Chap 14 & 15 LABS
You recognize that the threat of malware is increasing and have implemented Windows Defender on your office's computers. In this lab, your task is to configure Windows Defender as follows: Add a file exclusion for D:\Graphics\cat.jpg. Add a process exclusion for welcome.scr. Update protection definitions prior to performing a scan. Perform a quick scan.
1. Add a file exclusion. Select Start. Select Settings. Select Update & Security. Select Windows Security. Maximize the window for easier viewing. Select Virus & threat protection. Under Virus & threat protection settings, select Manage settings. Under Exclusions, select Add or remove exclusions. Select the + (plus sign) next to Add an exclusion. From the drop-down lists, select File. Under This PC, select Data (D:). Double-click Graphics. elect cat.jpg. Select Open. 2. Add a process exclusion. Select the + (plus sign) next to Add an exclusion. From the drop-down lists, select Process. In the Enter process name field, enter welcome.scr for the process name. Select Add. 3. Update protection definitions. In the left menu, select the shield icon. Under Virus & threat protection updates, select Check for updates. Select Check for updates. 4. Perform a quick scan. In the left menu, select the shield icon. Under Current threats, select Quick scan to run a quick scan now.
As an IT administrator, you need to know how security breaches are caused. You know that SMAC is used for MAC spoofing, so you are going to spoof your MAC address. In this lab, your task is to complete the following: On Office2, use ipconfig /all and find the IP address and MAC address. Spoof the MAC address on ITAdmin to that of Office2 using SMAC. Refresh your MAC and IP addresses to match the target machine.
1. Find the IP address and MAC address. Right-click Start and select Windows PowerShell (Admin). At the command prompt, type ipconfig /all and press Enter. Find and write down the MAC address 00:00:55:55:44:15 and the IP address 192.168.0.33. 2. Spoof the MAC address. From the top navigation tabs, select Floor 1 Overview. Under IT Administration, select ITAdmin. In the search bar, type SMAC. Under Best match, right-click SMAC and select Run as administrator. In the New Spoofed Mac Address field, type 00:00:55:55:44:15 for the MAC address from Office2. Select Update MAC. Select OK to restart the adapter. 3. Refresh your MAC and IP addresses. Right-click Start and select Windows PowerShell (Admin). At the command prompt, type ipconfig /all and press Enter to confirm the MAC address has been updated on ITAdmin. Type ipconfig /renew and press Enter to update the IP address.Notice that the IP address on ITAdmin is now the same as the IP address on Office2.
You are the IT security administrator for a small corporate network. The HR director is concerned that an employee is doing something sneaky on the company's employee portal and has authorized you to hijack his web session so you can investigate. In this lab, your task is to hijack a web session as follows: On IT-Laptop, use Ettercap to sniff traffic between the employee's computer in Office1 and the gateway. Initiate a man-in-the-middle attack to capture the session ID for the employee portal logon. On Office1, log in to the employee portal on rmksupplies.com using Chrome and the following credentials:Username: bjacksonPassword: $uper$ecret1 On IT-Laptop, copy the session ID detected in Ettercap. On Office2, navigate to rmksupplies.com and use the cookie editor plug-in in Chrome to inject the session ID cookie. Verify that you hijacked the session.
