Loading and Managing System Images Configuration Guide, Cisco IOS XE Release 3S ( Cisco ASR 900 Series) Chapter Title. Using FTP to Manage System Images. PDF - Complete Book (2.17 MB) PDF - This Chapter (1.29 MB) View with Adobe Reader on a variety of devices. EPub - Complete Book (154.0 KB).
![Cisco ios images gns3 Cisco ios images gns3](/uploads/1/2/5/6/125628086/840817935.jpg)
ContentsOverviewThe security of Cisco IOS devices consists of multiple factors, including physical and logical access to the device, configuration of the device, and the inherent security of the software being used. The security configuration of a device, specifically in relation to device security, is conveyed using documented best practices. The document entitled represents one collection of those best practices.The integrity of the software used on Cisco IOS devices, in this case Cisco IOS software, is also important to device security.
Depending on severity, security issues in Cisco IOS software are communicated to customers using Security Advisories, Security Responses, or Cisco bug release notes. Further details are documented in the.It may be possible for an attacker to insert malicious code into a Cisco IOS software image and load it onto a Cisco device that supports that image. This attack scenario could occur on any device that uses a form of software, given a proper set of circumstances. This document will describe best practices that network administrators can use to reduce the risk of malicious code being installed on Cisco IOS devices. Additionally, this document will offer some methods that administrators can use to mitigate the risks of introducing malicious code into the network.Security Best PracticesCisco recommends that the following security best practices be implemented to improve the security posture of the network.
![Images Images](/uploads/1/2/5/6/125628086/686784560.jpeg)
These practices are particularly relevant to ensure that Cisco IOS devices only use authorized and unaltered Cisco IOS software images. Supply Chain IntegrityTo minimize the risk associated with malicious code, it is important that network administrators develop and consistently apply a secure methodology for Cisco IOS software image management.
Working with the Software Images.Information About Software ImagesYou can archive (download and upload) software image files, which contain the system software, the Cisco IOS code, and the embedded Device Manager software.You can download a switch image file from a TFTP, FTP, or RCP server to upgrade the switch software. If you do not have access to a TFTP server, you can download a software image file directly to your PC or workstation by using a web browser (HTTP) and then by using Device Manager or Cisco Network Assistant to upgrade your switch. For information about upgrading your switch by using a TFTP server or a web browser (HTTP), see the release notes.You can replace the current image with the new one or keep the current image in flash memory after a download.You can use the archive download-sw /allow-feature-upgrade privileged EXEC command to allow installation of an image with a different feature set, for example, upgrading from the universal image to the IP services feature set. You can also use the boot auto-download-sw global configuration command to specify a URL to use to get an image for automatic software upgrades. When you enter this command, the master switch uses this URL in case of a version mismatch.You upload a switch image file to a TFTP, FTP, or RCP server for backup purposes. You can use this uploaded image for future downloads to the same switch or to another of the same type.The protocol that you use depends on which type of server you are using. The FTP and RCP transport methods provide faster performance and more reliable delivery of data than TFTP.
These improvements are possible because FTP and RCP are built on and use the TCP/IP stack, which is connection-oriented.These sections contain this configuration information:Note For a list of software images and the supported upgrade paths, see the release notes.Image Location on the SwitchThe Cisco IOS image is stored as a.bin file in a directory that shows the version number. A subdirectory contains the files needed for web management. The image is stored on the system board flash memory (flash:).You can use the show version privileged EXEC command to see the software version that is currently running on your switch. In the display, check the line that begins with System image file is. It shows the directory name in flash memory where the image is stored.You can also use the dir filesystem: privileged EXEC command to see the directory names of other software images that you might have stored in flash memory. You can use the archive download-sw /directory privileged EXEC command to specify a directory once followed by a tar file or list of tar files to be downloaded instead of specifying complete paths with each tar file.