Microsoft pitches PC isolation ward to defeat botnets |
- Microsoft pitches PC isolation ward to defeat botnets
- Don't expect to peer into Google cloud services security
- Teen arrested for refusing to hand over password
- Adobe rewrites PDF Reader to bolster security
- McAfee introduces antivirus product for virtual environments
- Three quarters of under twos have digital footprint
- CCNA Training-Access Control Lists
- Facebook says prosecution of billion-dollar spammer not over
- Microsoft Suggests Public Health Response for Sick PCs
| Microsoft pitches PC isolation ward to defeat botnets Posted: 07 Oct 2010 09:00 AM PDT
|
| Don't expect to peer into Google cloud services security Posted: 07 Oct 2010 09:00 AM PDT
|
| Teen arrested for refusing to hand over password Posted: 07 Oct 2010 09:00 AM PDT
|
| Adobe rewrites PDF Reader to bolster security Posted: 07 Oct 2010 09:00 AM PDT
|
| McAfee introduces antivirus product for virtual environments Posted: 07 Oct 2010 09:00 AM PDT
|
| Three quarters of under twos have digital footprint Posted: 07 Oct 2010 09:00 AM PDT
|
| CCNA Training-Access Control Lists Posted: 07 Oct 2010 08:27 AM PDT
An Access Control List (ACL) is a list of rules that control and filter traffic based on source and destination IP addresses. This happens by either allowing packets or blocking packets from an interface on a router or firewall. Access control lists are in two forms. These are Standard access control lists and Extended access control lists. ACLs can also be used as a security measure for connecting to your router by allowing only the necessary IP addresses or networks for accessing the router via telnet. We will be considering these access control lists, how they work and how to configure them on Cisco routers. Let's start with the standard access control lists below. Standard Access Lists The standard access control list will allow you to either permit or deny traffic from a specific source IP address or IP network. These access lists have a number from 1 to 99. When you are putting an access list on a router you will need to identify the access lists with a number e.g. access lists 10. To configure a standard access list and apply it on an Ethernet interface you would enter the following commands: access-list 10 permit 192.168.2.0 0.0.0.255 By enforcing the above command you would allow traffic to pass through the interface from all addressing in the 192.168.2.0 to 192.168.2.255 range. In every access list there will be an implicit deny all at the end of the ACL even if you don't specify it explicitly. So if you configured your access list like this here is what it would do. show access-list 10 The output will be: access-list 10 permit 192.168.2.0 0.0.0.255 Extended Access Lists An extended access control list will allow you to deny or permit traffic from specific IP addresses, and ports. It also gives you the ability to control the type of protocol that can be transferred such as ICMP, TCP, UDP and so forth. The range of the extended access control lists is from 100 to 199. An example of an extended ACL: access-list 110 permit tcp 92.128.2.0 0.0.0.255 any eq 80 The ACL 110 will permit traffic that is coming from any address on the 92.128.2.0 network (source network) towards any destination IP on port 80. The 'any' statement is there so as to allow traffic towards any IP destination on port 80. The first network statement in the access-list command (i.e 92.128.2.0 0.0.0.255) refers to the source of the traffic, and the second network statement (the keyword "any" in our example) refers to the destination of the traffic. Another example: access-list 111 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 The above configuration will allow all IP traffic from source network 192.168.1.0/24 towards destination network 192.168.2.0/24. Note also that the subnet mask in the ACL configuration in always represented with an inverse mask (i.e instead of using 255.255.255.0 we use 0.0.0.255) How to apply the ACL After you have set the ACL in place you will need to specify which direction you want it to operate on the interface that will be applied (inbound or outbound). For example "in" means inbound to the interface and "out" means outbound from the interface. The ACL is then applied on a specific interface using the "access-group" command. You can identify an access list by giving it a name or number. Here is a set of commands you would use: Router(config)#interface serial 0 Using Access Lists to secure Telnet access to a router You can also secure your telnet lines on a router via ACL. This will enable you to allow access to telnet login only for certain hosts or networks. Here is a sample configuration of how you would go about doing this. access-list 25 permit 192.168.2.0 0.0.0.255 line vty 0 4 With this ACL in place you will only permit hosts on the 192.168.2.0/24 network to have access to the VTY login. All attempts from other networks would be blocked. Another example: Let's say we have one specific management station (10.1.1.1) which should be allowed to access the router via telnet. All other hosts should be blocked. access-list 10 permit host 10.1.1.1 line vty 0 4 |
| Facebook says prosecution of billion-dollar spammer not over Posted: 07 Oct 2010 09:00 AM PDT
|
| Microsoft Suggests Public Health Response for Sick PCs Posted: 06 Oct 2010 09:00 AM PDT
|
| You are subscribed to email updates from "Cisco" via Ehsan in Google Reader To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google Inc., 20 West Kinzie, Chicago IL USA 60610 | |
0 comments:
Post a Comment