Deleted_account
JF-Expert Member
- Nov 1, 2008
- 3,385
- 3,702
kama post yenyewe inavyosema,'how to secure a switch',na pia ni juzi tu nilikuwa nasoma mambo ya Secure Shell(ssh),FTP,LDAP,etc so nimeona moja ya application zake.
Jinsi ya ku-secure switch yako ya cisco
Jinsi ya ku-secure switch yako ya cisco
- Thread starter Michael Amon
- Start date
Michael Amon
JF-Expert Member
- Dec 22, 2008
- 8,769
- 3,644
- Thread starter
- #23
Mbona sijaandika kwa kiingereza?
Michael Amon
JF-Expert Member
- Dec 22, 2008
- 8,769
- 3,644
- Thread starter
- #24
Naam, nafurahi kusikia hivyo mkuu.
Deleted_account
JF-Expert Member
- Nov 1, 2008
- 3,385
- 3,702
endelea kutupa madude,na je unaruhusu maswali?
The Monk
Platinum Member
- Oct 12, 2012
- 20,318
- 46,058
Sio mbaya sana kama unapotea, unarudi na mambo mazuri kama haya. Be blessed Young Master
Last edited by a moderator:
networker
JF-Expert Member
- Apr 23, 2011
- 570
- 217
Tukija kwenye swala la network hakuna jambo la msingi kama kuweka network yako katika hali ya usalama. Tunapoongelea usalama wa network kwa kawaida wengi wetu huwa tunafokasi kwenye usalama wa router na kubloki trafiki za nje na mara nyingi huwa tunasahau kuweka switch zetu katika hali ya usalama. Switch mara nyingi huwa zinatumika kwenye network ya ndani na zimetengezwa katika mfumo ambao unarahisha katika uunganishaji na utumiaji, hivyo mara nyingi switch huwa haziwekewi security yoyote na kama zikiwekewa basi huwekewa security yenye kikomo.
Ili kuhakikisha kuwa switch na network yako vinakuwa katika hali ya usalama ni vyema kuweka security features zifuatazo ili kuhakikisha kuwa watu wenye idhini ya kutumia switch hiyo ndio watakaokuwa na uwezo wa kuitumia.
Secure switch yako physically kwa kuifunga kwenye rack na kuweka rack yako kwenye chumba chenye usalama. Pia ni vyema kuweka kikomo cha watu ambao watakuwa na uwezo wa kuingia kwenye chumba hicho.
- Secure switch yako physically
Weka passwords yenye tarakimu zisizopungua 6 kwenye (user mode, privilege mode na VTY access) na uwe unafnaya mabadiliko ya passwords hizo mara kwa mara na usitumie maneno ambayo yapo kwenye kamusi. Tumia enable secret command kwa ajili privileged level password protection sababu inatumia advanced encryption techniques. Pia encrypt password zako zote ili zisionekane kwenye running configuration file kwa kutumia IOS command: service password-encryption.
- Weka password kwenye switch yako
SSH ni client server protocol ambayo inatumika ku-login kwenye kifaa kingine kwenye network. Inatoa authentication yenye nguvu na kuweka salama mawasiliano ambayo yapo kwenye channel zisizo salama. SSH ina encrypt login session nzima ikiwemo password.
- Wezesha SSH access
Zuia HTTP access ili asiweze mtu kuingia na kuharibu configurations kupitia web browser. Command ambayo inatumia kuzuia http access ni: no ip http server
- Zuia HTTP access
Zuia ports zote ambazo hazitumiki katika switch yako ili kuzuia uknown PC's au wireless access point kuunganisha katika ports zilizowazi kwenye switch yako. Unaweza kuzuia ports hizo kwa kutaipu shutdown command kwenye interface husika.
