Posts Tagged ‘network time protocol’
September 5th, 2009 | 
Author: In today’s article, I’m going to quickly inform you about the Privileged EXEC command named “auto secure”.
Network administrators (like you) use the “auto secure” command to secure the management and forwarding planes of a router.
Another way of saying it is, CCNAs use this command to secure a router by disabling common IP services which can be exploited by attackers to initiate network attacks. When the command is typed on a router, it takes the user (ccna) thru a command line-interface (CLI) semi-interactive session (which is also known as the AutoSecure dialogue).
Below is the command’s syntax:
auto secure [management | forwarding] [no-interact | full] [ntp | login | ssh | firewall | tcp-intercept]
As you can see, the command can use several “optional” keywords:
management – This (optional) keyword is used to only secure the management plane of a router.
forwarding – This (optional) keyword is used to only secure the forwarding plane of a router.
no-interact – A CCNA uses this (optional) keyword if he or she doesn’t want to be prompted for any interactive configurations. (If this optional keyword is not used, the user will be shown the noninteractive configuration and the interactive configurations)
full – This (optional) keyword is used to indicate that the user (ccna) wants to be prompted for all interactive questions. (If this optional keyword is not used, the router will behave this way by default)
ntp – This optional keyword is used to specify the configuration of the Network Time Protocol (NTP) feature in the AutoSecure command line-interface (CLI).
login – This (optional) keyword is used to specify the configuration of the Login feature in the AutoSecure CLI.
ssh – This (optional) keyword is used to specify the configuration of the Secure Shell (SSH) feature in the AutoSecure CLI.
firewall – This (optional) keyword is used to specify the configuration of the firewall feature in the AutoSecure CLI.
tcp-intercept – And, this (optional) keyword is used to specify the configuration of the TCP-Intercept feature in the AutoSecure CLI.
Below is an example of the command being used:
Router>enable
Router#auto secure
— AutoSecure Configuration —
*** AutoSecure configuration enhances the security of
the router, but it will not make it absolutely resistant
to all security attacks ***
AutoSecure will modify the configuration of your device.
All configuration changes will be shown. For a detailed
explanation of how the configuration changes enhance security
and any possible side effects, please refer to Cisco.com for
Autosecure documentation.
At any prompt you may enter ‘?’ for help.
Use ctrl-c to abort this session at any prompt.
As you can see, once the command is typed into the router, the user (ccna) is informed about the CLI semi-interactive session.
Well, I would like to go on and on explaining this command in greater detail, but to do so would make this article extremely lengthy.
But, if you decide to use this command to harden your router(s), make sure your router(s) is running Cisco IOS 12.3(4)T or higher.
I hope this article was very informative and helped you quickly understand the usage of the auto secure command. If you need to learn more; I suggest you visit my website, were you’ll find the latest information regarding the Cisco CCNA (640-553) Security exam techniques.
To your success,
Charles Ross, CCNP #CSCO10444244 is the owner of Ittechtips.com; where you’ll find free comprehensive information and videos on how to pass the CCNA (640-553) security exam.
Sign-Up for “100 Free Videos” and, also learn more about the new “Cisco CCNA (640-553) Video Accelerated Training Course” at his website. http://www.ittechtips.com
Article Source: Cisco CCNA (640-553) Security Exam Training: Using the “auto secure” command
Network Time Protocol (NTP) provides algorithms and defines messages for the synchronisation of time clients to an accurate time reference. This article discusses how to configure a Linux NTP Time Server to synchronise time with an Internet based public NTP Server.
NTP server systems fall into two categories: primary reference servers and secondary reference servers. Primary reference servers use an external timing reference to provide time, such as GPS or radio clocks. Secondary reference servers synchronise with primary reference NTP servers and offer slightly reduced accuracy. Primary reference servers are designated stratum 1 servers, while secondary servers have a stratum greater than 1.
