Overview

This Module begins with a discussion on best practices for Layer 2 security. The student will be introduced to multiple physical network scenarios and given vulnerabilities and mitigation techniques for each.

The SDM Security Audit Feature is discussed next. SDM contains a unique Security Audit wizard that provides a comprehensive Router Security Audit. SDM uses Cisco Technical Assistance Center (TAC) and International Computer Security Association (ICSA) recommended security configurations as the basis for comparisons and default settings.

The enterprise management of VPNs will also be discussed. Management is one of the greatest challenges in the implementation of large scale site-to-site and remote access VPNs. The primary role of the Management Center for VPN Routers (Router MC) is to manage Site-to-Site VPNs. The key topics necessary to understand VPNs will be explored. A firm understanding of how Router MC operates will help to better manage large scale VPNs.

Finally, the student will also learn about the Simple Network Management Protocol (SNMP). SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth. SNMP is often used to gather statistics and remotely monitor network infrastructure devices. It is a very simplistic protocol and therefore has virtually no security built into its original version. However, when used properly, the information gathering attributes of SNMP can effectively assist the administrator with security.

NOTE:

It is required that the student study the commands covered in the chapter using the labs and the Command Reference. Not all required commands are covered in sufficient detail in the text alone. Successful completion of this course requires a thorough knowledge of command syntax and application.