- Zuia ports ambazo hazitumiki
Port scurity inazuia access kwenye switch port kwa kutumia list ya mac addresses. Unaweza kuandika mac addresses hizo manually au unaweza kuifanya switch ikazilearn hizo mac addresses dyanamically. Switch port ambayo itakuwa imeunganishwa na mac address ya kifaa flani itaruhusu traffic kutoka kwenye device hiyo. Kama mtu akiweka device yenye mac address tofauti na iliyopo kwenye switch, switch hiyo automatically itaifunga port hiyo.
- Ports Security
Telnet connection huwa ina tabia ya kutuma data kwenda kwenye public network katika maandishi ambayo yanaonekana wazi. Hii inajumuisha usernames, passwords pamoja na data. Zuia telnet telnet access kwenye all networking devices kwa kuto-configure password kwenye VTY.
- Zuia Telnet
Imetayarishwa na kuandaliwa na: Young Master
Copyright © Young Master, 2013. All Rights Reserved
sikubaliani na blocking http na allowing ssh.
1-kwa ssh kama iko wel secured sawa.
kama uko ndani ya firewall na ssh yako ina weza acces njee(outbound) kwenye pc ambayo iko kwenye public net labda desktop ya nyumbani au pc yoyote nje ya firewall kwa process hii una create a tunnel na watu walio kwenye public network wana weza tumia hiyo upenyo wa ssh ku acess network nyenu.firewall yenu haiwezi ditect kama ni incoming connection badala yake itaona kama data ya connection ya outbound ya ssh ilio kuwa established,hapa attacker anafanya vyake ila kama mko very secure fine
2-kwa http how will you acces the outside world? nijuavyo you block some website like facebook -ofisini na adult sites nyumbani ila not the whole http
mtazamo wangu tu huu.
Chocs
JF-Expert Member
- Aug 21, 2012
- 8,437
- 4,828
Aayo maneno bhana,au ndo yametoholewa!!
Michael Amon
JF-Expert Member
- Dec 22, 2008
- 8,769
- 3,644
- Thread starter
- #29
Majukumu ndio yanayotufanya nipotee jukwaani but nikipata mda kama hivi nawashushia mavituz ya ukweli.
Michael Amon
JF-Expert Member
- Dec 22, 2008
- 8,769
- 3,644
- Thread starter
- #30
Mkuu cisco devices can be configured either kwa kutumia web browser au CLI yaani Command Line Interface. Kublock http acces means ninadisable mtu asiweze ku-access switch hiyo na ku-modify configurations kwa kutumia web browser.
kwenye kipengele cha kwanza sijakuelewa kidogo hivi unaelewa kazi ya SSH? Unajua kuna tofauti kubwa kati ya ku-acces na ku-login? rejea maelezo yangu kuhusu SSH.
Michael Amon
JF-Expert Member
- Dec 22, 2008
- 8,769
- 3,644
- Thread starter
- #31
maneno mengine ukitafsiri sana utajikuta unapotosha maana halisi hivyo mengine imebidi niyaache yalivyo.
networker
JF-Expert Member
- Apr 23, 2011
- 570
- 217
Ok ntai tafuta hii switch ni fanyie kazi nione,sina exp nayo.
Unga wa Kitarasa
JF-Expert Member
- Apr 3, 2012
- 398
- 101
sikiliza nikwambie mkuu anything ukifanya katka negative way lazima ufanikiwe en licha ya hivyo pia unaongeza knowledge katka kuboresha usalama coz unapo bypass na ukafanikiwa unagundua weakness iko wapi so wacha watu wajaribu mbona huwa mnapenda sana kupata trick za kutumia modem bira kulipia huoni hyo nayo ni hacking anyways tekinolojia ni pana sana bro en haipo stagnant kam watu wanavyowezA kufikir kila kukicha zina patikana njia mbadala thats y kuna vitu vinaitwa firewall na antivirus ....:yo:
Michael Amon
JF-Expert Member
- Dec 22, 2008
- 8,769
- 3,644
- Thread starter
- #34
I just wanna remind u the effects of hacking kama unataka kuhack hack ya kwako mwenyewe lakini usihack ya mtu maana ukishikwa ha ha haaa!!! Mimi yalishanikuta...anyway do it at your own risk ila yakikukuta usije ukasema hukuambiwa.