1. On IT-Laptop, open Terminal from the sidebar. 2. At the prompt, type host office1 and press Enter to get the IP address of Office1. 3. Type route and press Enter to get the gateway address. 4. Use Ettercap to sniff traffic between Office1 and the gateway. From the Favorites bar, open Ettercap.Maximize the window for easier viewing. Select Sniff > Unified sniffing. From the Network Interface drop-down list, select enp2s0.Select OK. Select Hosts > Scan for hosts. Select Hosts > Host list. We want to target information between Office1 (192.168.0.33) and the gateway (192.168.0.5). Under IP Address, select 192.168.0.5.Select Add to Target 1. Select 192.168.0.33.Select Add to Target 2. 5. Initiate a man-in-the-middle attack. Select Mitm > ARP poisoning. Select Sniff remote connections. Select OK. You are ready to capture traffic. 6. On Office1, log in to the employee portal on rmksupplies.com. From the top navigation tabs, select Floor 1 Overview. Under Office 1, select Office1. From the taskbar, open Chrome. Maximize the window for easier viewing. In the URL field, enter rmksupplies.com. Press enter. At the bottom of the page, select Employee Portal. In the Username field, enter bjackson. In the Password field, enter $uper$ecret1. Select Login. You are logged into the portal as Blake Jackson. 7. On IT-Laptop, copy the session ID detected in Ettercap. From the top navigation tabs, select Floor 1 Overview. Under IT Administration, select IT-Laptop. In the Ettercap console, find bjackson's username, password, and session cookie (.login) captured in Ettercap. Highlight the session ID. Press Ctrl + C to copy. 8. On Office2, go to rmksupplies.com and use the cookie editor plug-in to inject the session ID cookie. From the top navigation tabs, select Floor 1 Overview. Under Office 2, select Office2. From the taskbar, open Chrome. Maximize the window for easier viewing.In Chrome's URL field, enter rmksupplies.com.Press Enter. In the top right corner, select cookie to open the cookie editor. At the top, select the plus + sign to add a new session cookie. In the Name field, enter .loginIn the Value field, press Ctrl + V to paste in the session cookie you copied from Ettercap. Make sure rmksupplies.com is in the Domain field. Select the green check mark to save the cookie. Click outside the cookie editor to close the editor. 9. At the bottom of the rkmsupplies page, select Employee Portal.You are now on Blake Jackson's web session.
You're the IT security administrator for a small corporate network. You need to increase the security on the switch in the networking closet by restricting access management and by updating the switch's firmware. In this lab, your task is to: Create an access profile called MgtAccess and configure it with the following settings:SettingValueAccess Profile NameMgtAccessRule Priority1Management MethodAllActionDenyApplies to InterfaceAllApplies to Source IP addressAll Add a profile rule to the MgtAccess profile with the following settings:SettingValueRule Priority2Management MethodHTTPActionPermitApplies to interfaceAllApplies to Source IP addressUser definedIP Version: Version 4IP Address: 192.168.0.10Network Mask: 255.255.255.0 Set the MgtAccess profile as the active access profile. Save the changes to the switch's startup configuration file. Update the firmware image to the latest version by downloading the firmware files found inC:\Sx300_Firmware\Sx300_FW-1.2.7.76.ros.
Create an access profile. From the left menu, expand Security. Expand Mgmt Access Method. Select Access Profiles. Under Access Profile Table, select Add. Enter the access profile name. Enter the rule priority. Under Management Method, make sure All is selected. Enter the action. Under Applies to Interface, make sure All is selected. Under Applies to Source IP Address, make sure All is selected. Select Apply. Select Close. Add a profile rule. From the left menu, select Profile Rules under Mgmt Access Method. Select the MgtAccess profile. Select Add. Enter the rule priority. Select the management method. Under Action, make sure Permit is selected. Under Applies to Interface, make sure All is selected. Under Applies to Source IP Address, select User Defined. Under IP Version, make sure Version 4 is selected. Enter the IP address. Enter the network mask. Select Apply. Select Close. Set the MgtAccess profile as the active access profile. From the left menu, select Access Profiles. From the Active Access Profile drop-down list, select MgtAccess. Select Apply. Select OK. Save the changes to the switch's startup configuration file. At the top, select Save .Under Source File Name, make sure Running configuration is selected. Under Destination File Name, make sure Startup configuration is selected. Select Apply. Select OK. Upgrade the firmware image to the latest version. From the left menu, select Getting Started. Select Upgrade Device Software. Under File Name, select Choose File. Browse to and select C:\Sx300_Firmware\Sx300_FW-1.2.7.76.ros. Select Open. Select Apply. Select OK. Under File Management in the left menu, select Active Image. Under Active Image After Reboot, select Image 2 from the drop-down list. Select Apply. From the left menu under Administration, select Reboot. Select Reboot. Select OK. Log back in as user ITSwitchAdmin with the password Admin$0nly2017 (0 is zero). Select Log In.
