Configuring Banner Messages, 262 | Cisco Systems RJ-45-to-AUX

Privilege level 0 is a special level that allows the user to use a more specific defined set of commands. As an example, you could allow a certain user to use only the show arp command. This command is useful when a third party is using a sniffer on your network and needs to match a MAC address to an IP address and vice versa.

Configuring Banner Messages

You have probably messed around on a non−production router or switch and placed your own saying or name in a banner. In a production environment, your switch or router greets potential threats to your network with a banner message.

Tip	Although this task seems miniscule, it is very important to your security. Many times, a hacker has
	gotten away with his crime and a district attorney has decided not to pursue hacking charges,
	because the greeting welcomed intruders into the network. Never use the word welcome in your
	banner messages!

Physical Device Security

Physical access to all devices on your network should be included in your access policy. Because of all types of vulnerabilities and back doors that might be available, protecting the physical access of a machine on your network is extremely important. Any one person with physical access and the correct knowledge can easily apply known techniques on a given device and gain access. Therefore, it is important to have some physical barrier between your devices and the average user. In addition, passwords should be applied to all access points that are open via the network.

Note	A proper physical environment allows for locking the room where devices are kept, locking
	device racks, and securing backup power sources and physical links. You should also verify
	that passwords are applied at all levels, and you should disable unused or unnecessary ports
	(including AUX ports) on your network.
Tip	Make sure that your room provides for proper ventilation and temperature controls while
	providing the listed security.

Port Security

The Cisco IOS provides a feature called port security that lets you limit the MAC addresses that are allowed to use the ports on a switch. MAC addresses come pre−configured on a Network Interface Card (NIC), and because of applied industry−wide standards, no two NIC cards have the same MAC address. By configuring certain MAC addresses to use a switch port, you greatly increase control over which PCs can access the switch.

Here is how port security works: When a port on the switch receives data frames, it will compare the source MAC address to the secure source address learned by the switch. If a port receives data from a MAC address that has not yet been previously identified, the switch will lock that port and mark the port as disabled. A light on that port will then turn orange, indicating that the port has been disabled.

Note A trap link down message will automatically be sent to the SNMP manager if SNMP has been configured.

You should know a few things before trying to apply port security:

∙Do not apply port security to trunk links, because they carry data from multiple VLANs and MAC addresses.

∙Port security cannot be enabled on a Switched Port Analyzer (SPAN) source or destination port.

∙You cannot configure dynamic or static Content Addressable Memory (CAM) entries on a secure port.

Cisco Systems RJ-45-to-AUX manual Configuring Banner Messages, Physical Device Security, 262

Models: RJ-45-to-AUX

Configuring Banner Messages

Physical Device Security

Port Security

262