Sybex CCNA 640-802 Chapter 10: Security Instructor & Todd Lammle.

Slides:



Advertisements
Similar presentations
Student Guide Access List.
Advertisements

Access Control List (ACL)
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
Chapter 9: Access Control Lists
Basic IP Traffic Management with Access Lists
CIT 742: Network Administration and Security Mohammed A. Saleh 1.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Introducing ACLs.
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—6-1 Access Control Lists Introducing ACL Operation.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5.
NESCOT CATC1 Access Control Lists CCNA 2 v3 – Module 11.
WXES2106 Network Technology Semester /2005 Chapter 10 Access Control Lists CCNA2: Module 11.
1 Access Lists. 2 Introduction ACL (access list)  a list of conditions that categorize packets. Rules:  Sequential order.  Until a match is made. 
Institute of Technology, Sligo Dept of Computing Access Control Lists Semester 3, Chapter 6.
CCNA 2 v3.1 Module 11.
Instructor & Todd Lammle
Access Lists 1 Network traffic flow and security influence the design and management of computer networks Access lists are permit or deny statements that.
Access Lists Lists of conditions that control access.
Year 2 - Chapter 6/Cisco 3 - Module 6 ACLs. Objectives  Define and describe the purpose and operation of ACLs  Explain the processes involved in testing.
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control Non e0e1 s server.
1 Semester 2 Module 11 Access Control Lists (ACLs) Yuda college of business James Chen
CISCO NETWORKING ACADEMY Chabot College ELEC Access Control Lists - Introduction.
Switched Multimegabit Data Service (SMDS) Defined b b SMDS offers the ability to eliminate the geographic restrictions of distributed high-speed data communications.
Network Certification Preparation. Module - 5 Basic troubleshooting of IP addressing issues Basic troubleshooting of RIP and IGRP Basic troubleshooting.
© 2002, Cisco Systems, Inc. All rights reserved..
1 Lecture #5 Access Control Lists (ACLs) Asst.Prof. Dr.Anan Phonphoem Department of Computer Engineering, Faculty of Engineering, Kasetsart University,
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
Access Control List ACL. Access Control List ACL.
Access Control Lists (ACLs)
Access Control List (ACL) W.lilakiatsakun. ACL Fundamental ► Introduction to ACLs ► How ACLs work ► Creating ACLs ► The function of a wildcard mask.
Sybex CCNA Chapter 12: Security Instructor & Todd Lammle.
1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)
1 Sybex CCNA Chapter 10: Security. Chapter 10 Objectives The CCNA Topics Covered in this chapter include: Introduction to Security –Types of attacks.
1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)
Access Control List (ACL)
Instructor & Todd Lammle
CCNA – Cisco Certified Network Associates Access Control List (ACL) By Roshan Chaudhary Lecturer Islington College.
Access-Lists Securing Your Router and Protecting Your Network.
ACLs ACLs are hard. Read, read, read. Practice, practice, practice ON TEST4.
Page 1 Access Lists Lecture 7 Hassan Shuja 04/25/2006.
Access Control List ACL’s 5/26/ What Is an ACL? An ACL is a sequential collection of permit or deny statements that apply to addresses or upper-layer.
1 What Are Access Lists? –Standard –Checks Source address –Generally permits or denies entire protocol suite –Extended –Checks Source and Destination address.
Semester 3 Chapter 6 ACLs. Overview Router can provide basic traffic filtering capability Access Control Lists can prevent packets from passing through.
Ch. 5 – Access Control Lists. Part 1: ACL Fundamentals.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Page 1 Chapter 11 CCNA2 Chapter 11 Access Control Lists : Creating ACLs, using Wildcard Mask Bits, Standard and Extended ACLs.
Chapter 10 Security. A typical secured network Recognizing Security Threats 1- Application-layer attacks Ex: companyname.com/scripts/..%5c../winnt/system32/cmd.exe?/c+dir+c:\
Instructor & Todd Lammle
Sem 3 Access Control Lists. Summary of Access Lists Access lists perform serveral functions within a Cisco router, including: ** Implement security /
Restricting Access in the network
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
ACCESS CONTROL LIST.
Access Control Lists (ACL). Access-List Overview 4 A Filter through which all traffic must pass 4 Used to Permit or Deny Access to Network 4 Provides.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
Wild Stuff ExtendedACLGeneralACLStandardACL Got the Right Number?
CCNA4 Perrine / Brierley Page 12/20/2016 Chapter 05 Access Control Non e0e1 s server.
Access Control List (ACL) W.lilakiatsakun. Transport Layer Review (1) TCP (Transmission Control Protocol) – HTTP (Web) – SMTP (Mail) UDP (User Datagram.
1 Pertemuan 24 Access Control List Fundamentals. Discussion Topics Introduction ACLs How ACLs work Creating ACLs The function of a wildcard mask Verifying.
1 Access Control Lists (ACLs). 222 Overview 1.Network administrators must be able to a.deny unwanted access to a network and b.allow authorized users.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.
Instructor & Todd Lammle
Instructor Materials Chapter 7: Access Control Lists
Managing IP Traffic with ACLs
Introducing ACL Operation
Access Control Lists Last Update
Access Control Lists CCNA 2 v3 – Module 11
Presentation transcript:

Sybex CCNA Chapter 10: Security Instructor & Todd Lammle

Chapter 10 Objectives The CCNA Topics Covered in this chapter include: Introduction to Security –Types of attacks –Mitigating attacks Access-lists –Standard –Extended –Named –Monitoring Access-lists 2

Introduction to Security

Attacks A PPLICATION - LAYER ATTACKS A UTOROOTERS B ACKDOORS D ENIAL OF SERVICE (D O S) AND DISTRIBUTED DENIAL OF SERVICE (DD O S) ATTACKS –( MANY OTHERS )