You're the IT security administrator for a small corporate network. You need to increase the security on the switch in the Networking Closet by creating an access control list. You have been asked to prevent video game consoles from connecting to the switch. In this lab, your task is to: Create a MAC-based ACL named GameConsoles. Configure the GameConsoles MAC-based access control entry (ACE) settings as follows:PriorityActionDestination MAC AddressSource MAC Address1DenyAnyValue: 00041F111111Mask: 0000001111112DenyAnyValue: 005042111111Mask: 0000001111113DenyAnyValue: 000D3A111111Mask: 0000001111114DenyAnyValue: 001315111111Mask: 0000001111115DenyAnyValue: 0009BF111111Mask: 0000001111116DenyAnyValue: 00125A111111Mask: 000000111111 Bind the GameConsoles ACL to the GE1-GE30 interfaces.
Create the GameConsoles ACL as follows: Under Getting Started, select Create MAC-Based ACL. Select Add. Enter the ACL name. Select Apply. Select Close. Create MAC-based access control as follows: Select MAC-Based ACE Table. Select Add. c. Enter the priority. Select the action. Under Destination MAC Address, make sure Any is selected. Under Source MAC Address, select User Defined. Enter the destination MAC address value. Enter the destination MAC address mask. i. Select Apply. Repeat steps 2c-2i for the additional ACE entries.Select Close. Bind the GameConsoles ACL to all the interfaces as follows: Under Access Control, select ACL Binding. Select GE1.At the bottom of the window, select Edit. Select Select MAC-Based ACL. Select Apply. Select Close. Select Copy Settings. In the Copy configuration to field, enter GE2-GE30. Select Apply. Save the Configuration as follows: At the top of the window, select Save. Under Source File Name, make sure Running configuration is selected. Under Destination File Name, make sure Startup configuration is selected. Select Apply. Select OK.
You work for a penetration testing consulting company. During an internal penetration test, you find that VNC is being used on the network, which violates your company's security policies. It was installed by a malicious employee to help them maintain access. Run a scan using nmap to discover open ports on host machines to find out which host machines are using port 5900 for VNC. In this lab, your task is to complete the following: Use Zenmap to scan for open port 5900 running VNC. Use the table below to help you identify the computer. Go to the suspect computer and uninstall VNC. From the suspect computer, run netstat to verify that the ports for VNC are closed.IP AddressComputer192.168.0.30Exec192.168.0.31ITAdmin192.168.0.32Gst-Lap192.168.0.33Office1192.168.0.34Office2192.168.0.35Support192.168.0.36IT-Laptop
From the Favorites bar, open Zenmap. In the Command field, type nmap -p 5900 192.168.0.0/24. Select Scan. From the results, find the computer with port 5900 open. From the top navigation tabs, select Floor 1 Overview. Under Support Office, select Support. From the Favorites bar, open Terminal. At the prompt, type netstat and press Enter to confirm the port is open on the machine. Type dnf list vnc and press Enter to find the package name. Type dnf erase libvncserver and press Enter. Press Y and press Enter to uninstall the package. Type netstat and press Enter to confirm that the port has been closed on the machine.
You are the IT security administrator for a small corporate network. You need to secure access to your switch, which is still configured with the default settings. Access the switch management console through Chrome on http://192.168.0.2 with the username cisco and password cisco. In this lab, your task is to: Create a new user account with the following settings: User Name: ITSwitchAdmin Password: Admin$0nly2017 (0 is zero)User Level: Read/Write Management Access (15) Edit the default user account as follows: Username: cisco Password: CLI$0nly2017 (0 is zero) User Level: Read-Only CLI Access (1) Save the changes to the switch's startup configuration file.
