Home   | CCNA Certification  |   CCNP Training   | CompTIA |  Boot Camps  |  Free Tutorials   | MS Vista | About Me

 

The Bryant Advantage Bulldog Blog

Chris Bryant's Facebook Fan Page

Join Me On Twitter For CCNA and CCNP Updates!

Over 500,000 Views On Our Video Training Channel!

Subscribe To My RSS Feed!

Network With Me On Linkedin!

 
  More Testimonials >
Visit my blog for free daily Cisco CCNA and CCNP certification questions, my latest free articles and tutorials, and more!


 

 

CCNA Security Certification And CCNP ISCW Tutorial:

SDM And One-Step Lockdown (Part 3)

Previous SDM/ Lockdown Installments: Part 1 Part 2

Chris Bryant, CCIE #12933

 

In the previous two installments of this tutorial, we saw how to use SDM to configure one-step lockdown...but lockdown may be a little too severe for our network.

If you've ever seen any of the many "prison shows" on MSNBC or NatGeo (or TLC, or SPIKE TV, or truTV, or...), you know that a prison lockdown is a serious situation. Basically, the prisoners are secured in their cells and there's very little they can do.

When you perform a lockdown on a Cisco router, there are plenty of things the router can no longer do - and you may need some of those things done!

The One-Step Lockdown is a pretty drastic configuration, and you may want to take an incremental approach to securing your router.   In that case, click the Security Audit button.  

(I've removed the previous configurations to give the Security Audit something to audit.)

CCNA Security Audit Begins

 

After you click the Perform security audit button, SDM then presents us with a summary of the Security Audit feature.

CCNA Security Audit Wizard

After the audit runs, we're presented with a long list of potential security issues, along with passed or not passed.

CCNA Security Audit Results

CCNA Security Audit Results II

Cisco SDM Security Issues

A few points in particular to watch here:

    Line 7 - Cisco Discovery Protocol will be disabled.

    Line 9 - service password-encryption will be enabled.

    Line 15 - A minimum password length of 6 characters is set (not 8, as some non-Cisco documentation states)

    Line 18 - A banner will be set

    Line 19 - Logging is set

    Line 20 - An enable secret is configured

    Line 37 - SSH is enabled for router access

The next screen gives us the option to fix the not passed issues on a per-issue basis, or to undo the passed issues.

Undo Or Fix Security Settings

Selecting Fix the Security problems presents us with a list of those perceived problems, and the option to fix them.  There is a Fix All option, but you can fix each individually as well.

Cisco SDM Fix Security Problems

After selecting Fix All and clicking Next, we're "prompted for more information to fix certain settings".  We now have to set an enable password and a login banner.

Secret Password and Login Banner

After this screen, I was prompted to configure the IOS Firewall.  Since we're covering that in depth in another CCNA Security tutorial, I won't show that config here. 

Finally, we arrive at the Summary window.   Here's just a part of that window:

CCNA Security Audit Summary

 

Clicking Finish (not shown) delivers the config, and we're done!

Cisco SDM Command Delivery

 

A whopping 89 commands have just been delivered to the router!

Now, what if you change your mind about some or all of the config you just created?

If you need to go back and change any of these settings, that's no problem - just go right back into Security Audit.  Run the audit, and then select Close to close the window with the passed / not passed messages.  On the next screen, select Undo Security Configurations.

CCNA Undo Security Configurations

You can then undo any of the listed settings on an individual basis, or you can choose Undo All.

Cisco SDM Undo Security Config

 

For plenty of additional CCNA Security exam tutorials, just click that link -- and be sure to take advantage of our CCNP Guaranteed Pass and $20 CCNA Security certification offers.

Thanks for making The Bryant Advantage part of your CCNA and CCNP studies!

Chris Bryant

CCIE #12933

"The Computer Certification Bulldog"

chris@thebryantadvantage.com

 

I'm Paying It Forward Bigger Than Ever.

My Famous CCNA Study Package Is Now $25.

CCNA Exam Study Package CCNA Boot Camp On-Demand

 

 

 

No Gimmicks -- Just Results.

Get CCNA Security Certified Today For $20.

CCNA Security Study Package

 

CCNP ISCW Study PackageCCNP Certification Exam Study Bundle

 

 

The Ultimate CCNA Study Package | The Ultimate CCNA Study Guide

Binary Math And Subnetting Mastery

Cisco Rack Rentals

CCNP BSCI Exam Study Package

CCNP BCMSN Exam Study Package

CCNP BCRAN Exam Study Package

CCNP CIT Exam Study Package | CCNP BSCI Exam Study Guide

CCNA CBT Video Boot Camp | CCNP BSCI Video Boot Camp

Cisco Training Tutorials And Cisco Certification Articles

CCNP CBT BCMSN Video Boot Camp | CCNP CBT BCRAN Video Boot Camp

CompTIA Network+ Exam Study Package

CompTIA Security+ Exam Study Package

CompTIA A + Certification Exam Study Package

CCNA Training Store | CCNP Certification Training Store

CompTIA Certification Training Store

Cisco Lab Router And Switch Home Lab Help

Site Map | Home Page | Testimonials

Microsoft Windows Vista Certification Updates And News

The Bryant Advantage Blog | About Chris Bryant, CCIE #12933