The NTP Distribution
The NTP source code is freely available from the Network Time Protocol web site. The current version available for download is 4.2.4. NTP is available for the Linux operating systems with ports available for Windows NT. Once the source code is downloaded, it should be configured, compiled and installed on the host machine. Many Linux operating systems, such as RedHat, offer NTP RPM packages.
Configuring NTP
The ‘ntp.conf’ file is main source of configuration information for a NTP server installation. Amongst other things, it contains a list of reference clocks that the installation is to synchronise. A list of NTP server references is specified with the ‘server’ configuration command thus:
server time-a.nist.gov # NIST, Gaithersburg, Maryland NTP server
server time-c.timefreq.bldrdoc.gov # NIST, Boulder, Colorado NTP server
Controlling the NTP Server Daemon
Once configured, the NTP daemon can be started, stopped and restarted using the commands: ‘ntpd start’; ‘ntpd stop’ and ‘ntpd restart’. The NTP server daemon can be queried using the ‘ntpq –p’ command. The ntpq command queries the NTP server for synchronisation status and provides a list of servers with synchronisation information for each server.
NTP Access Control
Access to the NTP server can be restricted using the ‘restrict’ directive in the ntp.conf file. You can restrict all access to the NTP server with:
restrict default ignore
To only allow machines on your own network to synchronize with the server use:
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
Multiple restrict directives can be specified in the ntp.conf file to restrict access to a specified range of computers.
Authentication Options
Authentication allows a matching passwords to be specified by the NTP server and associated clients. NTP keys are stored in the ntp.keys file in the following format: Key-number M Key (The M stands for MD5 encryption), e.g.:
1 M secret
5 M RaBBit
7 M TiMeLy
10 M MYKEY
In the NTP configuration file ntp.conf, specify which of the keys specified above are trusted, i.e. are secure and you want to use. Any keys specified in the keys file but not trusted will not be used for authentication, e.g.:
trustedkey 1 7 10
The NTP server is now configured for authentication.
Client Configuration for Authentication
The client needs to be configured with similar information as the server, however, you may use a subset of the keys specified on the server. A different subset of keys can be used on different clients, e.g.:
Client A)
1 M secret
7 M TiMeLy
trustedkey 1 7
Client B)
1 M secret
5 M RaBBit
7 M TiMeLy
10 M MYKEY
trustedkey 7 10
Essentially authentication is used by the client to authenticate that the time server is who he says he is, and that no rogue server intervenes. The key is encrypted and sent to the client by the server where it is unencrypted and checked against the client keys to ensure a match.
Did you find this article useful? For more useful tips and hints, points to ponder and keep in mind, techniques, and insights pertaining to credit card, do please browse for more information at our websites.
http://www.yoursgoogleincome.com
http://www.freeearningtip.com
Article Source: How to Configure your Linux NTP Server
The way a computer deals with time is totally different to the ways humans perceive it. We arrange time into seconds, minutes, hours, days, weeks, months and years, while computers on the other hand arrange time as a single number representing the seconds that have passed from a single point in time, known as the prime epoch.
Most computers use NTP (Network Time Protocol) to deal with time and on networks many are synchronised using a dedicated NTP time server. NTP knows nothing about days, years or centuries, only the seconds from the prime epoch. This prime epoch is set (for most systems) at midnight at the turn of the century twentieth century that for a human would be recorded as something like: 00:00 – 01,01,1900.
Computers, however, count time as the number of seconds past this point. If a computer was around in 1900 its timestamp on midnight January 1 would be 0 while in 1972 at the same date the timestamp would be 2,272,060,800, which represents the number of seconds since 1900.
The timestamps restart every 136 years with the next wrap around due in 2036, this has caused uneasiness amongst some who fear a Millennium Bug type scenario, although most doubt such events would occur, however, when a wrap-around of the timestamp does happen an era integer will be added (+1), to allow computers to deal with time spans that cover more than one wrap-around. If computers and NTP need to deal with time that spans before the prime epoch a negative integer is used (for the year 1500 a -3 will be used to represent three cycles of 136 years).