From the taskbar, open Chrome. In the URL field, enter 192.168.0.2 and press Enter. Maximize the window for easier viewing. Enter the username. Enter the password. Select Log In. From Getting Started under Quick Access, select Change Device Password. Create a new user account. Select Add.Enter the username. Enter the password. In the Confirm Password field, enter the password. Under User Level, make sure Read/Write Management Access (15) is selected. Select Apply. Select Close. Edit the default user account. Select the default user. Select Edit. Make sure the username is cisco. Enter the password. In the Confirm Password field, enter the password. Under User Level, make sure Read-Only CLI Access (1) is selected. Select Apply. Select Close. Save the configuration. From the top of the window, select Save. Under Source File Name, make sure Running configuration is selected. Under Destination File Name, make sure Startup configuration is selected. Select Apply .Select OK.
You are the CorpNet IT administrator. Your support team says that CorpNet's customers are unable to browse to the public-facing web server. You suspect that it might be under some sort of denial-of-service attack, possibly a TCP SYN flood attack. Your www_stage computer is on the same network segment as your web server, so you'll use this computer to investigate the problem. In this lab, your task is to: Capture packets from the network segment on www_stage using Wireshark. Analyze the attack using the following filters:tcp.flags.syn==1 and tcp.flags.ack==1tcp.flags.syn==1 and tcp.flags.ack==0 Answer the question.
Q1 What indicates that this is a distributed denial-of-service (DDoS) attack? There are multiple source addresses for the SYN packets with the destination address 198.28.1.1. From the Favorites bar, open Wireshark. Maximize the window for easier viewing. Under Capture, select enp2s0. From the menu, select the blue fin to begin the capture. In the Apply a display filter field, type tcp.flags.syn==1 and tcp.flags.ack==1 and press Enter to filter the Wireshark display to only those packets with both the SYN flag and ACK flag.This could take up to a minute or longer before any SYN-ACK packets are captured and displayed. Select the red square to stop the capture. In the Apply a display filter field, change the tcp.flags.ack ending from 1 to 0 and press Enter to filter the Wireshark display to packets with only the SYN flag.Notice that there are a flood of SYN packets being sent to 198.28.1.1 (www.corpnet.xyz) that were not being acknowledged. In the top right, select Answer Questions. Answer the question. Select Score Lab.
You are the IT administrator at a small corporate office. You just downloaded a new release for a program you use. You need to make sure the file was not altered before you received it. Another file containing the original file hash was also downloaded. The files are located in C:\Downloads. In this lab, your task is to use MD5 hash files to confirm that the Release.zip file was unaltered as follows: Use Windows PowerShell to generate a the calculated file hash for Release.zip. Examine the release821hash.txt file for the known hash. Compare the known hash of the Release.zip file to its calculated hash in PowerShell to see if they match.Use the "calculated hash" -eq "known hash" command.The calculated hash is the hash generated by the get-filehash file_name -a md5 command, and the known hash is the hash generated by the get-content file_name.txt command.Remember to include the quotation marks and the file extensions with the file names in the commands. Answer the question.
Q1 Do the file hashes match? No Right-click Start and select Windows PowerShell (Admin). At the prompt, type cd \downloads and press Enter to navigate to the directory that contains the files. Type dir and press Enter to view the available files. Type get-filehash Release.zip -a md5 and press Enter to view the calculated MD5 hash. Type get-content release821hash.txt and press Enter to view the known hash contained in the .txt file. Type "calculated hash" -eq "known hash" and press Enter to determine if the file hashes match. In the top right, select Answer Questions. Answer the question. Select Score Lab.
You are the cybersecurity specialist for your company. You need to check to see if any clear text passwords are being exposed to hackers through an HTTP login request. In this lab, your task is to analyze HTTP POST packets as follows: Use Wireshark to capture all packets. Filter the captured packets to show only HTTP POST data. Examine the packets captured to find clear text passwords. Answer the questions.
Q1 How many HTTP POST packets were captured? 3 Q2 What is the source IP address of the packet containing the clear text password? 192.168.0.98 Q3 What is the clear text password captured?St0ne$@ From the Favorites bar, open Wireshark. Under Capture, select enp2s0. Select the blue fin to begin a Wireshark capture. Capture packets for five seconds. Select the red box to stop the Wireshark capture. Maximize Wireshark for easier viewing. In the Apply a display filter field, type http.request.method==POST and press Enter to show the HTTP POST requests. From the middle pane, expand HTML Form URL Encoded for each packet. Examine the information shown to find clear text passwords. In the top right, select Answer Questions. Answer the questions. Select Score Lab.