Chocs
JF-Expert Member
- Aug 21, 2012
- 8,437
- 4,828
Poa poa.
Michael Amon
JF-Expert Member
- Dec 22, 2008
- 8,769
- 3,644
- Thread starter
- #37
Ha ha haaa!!! Umenifurahisha sana mkuu.
1. interface range fa0/1-24
2. switchport mode access (unaifanya port iwe kwenye access level).
3. switchport port-security (unaTurn on port security kwenye switch yako).
4. switchport port-security maximum 1 (only one computer ndiyo itakayoweza kuwa connected kwenye hiyo port husika).
5. switchport port-security mac-address sticky (computer zilizokuwa connected kwenye ports za switch kwa wakati huo ndiyo zitakazokuwa na uwezo wa kuPing).
6. switchport port-security violation shutdown (mtu akiViolate rules, port inaShutdown).
Ninashukuru mkuu kwa kunikumbusha haya mavitu, ninajiandaa kwa online paper ya CCNA (Cisco Certified Network Associate).
SSH, Spanning-Tree Protocol, RIPv2, EIGRP, frame relay, PPP, DHCP, NAT, OSPF na IS-IS ni raha sana ukijua kuzinguana nazo kwenye cisco devices (routers).
Ukizijua configurations za cisco routers na switches ni raha sana. Kama kuna mtu ana 800 US Dollars ambazo hazina kazi, akasome course ya CCNA. Ni nzuri sana.
Sent from my BlackBerry 9300 using JamiiForums
2. switchport mode access (unaifanya port iwe kwenye access level).
3. switchport port-security (unaTurn on port security kwenye switch yako).
4. switchport port-security maximum 1 (only one computer ndiyo itakayoweza kuwa connected kwenye hiyo port husika).
5. switchport port-security mac-address sticky (computer zilizokuwa connected kwenye ports za switch kwa wakati huo ndiyo zitakazokuwa na uwezo wa kuPing).
6. switchport port-security violation shutdown (mtu akiViolate rules, port inaShutdown).
Ninashukuru mkuu kwa kunikumbusha haya mavitu, ninajiandaa kwa online paper ya CCNA (Cisco Certified Network Associate).
SSH, Spanning-Tree Protocol, RIPv2, EIGRP, frame relay, PPP, DHCP, NAT, OSPF na IS-IS ni raha sana ukijua kuzinguana nazo kwenye cisco devices (routers).
Ukizijua configurations za cisco routers na switches ni raha sana. Kama kuna mtu ana 800 US Dollars ambazo hazina kazi, akasome course ya CCNA. Ni nzuri sana.
Sent from my BlackBerry 9300 using JamiiForums
Michael Amon
JF-Expert Member
- Dec 22, 2008
- 8,769
- 3,644
- Thread starter
- #39
Naam, umenena vyema mkuu.
Mi mgeni haya mambo, ila si vibaya kujifunza kitu kipya. Thanks Young Master,
Last edited by a moderator:
Similar Discussions
-
Badilisha PC yako ya zamani kuwa Powerful MIKROTIK ROUTER- Started by QasraNet
- Replies: 25
-
Jinsi ya kutumia password kuzima simu yako- Started by Teknolojia ni Yetu sote
- Replies: 5
-
Fanya hivi ili uweze kuperuzi mitandao iliyozuiwa (blocked) bila ya kudownload VPN kwenye Kompyuta yako- Started by Fascinating
- Replies: 29
-
NAMNA YA KUREJESHA NYWILA ILIYOSAHULIKA KWENYE WINDOWS – KIUNDANI NA KWA MAJUKUMU HALALI TU Na Goodluck Maleko J
- Started by its MalekoGJ
- Replies: 1
-
Jinsi ya kufungua simu uliyosahau password kwa kutumia kompyuta- Started by jamaikatz
- Replies: 14