Mitigating Attacks Appliances –IDS –IPS S TATEFUL IOS F IREWALL INSPECTION ENGINE F IREWALL VOICE TRAVERSAL ICMP INSPECTION A UTHENTICATION PROXY

Access Lists Purpose: –Used to permit or deny packets moving through the router –Permit or deny Telnet (VTY) access to or from a router –Create dial-on demand (DDR) interesting traffic that triggers dialing to a remote location

Important Rules Packets are compared to each line of the assess list in sequential order Packets are compared with lines of the access list only until a match is made –Once a match is made & acted upon no further comparisons take place An implicit “deny” is at the end of each access list –If no matches have been made, the packet will be discarded

Types of Access Lists Standard Access List –Filter by source IP addresses only Extended Access List –Filter by Source IP, Destination IP, Protocol Field, Port Number Named Access List –Functionally the same as standard and extended access lists.

Application of Access Lists Inbound Access Lists –Packets are processed before being routed to the outbound interface Outbound Access Lists –Packets are routed to the outbound interface & then processed through the access list

ACL Guidelines One access list per interface, per protocol, or per direction More specific tests at the top of the ACL New lists are placed at the bottom of the ACL Individual lines cannot be removed End ACLs with a permit any command Create ACLs & then apply them to an interface ACLs do not filter traffic originated from the router Put Standard ACLs close to the destination Put Extended ACLs close the the source

Standard IP Access Lists Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#access-list ? IP standard access list IP extended access list IPX SAP access list Extended 48-bit MAC address access list IPX summary address access list Protocol type-code access list DECnet access list Appletalk access list 48-bit MAC address access list IPX standard access list IPX extended access list

Standard IP Access Lists Creating a standard IP access list: Router(config)#access-list 10 ? deny Specify packets to reject permit Specify packets to forward Permit or deny? Router(config)#access-list 10 deny ? Hostname or A.B.C.D Address to match any any source host host A single host address Using the host command Router(config)#access-list 10 deny host

Standard ACL Example

Standard ACL example 2

Standard ACL Example 3

Wildcards What are they??? –Used with access lists to specify a…. Host Network Part of a network

Block Sizes Rules: –When specifying a range of addresses, choose the closest block size –Each block size must start at 0 –A ‘0’ in a wildcard means that octet must match exactly –A ‘255’ in a wildcard means that octet can be any value –The command any is the same thing as writing out the wildcard:

Specifying a Range of Subnets (Remember: specify a range of values in a block size) Requirement: Block access in the range from through = block size 8 Network number = Wildcard = **The wildcard is always one number less than the block size

Controlling VTY (Telnet) Access Why?? –Without an ACL any user can Telnet into the router via VTY and gain access Controlling access –Create a standard IP access list Permitting only the host/hosts authorized to Telnet into the router –Apply the ACL to the VTY line with the access-class command

Example Lab_A(config)#access-list 50 permit Lab_A(config)#line vty 0 4 Lab_A(config-line)#access-class 50 in (implied deny)

Extended IP Access Lists Allows you to choose... IP Source Address IP Destination Address Protocol Port number

Extended IP ACLs Router(config)#access-list ? IP standard access list IP extended access list IPX SAP access list Extended 48-bit MAC address access list IPX summary address access list Protocol type-code access list DECnet access list Appletalk access list 48-bit MAC address access list IPX standard access list IPX extended access list Router(config)#access-list 110 ? deny Specify packets to reject dynamic Specify a DYNAMIC list of PERMITs or DENYs permit Specify packets to forward

Extended IP ACLs Router(config)#access-list 110 deny ? An IP protocol number ahp Authentication Header Protocol eigrp Cisco's EIGRP routing protocol esp Encapsulation Security Payload gre Cisco's GRE tunneling icmp Internet Control Message Protocol igmp Internet Gateway Message Protocol igrp Cisco's IGRP routing protocol ip Any Internet Protocol ipinip IP in IP tunneling nos KA9Q NOS compatible IP over IP tunneling ospf OSPF routing protocol pcp Payload Compression Protocol tcp Transmission Control Protocol udp User Datagram Protocol Router(config)#access-list 110 deny tcp ? A.B.C.D Source address any Any source host host A single source host

Extended IP ACL Steps #1: Select the access list: RouterA(config)#access-list 110 #2: Decide on deny or permit: RouterA(config)#access-list 110 deny #3: Choose the protocol type: RouterA(config)#access-list 110 deny tcp #4: Choose source IP address of the host or network: RouterA(config)#access-list 110 deny tcp any #5: Choose destination IP address RouterA(config)#access-list 110 deny tcp any host #6: Choose the type of service, port, & logging RouterA(config)#access-list 110 deny tcp any host eq 23 log

Steps (cont.) RouterA(config)#access-list 110 deny tcp any host eq 23 log RouterA(config)#access-list 110 permit ip any RouterA(config)#ip access-group 110 in or RouterA(config)#ip access-group 110 out

Named Access Lists Another way to create standard and extended access lists. Allows the use of descriptive names to ease network management. Syntax changes: –Lab_A(config)#ip access-list standard BlockSales –Lab_A(config-std-nacl)#deny –Lab_A(config-std-nacl)#permit any

Monitoring IP Access Lists Display all access lists & their parameters show access-list Show only the parameters for the access list 110 show access-list 110 Shows only the IP access lists configured show ip access-list Shows which interfaces have access lists set show ip interface Shows the access lists & which interfaces have access lists set show running-config

Written Labs and Review Questions –Open your books and go through all the written labs and the review questions. –Review the answers in class. 28

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.