You are the IT administrator for a small corporate network. You need to find specific information about the packets being exchanged on your network using Wireshark. In this lab, your task is to: Use Wireshark to capture packets from the enp2s0 interface. Use the following Wireshark filters to isolate and examine specific types of packets:net 192.168.0.0host 192.168.0.34tcp contains password Answer the questions.
Q1 What is the affect of the net 192.168.0.0 filter in Wireshark? Packets with either a source or destination address on the 192.168.0.0 network are displayed. Q2 What is the affect of the host 192.168.0.34 filter in Wireshark? Packets with 192.168.0.34 in either the source or destination address are displayed. Q3 What is the captured password? St@y0ut!@ 1. Begin a Wireshark capture. From the Favorites bar, open Wireshark. Under Capture, select enp2s0. Select the blue fin to begin a Wireshark capture. 2. Apply the net 192.168.0.0 filter. In the Apply a display filter field, type net 192.168.0.0 and press Enter. Look at the source and destination addresses of the filtered packets. In the top right, select Answer Questions. Under Lab Questions, answer Question 1. 3. Apply the host 192.168.0.34 filter. In the Apply a display filter field, type host 192.168.0.34 and press Enter. Look at the source and destination addresses of the filtered packets. Under Lab Questions, answer Question 2. 4.Apply the tcp contains password filter. In the Apply a display filter field, type tcp contains password and press Enter. Select the red box to stop the Wireshark capture. Locate the password in the captured packet. Under Lab Questions, answer Question 3. Select Score Lab.
You are the IT administrator for a small corporate network, and you want to know how to find and recognize an ICMP flood attack. You know that you can do this using Wireshark and hping3. In this lab, your task is to create and examine the results of an ICMP flood attack as follows: From Kali Linux, start a capture in Wireshark for the esp20 interface. Ping CorpDC at 192.168.0.11. Examine the ICMP packets captured. Use hping3 to launch an ICMP flood attack against CorpDC. Examine the ICMP packets captured. Answer the question.
Q1 What is the main difference between a normal icmp (ping) request and an icmp flood? (Select TWO). With the icmp flood, the icmp packets are sent more rapidly., With the flood, all packets come from the source. From the Favorites bar, open Wireshark. Under Capture, select enp2s0. Select the blue fin to begin a Wireshark capture. From the Favorites bar, open Terminal. At the prompt, type ping 192.168.0.11 and press Enter. After some data exchanges, press Ctrl + c to stop the ping process. In Wireshark, select the red box to stop the Wireshark capture. In the Apply a display filter field, type icmp and press Enter.Notice the number of packets captured and the time between each packet being sent. Select the blue fin to begin a new Wireshark capture. In Terminal, type hping3 --icmp --flood 192.168.0.11 and press Enter to start a ping flood against CorpDC. In Wireshark, select the red box to stop the Wireshark capture.Notice the type, number of packets, and the time between each packet being sent. In Terminal, type Ctrl + c to stop the ICMP flood. In the top right, select Answer Questions. Answer the question. Select Score Lab.
You are performing a penetration test for a client. Your client is concerned that hackers may be performing port scanning on the network, hoping to find open ports that could leave the company vulnerable to attacks. In this lab, your task is to use nmap to detect open ports as follows: Scan the following network addresses:198.28.1.0/24192.168.0.0/24 Find and report any open ports, especially those susceptible to hacking attacks. Answer the questions.
Q1 Which networks contain open ports? 192.168.0.0 Q2 Which of the following servers have vulnerable open ports? 192.168.0.8, 192.168.0.10, 192.168.0.11, 192.168.0.14 From the Favorites bar, open Terminal. At the prompt, type nmap -p- 198.28.1.0/24 and press Enter to scan for open ports on all servers located on this network. Type nmap -p- 192.168.0.0/24 and press Enter to scan for open ports on all the servers located on this network. In the top right, select Answer Questions. Answer the questions. Select Score Lab.
