- #Mitigate mac address flooding on all cisco devices software#
- #Mitigate mac address flooding on all cisco devices password#
To enable SSH on a Catalyst 2960 switch, the switch must be using a version of the IOS software including cryptographic (encrypted) features and capabilities.
#Mitigate mac address flooding on all cisco devices password#
However, if a Wireshark capture is made on the SSH session, the fourth graphic in the online course shows how the username and password are encrypted. The attacker can track the session using the IP address of the administrator device. P.vt100.BBoobbĬlick on the third graphic in the online course to see a Wireshark view of an SSH session. In the following output, you can see how the attacker can capture the username and password of the administrator from the plaintext Telnet session. A Telnet stream can be targeted to capture the username and password. Look at the online course, and select the first graphic to see how an attacker can monitor packets using a product such as Wireshark. SSH provides security for remote connections by providing strong encryption when a device is authenticated (username and password) and also for the transmitted data between the communicating devices.
Telnet is an older protocol that uses insecure plaintext transmission of both the login authentication (username and password) and the data transmitted between the communicating devices. SSH should replace Telnet for management connections. Secure Shell (SSH) is a protocol that provides a secure (encrypted) management connection to a remote device. Telnet has already been covered, but SSH is a much better method used to securely manage the switch from a remote location. There are different methods that can be used to secure a switch including Telnet and SSH. By understanding the attacks and the available tools and countermeasures, a technician can be better prepared to secure the switch and make use of the tools and security commands. Also important is learning the types of attacks that can be launched on, toward, or through a switch. Learning the different methods used to secure a switch is important. When you take a new switch out of the box, the first thing the network engineer does is secure the switch and assign it an IP address, subnet mask, and default gateway so the switch can be managed from a remote location. Switch Security: Management and Implementation (2.2)