP 137
- Link Control Protocol (LCP) 138
- Authentication 139
- 106 XSR User’s Guide 140
- PPP Features Chapter 6 140
- Link Quality Monitoring (LQM) 141
- Multilink PPP (MLPPP) 141
- IP Control Protocol (IPCP) 142
- Chapter 6 PPP Features 143
- 110 XSR User’s Guide 144
- 112 XSR User’s Guide 146
- XSR User’s Guide 113 147
- Configuring BAP 148
- XSR User’s Guide 115 149
- XSR User’s Guide 117 151
- XSR2 Configuration 152
- Configuring Frame Relay 153
- 120 XSR User’s Guide 154
- Overview Chapter 7 154
- Frame Relay Features 155
- Multi-Protocol Encapsulation 156
- Address Resolution 156
- XSR User’s Guide 123 157
- 124 XSR User’s Guide 158
- XSR User’s Guide 125 159
- Sub-interface Support 162
- User Interfaces 162
- Displaying Statistics 163
- Frame Relay 164
- Central Sites 164
- Branch Sites 164
- Charlotte 165
- On the Charlotte XSR, enter: 167
- On the Denver XSR, enter: 167
- Configuring Dialer Services 169
- 136 XSR User’s Guide 170
- XSR User’s Guide 137 171
- Time of Day feature 172
- Typical Use for Dial Services 172
- Ethernet Backup 172
- Implementing Dial Services 173
- Dialer Profiles 174
- Dialer Interface 174
- Dialer Strings 175
- Dialer Pool 175
- Addressing Dialer Resources 175
- Configuring Encapsulation 175
- ISDN Callback 176
- 2/2 - shared between them 178
- 146 XSR User’s Guide 180
- Sample Dialer Configuration 181
- Configuring ISDN Callback 182
- XSR User’s Guide 149 183
- Overview of Dial Backup 184
- Sequence of Backup Events 184
- Link Failure Backup Example 186
- XSR User’s Guide 153 187
- Sample Configuration 188
- Answering Incoming ISDN Calls 192
- Incoming Call Mapping Example 193
- XSR User’s Guide 161 195
- Configuring DoD/BoD 196
- Chapter 8 Configuring DoD/BoD 197
- XSR User’s Guide 165 199
- XSR User’s Guide 171 205
- XSR User’s Guide 177 211
- Bandwidth-on-Demand 213
- Backup Configuration 215
- XSR User’s Guide 183 217
- XSR User’s Guide 185 219
- Digital Network (ISDN) 221
- BRI Features 222
- PRI Features 222
- Understanding ISDN 223
- B-Channels 224
- D-Channel 224
- D-Channel Standards 225
- ISDN Equipment Configurations 226
- Bandwidth Optimization 227
- Security 228
- Call Monitoring 228
- ISDN Configuration 229
- 196 XSR User’s Guide 230
- ISDN Configuration Chapter 9 230
- XSR User’s Guide 197 231
- PRI Configuration Model 232
- 200 XSR User’s Guide 234
- More Configuration Examples 235
- ISDN BRI 236
- BRI Leased Line 236
- BRI Leased PPP 236
- BRI Leased Frame Relay 237
- 204 XSR User’s Guide 238
- 206 XSR User’s Guide 240
- Code Cause 241
- Overview 243
- Features 244
- Mechanisms to Provide QoS 244
- IP Precedence bits 245
- XSR User’s Guide 213 247
- Queuing and Services 248
- XSR User’s Guide 215 249
- Describing Traffic Policing 251
- XSR User’s Guide 219 253
- 220 XSR User’s Guide 254
- Per Interface Configuration 255
- 222 XSR User’s Guide 256
- XSR(config)#class-map class1 256
- XSR(config)#class-map class2 256
- XSR User’s Guide 223 257
- XSR User’s Guide 225 259
- VPN Overview 261
- VPN Overview Chapter 11 262
- Chapter 11 VPN Overview 263
- 230 XSR User’s Guide 264
- Defining VPN Encryption 266
- Digital Signatures 267
- Certificates 268
- CA Hierarchies 269
- Certificate Chains 270
- Pending Mode 272
- DF Bit Functionality 273
- VPN Applications 274
- Site-to-Site Networks 275
- VPN Applications Chapter 11 278
- Using OSPF Over a VPN Network 280
- Chapter 11 VPN Applications 281
- INTERNET 282
- Server 2 287
- Server 1 287
- XSR VPN Features 288
- VPN Configuration Overview 289
- Master Key Generation 290
- ACL Configuration Rules 291
- XSR User’s Guide 259 293
- Creating Crypto Maps 295
- XSR User’s Guide 263 297
- PKI Configuration Options 298
- XSR User’s Guide 265 299
- Interface VPN Options 304
- Central Site 305
- Branch Office 305
- Chooses Diffie-Hellman group 306
- EZ-IPSec Configuration 309
- Remote Access 311
- XSR User’s Guide 279 313
- XSR User’s Guide 281 315
- XSR User’s Guide 283 317
- XSR Configuration 319
- 290 XSR User’s Guide 324
- Hightest is the root CA of 325
- Sales, CN=Scep 326
- XSR User’s Guide 293 327
- 294 XSR User’s Guide 328
- Sys,OU=Sales, CN=Scep 328
- Configuring DHCP 329
- How DHCP Works 331
- DHCP Services 332
- BOOTP Legacy Support 333
- Pool (subnet) 334
- Client Class 334
- Scope Caveat 335
- Manual Bindings 335
- DHCP CLI Commands 336
- Chapter 12 DHCP CLI Commands 337
- DHCP Set Up Overview 338
- Configuration Steps 339
- Enable the DHCP Server 340
- Manual Binding Example 341
- BOOTP Client Support Example 342
- DHCP Option Examples 343
- Access Control Lists 346
- Packet Filtering 346
- LANd Attack 346
- Smurf Attack 347
- Fraggle Attack 347
- Spoofed Address Check 347
- SYN Flood Attack Mitigation 347
- Spurious State Transition 348
- General Security Precautions 349
- AAA Services 350
- Chapter 13 AAA Services 351
- AAA Services Chapter 13 352
- Firewall Feature Set Overview 355
- 322 XSR User’s Guide 356
- Types of Firewalls 357
- 324 XSR User’s Guide 358
- XSR User’s Guide 325 359
- 326 XSR User’s Guide 360
- XSR User’s Guide 327 361
- 328 XSR User’s Guide 362
- Firewall CLI Commands 364
- XSR User’s Guide 333 367
- Firewall Limitations 369
- 336 XSR User’s Guide 370
- XSR User’s Guide 337 371
- Pre-configuring the Firewall 372
- Configuration Examples 373
- Internal 374
- ANY_EXTERNAL allow 375
- 10.10.10.1 376
- PPPoE/NAT/Firewall 376
- XSR User’s Guide 343 377
- XSR with Firewall and VPN 378
- SSR-PS-8 379
- XSR User’s Guide 347 381
- XSR User’s Guide 349 383
- XSR User’s Guide 351 385
- Accounting 386
- Configuring Simple Security 387
- System Limits 389
- 360 XSR User’s Guide 390
- Alarms and Events 392
- Appendix A Alarms and Events 393
- Module Message Description 393
- Alarms and Events Appendix A 394
- 376 XSR User’s Guide 406
- 378 XSR User’s Guide 408
- 380 XSR User’s Guide 410
- 382 XSR User’s Guide 412
© 2020, manymanuals.fr. Tous droits réservés | 0.048 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commentaires sur ces manuels