CorpNet.xyz has hired you as a consultant. While visiting the company, you connected a small computer to the switch in the networking closet. This computer also functions as a rogue wireless access point. Now you are sitting in your van in the parking lot of CorpNet.xyz, where you are connected to the internal network through the rogue wireless access point. Using the small computer you left behind, you can perform remote exploits against the company. In this lab, your task is to: Use ssh -X to connect to your rogue computer (192.168.0.251). Use 1worm4b8 as the root password. Use Zenmap on the remote computer to scan all the ports on the internal network looking for computers vulnerable to attack. Answer the question.
Q1 Which of the following computers have vulnerable open ports? 192.168.0.10, 192.168.0.11, 192.168.0.14, 192.168.0.35 From the Favorites bar, open Terminal. At the prompt, type ssh -X 192.168.0.251 and press Enter. For the root password, type 1worm4b8 and press Enter.You are now connected to Rogue1. Type zenmap and press Enter to launch Zenmap remotely.Zenmap is running on the remote computer, but you see the screen locally. In the Command field, type nmap -p- 192.168.0.0/24. Select Scan. From the results, find the computers with ports open that make them vulnerable to attack. In the top right, select Answer Questions. Answer the question. Select Score Lab.
You have a single switch with a DHCP server connected to Fa0/24. The DHCP snooping feature is already enabled on SwitchA. Now you want to configure DHCP snooping and dynamic ARP inspection on the switch. In this lab, your task is to: Enable DHCP snooping globally on SwitchA. Enable DHCP snooping for VLAN 1. Configure the port that the DHCP server is connected to as a trusted interface for DHCP snooping. Enable dynamic ARP inspection for VLAN 1. Save the changes to the startup-config file.
Select SwitchA. Press Enter to get started. At the Switch> prompt, type enable and press Enter. At the SwitchA# prompt, type config t and press Enter. At the SwitchA(config)# prompt, type ip dhcp snooping and press Enter. At the SwitchA(config)# prompt, type ip dhcp snooping vlan 1 and press Enter. At the SwitchA(config)# prompt, type int fa0/24 and press Enter. At the SwitchA(config-if)# prompt, type ip dhcp snooping trust and press Enter. At the SwitchA(config-if)# prompt, type exit and press Enter. At the SwitchA(config)# prompt, type ip arp inspection vlan 1 and press Enter. Press Ctrl + Z. At the SwitchA# prompt, type copy run start and press Enter. Press Enter to begin building the configuration.
You recently configured a switch that has three hosts attached to FastEthernet 0/2 through 0/4. All three hosts are part of a public kiosk display that allows guests to access the internet. You implemented port security to prevent guests from removing Ethernet cables from the hosts and connecting them to the Ethernet ports on their personal laptops. Now you will add an additional host to the kiosk display through FastEthernet 0/5. The additional host's MAC address is 5ab9.001d.b5ac. If guests attempt to connect through FastEthernet 0/5 to their personal laptops, you would like the switch to drop the frames. In this lab, your task is to: Configure FastEthernet 0/5 as an access port. Enable switch port security on the FastEthernet 0/5. Configure port security to retain 5ab9.001d.b5ac as the only allowed MAC address on the FastEthernet 0/5 interface. Configure the port security violation as protect on eac
Select the switch. Press Enter to get started. At the switch> prompt, type enable and press Enter. At the switch# prompt, type config t and press Enter. At the switch(config)# prompt, type interface fa 0/5 and press Enter. At the switch(config-if)# prompt, type switchport mode access and press Enter. At the switch(config-if)# prompt, type switchport port-security and press Enter. At the switch(config-if)# prompt, type switchport port-security mac-address sticky and press Enter. At the switch(config-if)# prompt, type switchport port-security mac-address sticky 5ab9.001d.b5ac and press Enter. At the switch(config-if)# prompt, type switchport port-security violation protect and press Enter. Press Ctrl + Z. At the switch# prompt, type copy run start and press Enter. Press Enter to begin building the configuration.
