Contact me on Skype

Skype Id - tauseefahmadlko

If you want IT go and get IT

Good things come to those who wait, but better things come to those who go out and get them .

Connect IT now

The new information technology... Internet and e-mail... have practically eliminated the physical costs of communications. - Peter Drucker

Tuesday, April 28, 2015

Privilege Levels in Cisco IOS

A useful management tool available in IOS is the one that gives you the ability to assign levels of
privilege. Privilege levels are assigned to both users and commands. The privilege levels range
from 0 to 15. By default, commands are assigned either level 1 or level 15. Those commands that
need to be executed in privileged EXEC mode are level 15 commands. With a few exceptions,
those commands that can be executed in user EXEC mode are level 1 command. A small number
of commands are level 0 commands. These commands include enabledisableexitlogout, and
help. Level 0 commands can be executed at any level.

A user operating in privileged EXEC mode is a level 15 user. A user operating in user EXEC
mode is a level 1 user. Commands and users can be assigned a privilege level different from their
default. The way the privileges work is a higher level has the same rights as the lower levels
beneath it. For instance, a level 10 user (if you set one up) can do everything users at levels 9
through 0 can do. Level 15 users can execute all commands.

Commands can be reassigned a different level of privilege as well. You can raise or lower the
level of privilege on any command. Privilege levels on commands are assigned using the
Privilege command; the command syntax is as follows. Use global configuration mode for this
command.

    privilege level <0 – 15> 

This feature is quite useful as it allows us to create various levels of users with custom rights to
IOS commands. Imagine if you had a number of administrators with limited knowledge of the
workings of IOS. But you need their help with certain specific tasks such as shutting down and
re-enabling an interface or adding users to an access server. You can configure the router or
access server so that depending upon the password provided, the user will be assigned a specific
level of privilege and will only be allowed to use commands assigned to that level and below.

Privilege levels for users can be set in a number of ways via the IOS. They can be set
permanently on a line using the privilege level command; at the command prompt using the
enable command; or when logging in using the username command.

To set the default privilege level for a line, use the privilege level command in line configuration
mode. The syntax is as follows: privilege level <0 – 15>.

To interactively reset the level of privilege from the command line, use the enable command.
The command syntax is enable <0 – 15>. The command can be executed in any EXEC mode. If
you leave off the level number, the router assumes you mean 15. It is advisable to set up an
“enable secret” password for each level of privilege. Be sure each level’s password is different
and that the passwords are only known to users within the appropriate level. The syntax for this
command is enable secret level <1-15> .

The most common way to assign levels of privilege is to do so based on the user’s username.
The IOS allows you to create and use username/password pairs in your router configuration for
authentication purposes. Along with the authentication process, the user can be assigned as level
of privilege.

Examples:

In the example below, we have created three custom user levels using level numbers 2, 3, and 4.
Level 2 users can do show commands as well as all commands in levels below. By default, level
1 users can do most show commands. But after issuing the command privilege exec level 2
show in our configuration, it will no longer be possible. Level 3 users are permitted to issue the
command show ip route, but level 2 users cannot. Level 4 and above users can issue the show
access-list command as well as any command in levels below.

    Router(config)# privilege exec level 2 show
    Router(config)# privilege exec level 3 show ip route
    Router(config)# privilege exec level 4 show access-list

The example below shows us assigning level 2 to any user that enters the router via telnet. It
assigns level 3 to any user that enters via the auxiliary port. And it assigns level 4 to anyone that
enters via the console port.

    Router(config)# line vty 0 4
    Router(config-line)# privilege level 2
    Router(config-line)# line aux 0
    Router(config-line)# privilege level 3
    Router(config-line)# line console 0
    Router(config-line)# privilege level 4

The example below creates a separate password for each custom level of privilege. If a user
issues the command enable 2, that user will be prompted for the password “twopass”. A level
three request will require the level three password and so on.

    Router(config)# enable secret level 2 twopass
    Router(config)# enable secret level 3 threepass
    Router(config)# enable secret level 4 fourpass

The example below creates three users: bob, fred, and sam. Bos is a level 2 user. Fred is a level 3
user. Sam is a level 4 user. To have the router prompt for username and password when logging
in, use the command login local in your line configuration mode.

    Router(config)# username bob privilege 2 password bobpass
    Router(config)# username fred privilege 3 password fredpass
    Router(config)# username sam privilege 4 password sampass
    Router(config)# line vty 0 4
    Router(config-line)# login local
source - http://networkingtips-tricks.blogspot.com/2010/04/privilege-levels-in-cisco-ios.html

Tuesday, April 21, 2015

CCNA Security - Implementing Cisco IOS Network Security (IINS) 2.0

CCNA Security

The Cisco Networking Academy CCNA Security course provides a next step for individuals who want to enhance their CCNA-level skill set and help meet the growing demand for network security professionals. The curriculum provides an introduction to the core security concepts and skills needed for the installation, troubleshooting, and monitoring of network devices to maintain the integrity, confidentiality, and availability of data and devices.

CCNA Security includes the following features:
  • Students develop an in-depth, theoretical understanding of network security principles as well as the tools and configurations available.
  • The courses emphasize the practical application of skills needed to design, implement, and support network security.
  • Hands-on labs help students develop critical thinking and complex problem-solving skills.
  • Packet Tracer simulation-based learning activities promote the exploration of networking security concepts and allow students to experiment with network behavior and ask what if questions.
  • Innovative assessments provide immediate feedback to support the evaluation of knowledge and acquired skills.
CCNA Security is a hands-on, career-oriented e-learning solution with an emphasis on practical experience to help students develop specialized security skills to advance their careers. The curriculum helps prepare students for entry-level security career opportunities Implementing Cisco IOS Network Security (IINS) certification exam (640-553) leading to the Cisco CCNA Security certification.
Who should enrollPrerequisites
College and university-level students seeking career-orientated, entry-level security specialist skills.CCNA-level networking concept and skills.
IT professionals wishing to broaden or add specialized skills to their technology expertise.Basic PC and internet navigation skills.
Current CCNA certification holders who wish to build on their CCNA knowledge base.Students can acquire the CCNA-level routing and switching skills needed for success in this course by completing CCNA Discovery or CCNA Exploration.

Where Do I Start With SASE Evaluations?

Gartner® Report: Where Do I Start With SASE Evaluations? Where to start with SASE Secure access service edge (SASE) is revolutionizing the w...