Timestamps are used in virtually every transaction that modern computers are tasked to do such as sending emails, debugging and programming. Because time is linear, a computer knows that each timestamp is always greater than the previous one and therefore computers and NTP find it difficult to deal with inaccuracies in time, particularly when time suddenly appears to go backwards.
This can happen if computers are not synchronised to the same time. If an email is sent to a machine with a slower clock, it appears to the computer to have been received before it has been sent. Lack of synchronisation can serious problems and can even leave a system vulnerable to malicious attacks and even fraud.
Because of this, most computer networks are synchronised to UTC (Coordinated Universal Time). UTC is a global timescale and the same for everybody worldwide it is based on the time told by atomic clocks which are highly accurate, neither gaining nor losing a second in millions of years.
Most computer networks use a dedicated NTP time server to receive a UTC time to synchronise their computers too. UTC is available from across the Internet (although unsecured), via the GPS network (Global Positioning System), or by receiving national time and frequency broadcasts via long wave.
NTP synchronises a computer by checking the received UTC time and adding to or holding a computer’s timestamp until it perfectly matches UTC. By using a dedicated NTP time server UTC can be maintained on a network to a few milliseconds of UTC time.
Richard N Williams is a technical author and specialist in atomic clocks, telecommunications, NTP and network time synchronisation helping to develop dedicated NTP clocks. Please visit us for more information about a network time server or other NTP server solutions.
Technology Advisory Board Use of Spy Gear for Nanny Cams and Hidden Cameras
Article Source: NTP – Understanding Computer Timestamps
In today’s Cisco practice exam, we’ll take a look at Frame Relay traffic congestion indicators, Network Time Protocol, and other important exam topics. Let’s get started!
CCNA And CCENT Certification:
What purposes do the BECN, FECN, and DE bits in Frame Relay serve?
Answer: When a frame arrives at a router with the FECN bit set, that means congestion was encountered in the direction in which the frame was traveling.
When a frame arrives at a router with the BECN bit set, congestion was encountered in the opposite direction in which the frame was traveling.
Frames are sometimes dropped as a result of congestion, and frames with the DE bit set will be dropped before frames without that bit set. Basically, setting the DE bit on a frame indicates data that’s considered less important than data without the DE bit set.
CCNA Security / ISCW Exam:
You’re configuring authentication in your Network Time Protocol deployment. What authentication options are available in NTP?
A. MD5
B. Bellman-Ford
C. clear text
D. CHAP
E. PAP
F. None
Answer: A. MD5 is the only option, as shown by IOS Help:
R1(config)#ntp authentication-key 1 ?
md5 MD5 authentication
BSCI Exam:
What device sits at the top of a multicast tree?
A. The source of the packets
B. The destination of the packets
C. A multilayer switch
D. The root bridge
Answer: A. The packet source is found at the top of our multicast tree.
BCMSN Exam:
A router or multilayer switch goes through the following stages in HSRP. Put the stages in order, from beginning to end.
A. Listen
B. Learn
C. Active
D. Disabled
E. Init
F. Speak
G. Standby
Answer: Here’s the order without the letters:
Disabled, Init, Learn, Listen, Speak, Standby, Active
I’ll have a new CCNP exam tutorial on this subject on the website over the weekend, with a link here in the blog!
ONT Exam:
When it comes to configuring COPP and applying it to the Control Plane, in which direction(s) can QoS be applied?
A. Both inbound and outbound
B. Inbound only
C. Outbound only
D. Neither inbound nor outbound
Answer: This can be applied on an inbound and outbound basis.
Look for more Cisco videos, practice exams, and fully-illustrated tutorials on my website!
Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage, home of free
CCNA Wireless exam tutorials.
Get your
CCNA with this special offer from The Bryant Advantage!
Article Source: Cisco CCNA, CCNP, and Security Practice Exam: Frame Relay, NTP, Authentication, And More!