You are implementing port security within your network. You have two IP phone daisy chains connected to the switch's FastEthernet 0/5 and 0/6 interfaces. The interfaces are configured as access ports. Voice VLANs and the trusted boundary feature have already been configured on both of the interfaces. You need to configure the port security settings to have the switch interface accept the MAC addresses of the IP phone and the workstation. When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to two plus the maximum number of secure addresses allowed on the access VLAN. When the port is connected to a Cisco IP Phone, the phone requires up to two MAC addresses. The phone address is learned on the voice VLAN and might also be learned on the access VLAN. Connecting a PC to the phone requires additional MAC addresses. In this lab, your task is to: Configure FastEthernet 0/5 and 0/6 with port security to learn the MAC address of the IP phone and workstation. Set the maximum allowed MAC addresses to 3. Set the port security violation to restrict. Save your changes to the startup-config file.
Select the switch. Press Enter to get started. At the switch> prompt, type enable and press Enter. At the switch# prompt, type config t and press Enter. At the switch(config)# prompt, type interface range fa 0/5 - 6 and press Enter. At the switch(config-if-range)# prompt, type switchport mode access and press Enter. At the switch(config-if-range)# prompt, type switchport port-security and press Enter. At the switch(config-if-range)# prompt, type switchport port-security maximum 3 and press Enter. At the switch(config-if-range)# prompt, type switchport port-security mac-address sticky and press Enter. At the switch(config-if-range)# prompt, type switchport port-security violation restrict and press Enter. Press Ctrl + Z. Save your changes to the startup-config file At the switch# prompt, type copy run start and press Enter. Press Enter to begin building the configuration.
You are configuring a switch that has three hosts attached to FastEthernet 0/2 through 0/4. All three hosts are part of a public kiosk display that allows guests to access the internet. You would like to implement port security to prevent guests from removing Ethernet cables from the hosts and connecting them to the Ethernet ports on their personal laptops. If guests attempt to connect through their personal laptops, you want the switch to drop the frames. In this lab, your task is to: Configure FastEthernet 0/2 through 0/4 as access ports. On the FastEthernet 0/2 through 0/4, configure port security to sticky learning and retain the MAC addresses of the connected hosts. Set the port security violation to protect on each applicable interface. Save your changes to the startup-config file.
Select the switch. Press Enter to get started. At the switch> prompt, type enable and press Enter. At the switch# prompt, type config t and press Enter. At the switch(config)# prompt, type interface range fa0/2 - 4 and press Enter. At the switch(config-if-range)# prompt, type switchport mode access and press Enter. At the switch(config-if-range)# prompt, type switchport port-security and press Enter. At the switch(config-if-range)# prompt, type switchport port-security mac-address sticky and press Enter. At the switch(config-if-range)# prompt, type switchport port-security violation protect and press Enter. Press Ctrl + Z. Save your changes to the startup-config file At the switch# prompt, type copy run start and press Enter. Press Enter to begin building the configuration.
You're the IT security administrator for a small corporate network. You need to increase the security on the switch in the networking closet. The following table lists the used and unused ports: Unused PortsUsed PortsGE2GE7GE9-GE20GE25GE27-GE28GE1GE3-GE6GE8GE21-GE24GE26 In this lab, your task is to: Shut down the unused ports. Configure the following Port Security settings for the used ports:Interface Status: LockLearning Mode: Classic LockAction on Violation: Discard
Shut down the unused ports. Under Initial Setup, select Configure Port Settings. Select the GE2 port. At the bottom, select Edit. Under Administrative Status, select Down. Scroll down and select Apply. Select Close. With the GE2 port selected, select Copy Settings at the bottom of the window. In the Copy configuration field, enter the remaining unused ports. Select Apply. In the Port Setting Table, you can see that all the ports are down now. Configure the Port Security settings.In the left menu, expand Security. Select Port Security. Select the GE1 port.At the bottom, select Edit. Under Interface Status, select Lock. Under Learning Mode, make sure Classic Lock is selected. Under Action on Violation, make sure Discard is selected. Select Apply. Select Close. At the bottom, select Copy Settings. Enter the remaining used ports. Select Apply.
