Project Phase 4

CIS225 – Project Phase 4

Congratulations, you have set up your new cable network in a rural area that will be serving a small neighborhood. Your network currently consist of 6 houses but is expected to grow to include all of the 500 houses in the area. The only other network alternative to your system is satellite networking which is very slow and prone to outages. You will be providing both cable TV and internet access through your network so make sure you are providing enough speed in your network for your customers.

Be sure to use only your class B network as you will receive no credit for using some else’s network.

Your network is:

10._____.0.0/16

In this part of your project you will be building the ISP section of your network connecting to the Internet using a serial port connection from your router.

Make sure you use your Project Phase 3 file- they continue to build off of each other.

Now that you have set up your network it is important to set up security. This will be done at three levels, network security, port security, and local authentication of the network.

Task 1 – Securing your routers

By default your routers have no security so you need to set up security in the routers. In this task you will set up basic security on your ISPRouter2 and ISPRouter3.

ISPRouter2(config)# service password-encryption

ISPRouter2(config)# enable secret password

ISPRouter2(config)# username student privilege 15 secret password

ISPRouter2(config)# exit

ISPRouter2# exit

ISPRouter3(config)# service password-encryption

ISPRouter3(config)# enable secret password

ISPRouter3(config)# username student privilege 15 secret password

ISPRouter3(config)# exit

ISPRouter3# exit

Now attempt to enable your privilege mode in both routers. Your router will now ask for a password which will be password. Take a screenshot of your login and password.

Type a show run into your router to verify that your passwords are now encrypted in your router.

Now you will type the following into your router to set up the rest of your initial security. Follow these steps for ISPRouter1 and ISPRouter3 as well.

SSH

ISPRouter2(config)# hostname ISPRouter2

ISPRouter2(config)# ip domain-name ecpi.edu

ISPRouter2(config)# crypto key generate rsa general-keys modulus 1024

ISPRouter2(config)# ip ssh version 2

ISPRouter2(config)# ip ssh authentication-retries 3

ISPRouter2(config)# ip ssh time-out 120

LINE VTY

ISPRouter2(config)# line vty 0 4

ISPRouter2(config-line)# login local

ISPRouter2(config-line)# transport input ssh

ISPRouter2(config-line)# exec-timeout 3

ISPRouter2(config-line)# exit

LINE CONSOLE

ISPRouter2(config)# line console 0

ISPRouter2(config-line)# login local

ISPRouter2(config-line)# exec-timeout 3

ISPRouter2(config-line)# exit

BANNERS

ISPRouter2(config)# banner motd c

This is a private system, please log off c

ACCESS LOG

ISPRouter2(config)# login block-for 10 attempts 3 within 20

ISPRouter2(config)# login on-failure log

ISPRouter2(config)# login on-success log

Does this configuration allow you to connect using Telnet or only SSH? Why is this important?

Deliverables for Task 1

· Screenshot of login to ISPRouter2

· Screenshot of failed login on ISPRouter2

· Answer the question about Telnet and SSH

Task 2 – Securing you switch and connect via SSH

Switch security is slightly different then router security although much of the process stays the same. In this task you will be securing your ISPSwitch1 and remotely connecting to it via SSH.

First you need to make sure you have named your switch and put it onto your domain.

Switch(config)# hostname ISPSwitch1

ISPSwitch(config)# ip domain-name ecpi.edu

Now you will need to set up local logon information for your switch

ISPSwitch1 (config)# service password-encryption

ISPSwitch1 (config)# enable secret password

ISPSwitch1 (config)# username student privilege 15 secret password

ISPSwitch1 (config)# exit

ISPSwitch1 # exit

Log back into your switch to verify it requires the password password to login.

Now you will need to assign an IP address to the switch and turn the IP address on

ISPSwitch1 (config)# interface vlan 1

ISPSwitch1 (config-if)# ip address 10.___.1.2 255.255.255.0

ISPSwitch1 (config-if)# no shutdown

ISPSwitch1 (config-if)# exit

Now set up SSH on your switch

ISPSwitch1 (config)# crypto key generate rsa general-keys modulus 1024

ISPSwitch1 (config)# ip ssh version 2

ISPSwitch1 (config)# ip ssh authentication-retries 3

ISPSwitch1 (config)# ip ssh time-out 120

LINE VTY

ISPSwitch1 (config)# line vty 0 4

ISPSwitch1 (config-line)# login local

ISPSwitch1 (config-line)# transport input all

ISPSwitch1 (config-line)# exec-timeout 3

ISPSwitch1 (config-line)# exit

LINE CONSOLE

ISPSwitch1 (config)# line console 0

ISPSwitch1 (config-line)# login local

ISPSwitch1 (config-line)# exec-timeout 3

ISPSwitch1 (config-line)# exit

BANNERS

ISPSwitch (config)# banner motd c

This is a private system, please log off c

Take a screenshot of your running-config on ISPSwitch1.

Go to your PC1, open a command prompt and type the following (you will need to have your Cable_HomeNetwork.pkt connected to your network):

PC1: ssh – l student 10.___.1.2

When asked for a password type password into the system. Take a screenshot.

Are you able to log into the switch from your PC? Why or Why not?

Deliverables for Task 2

· Screenshot of running-config on ISPSwitch1

· Screenshot of SSH from PC in command prompt

· Answer the question

Task 3 – Securing you switch using Port Security

Adding port security to your switch will allow you to limit your vulnerabilities from someone randomly plugging a system into your switch to access your network.

Port security is a layer 2 control feature for switches in a network. It allows individual switch ports to allow only a specified MAC addresses in from the port. This will allow make it so a hacker can’t disconnect your system and plug in their own and get into the system.

In this task you will be using ISPSwitch2.

Make sure your ISPServer is plugged into the Fa0/1 port and your TVServices server is on Fa0/2 of ISPSwitch2.

Ping from ISPServer to ISPRouter2 (its default gateway) at 10.___.50.1. You should be able to ping this address.

Now go to your ISPServer, click on the command prompt and type ipconfig /all

Note the Physical Address which is the system’s MAC address.

Go into your switch and program it as follows

ISPSwitch2(config)# interface fa0/1

ISPSwitch2(config-if)# switchport mode access

ISPSwitch2(config-if)# switchport port-security

ISPSwitch2(config-if)# switchport port-security mac-address sticky

ISPSwitch2(config-if)# switchport port-security mac-address sticky ____.____.____

Take a screenshot of your configuration for fa0/1.

Now we’ll verify that your port security is working. Place a PC next to your ISPServer and move your cable from the server to the PC. Set the IP address on your PC to 10.___.50.12, subnet mask to 255.255.255.0 and default gateway to 10.___.50.1.

Take a screenshot.

Let’s take a look at the port security settings on Fa0/1 of the switch:

ISPSwitch2# show port-security interface fa0/1

Attempt to ping from your PC to the router 10.___.50.1. Take a screenshot of your ping.

What happened to the link between the PC and the switch? Go to the switch and investigate by typing the following again. What is different this time with the output of the command:

ISPSwitch2# show port-security interface fa0/1

Take a screenshot.

Let’s go ahead and remove the PC and move the connection back to the server. Reset the switch port by shutting it down and bringing it back up:

ISPSwitch2#interface fa0/1

ISPSwitch2#shutdown

ISPSwitch2#no shutdown

Deliverable for Task 3

· Screenshot of your configuration for fa0/1 with port security

· Screenshot of PC plugged into ISPSwitch2 showing port security was successful

· Screenshot of show port-security interface fa0/1 on ISPSwitch2

· Screenshot of server connected back to ISPSwtich2