• No results found

Security and Access Control Lists (ACLs)

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Security and Access Control Lists (ACLs)"

Copied!
26
0
0

Loading.... (view fulltext now)

Download now ( 26 Page )

Full text

(1)

Security and

Access Control Lists (ACLs)

(2)

Objectives

Security Threats

Access Control List Fundamentals

Access Control Lists (ACLs)

(3)

Why is network security important?

Networks have grown in both size and

importance

Loss of privacy, theft of information, legal

liability

The types of potential threats to network

(4)

Common Security Threats

Three common factors in network security:

Vulnerability

– Degree of weakness in routers, switches,

desktops, servers, and security devices

– Technological, configuration and security

policy weaknesses

Threat

– People interested and qualified in taking

(5)

Types of Network Attacks

Reconnaissance

– Unauthorized discovery and mapping of systems,

services or vulnerabilities

Access

– Gain access to a device

Denial of Service (DoS)

– Disables or corrupts networks

(6)

Host and Server Based Security

Antivirus software

Personal firewalls

OS patches

Intrusion Detection Systems (IDS) can

detect attacks against a network and send logs to a management console

Intrusion Prevention Systems (IPS) can

(7)

Router Security

Manage router security

Secure remote access

Logging router activity

Secure vulnerable router services and

interfaces

Secure routing protocols

Control and filter network traffic

SDM can be used to configure security

(8)

Security Device Manager - SDM

Cisco Router and Security Device Manager

that simplifies router and security configuration

Easy-to-use, web-based

device-management tool

Automatic router security management

Supports a wide range of Cisco IOS

(9)

What are ACLs?

ACLs are lists of instructions you apply to

(10)

Introduction to ACLs

Lists of conditions

Filter network traffic

Accept or Deny

(11)
(12)
(13)

ACLs can be used to:

Limit network traffic and increase network

performance

Provide traffic flow control (restrict

routing updates)

Basic level of security for network access

Traffic types forwarded or blocked

Control access to areas

Permit or deny host access to network

(14)
(15)
(16)
(17)
(18)
(19)
(20)

Placing ACLs

(21)
(22)

Verifying ACLs

There are many show commands that will

verify the content and placement of ACLs on the router.

–show ip interface –show access-lists

(23)
(24)

Example

Task

• What if we want to deny only the Engineering workstation 172.16.50.2 to be able to access the web server in Administrative network with the IP address

172.16.10.2 and port address 80.

• All other traffic is permitted.

172.16.10.2/24 172.16.10.3/24 172.16.30.2/24 172.16.30.3/24 172.16.50.2/24 172.16.50.3/24 172.16.20.0/24 172.16.40.0/24 e0 e0 e0 .1 .1 .1 .1 .2 .1 .2 s0 s0 s1 s0

RouterA RouterB RouterC

Administration Sales Engineering

(25)

Example

RouterC(config)#access-list 110 deny tcp host 172.16.50.2 host

172.16.10.2 eq 80

RouterC(config)#permit any any RouterC(config)#interface e 0 RouterC(config-if)#ip access-group 110 in 172.16.10.2/24 172.16.10.3/24 172.16.30.2/24 172.16.30.3/24 172.16.50.2/24 172.16.50.3/24 172.16.20.0/24 172.16.40.0/24 e0 e0 e0 .1 .1 .1 .1 .2 .1 .2 s0 s0 s1 s0

RouterA RouterB RouterC

Administration Sales Engineering

Port 80

• Why is better to place the ACL on RouterC instead of RouterA?

(26)

Summary

List of permit and deny statements

Order of statements important

Placement of ACLs important

32-bit wildcard mask

Standard ACLs check the source

Extended ACLs provides a greater range

References

Download now ( PDF - 26 Page - 270.98 KB )

Related documents

USING USER ACCESS CONTROL LISTS (ACLS) TO MANAGE FILE PERMISSIONS WITH A LENOVO NETWORK STORAGE DEVICE

On the other hand, a secured share allows Windows user access control to be configured by checking the Allow users to change file level security option.. Access Control Using

5 Lines of Defense You Need to Secure Your SharePoint Environment SharePoint Security Resource Kit

SharePoint enforces access controls for files using Access Control Lists (ACLs). What makes native permissions challenging, however, is that SharePoint lacks an automated way

Securing the Cloud. A Review of Cloud Computing, Security Implications and Best Practices W H I T E P A P E R

This includes functionality like switch and router Access Control Lists (ACLs), perim- eter firewall rules, or Web application security (Application Firewall, URL Filtering,

HP ProCurve Networking. Networking solutions for small and growing businesses

– Options for protecting your network, including access control lists (ACLs) and port monitoring for detecting and mitigating network threats using ProCurve Network Immunity Manager

Access Control & Mailing Lists

2 In the Smart Objects Library, select your User List - Access Control Mode object and click Manage.. 3 In the Manage dialog, click the

Chapter 3 Using Access Control Lists (ACLs)

Access control lists (ACLs) enable you to permit or deny packets based on source and destination IP address, IP protocol information, or TCP or UDP protocol information.. You

The Cisco IOS Firewall feature set is supported on the following platforms: Cisco 2600 series Cisco 3600 series

Some existing Cisco IOS security features include packet filtering via Access Control Lists (ACLs), Network Address Translation (NAT), network-layer encryption, and

Cisco Small Business Managed Switches

The Cisco SFE2000P is able to secure the network through IEEE 802.1Q VLANs, IEEE 802.1X port authentication, access control lists (ACLs), denial-of- service (DoS) prevention,