- Standard IP ACLs – uses the source IP addresses for matching operations
- Extended ACLs – use a combination of source and destination IP addresses and optional protocol-type information for matching operations.
- Turbo ACLs - creates a set of data tables and compiles them into fast lookup tables allowing for very large filter lists to be used without an increase in packet latency.
- Named ACLs – can identify IP ACLs with an alphanumeric string rather than a number and enable you to configure more than 99 standard IP ACLs in a router.
- Timed ACLs – an extended IP ACL that becomes active only during a specified time period. The time range specified may be periodical (such as every Monday at 2 a.m.) or absolute (which is active only one time at a particular date and time).
- Established ACLs – in which inbound TCP traffic is limited to return traffic from TCP sessions initiated from the inside of the network. No inbound TCP sessions are accepted unless they are explicitly allowed by an inbound ACL on the outside interface. This firewall action only applies to TCP sessions; it does not support UDP sessions.
- Reflexive ACLs – works similarly to Established ACLs, but supports firewalling TCP and UDP sessions. Reflexive ACLs require the use of both inbound and outbound ACLs.
- Lock and Key – typically used to permit inbound or outbound access to a resource only when the dynamic ACLs are activated (unlocked) by a Telnet connection (the key). Once activated, the ACL remains active until a timeout value expires.
- Context Based Access Control (CBAC) – this ACL represents a true firewall and is only available on Cisco routers that have the advanced Firewall IOS feature set. This firewall ACL protects UDP, TCP, FTP, HTTP and other session types, as well as providing protection from spam attacks and certain types of DOS attacks.
Here we go... MIND-OVER-MATTER, if you don't mind it doesn't matter. NOW STUDY!!!
Sunday, July 22, 2012
Some of the Security ACLs
Best Practice On Communication
Source: http://www.secureflorida.org/bestpractices/key_components/
Here are some of the key components of good security policy.
Here are some of the key components of good security policy.
1.Identify your risks.
Determine what your company’s most critical information assets are, and spend your time and energy protecting what is most important.
2.Get the CEO involved.
Good security has to start from the top, with executives who help create a corporate culture that values security.
3.Put someone in charge.
Security is a complex job, so make sure someone is in charge of coordinating security efforts.
4.Develop and implement a security policy.
Establish guidelines for how your company handles and protects its data — from who makes sure software patches are installed, to how employees access their e-mail on the road, to how often passwords should be changed.
5.Educate employees and raise awareness.
Make security awareness an ongoing project. Employees need to understand why their role is so critical.
6.Have a security audit done.
Hire an independent third party to evaluate your security posture, and then use the recommendations made by the auditor.
7.Incorporate physical security into the plan.
The best security technology in the world will not do any good if a well-meaning employee lets the wrong person into the server room.
8.Remember internal threats.
Most attempted hacks come from the outside, but most successful ones start with people who have inside knowledge. Have a process in place to delete user accounts when employees quit or are let go.
9.Stay tuned in.
Make sure someone keeps track of new developments in information security, including new vulnerabilities and attacks.
10.Prepare for the worst.
Create an incident response plan to help you save time in the event of a security problem. This will lay out who needs to be involved, what their jobs are, and how you will minimize the damage.
Thursday, July 19, 2012
ACL guidelines and to keep in mind
ACL Configuration Guidelines
http://www.ccnastudyguide.net/acl-configuration-guidelines/
Cisco IOS access lists: 10 things you should know
http://www.techrepublic.com/article/cisco-ios-access-lists-10-things-you-should-know/5731134
http://www.ccnastudyguide.net/acl-configuration-guidelines/
Cisco IOS access lists: 10 things you should know
http://www.techrepublic.com/article/cisco-ios-access-lists-10-things-you-should-know/5731134
Monday, July 16, 2012
Cisco Documentation
Found this documentations URLs today:
Cisco Product Documentation
http://www.cisco.com/univercd/cc/td/doc/product/
Cisco 2500 Series Routers
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/cis2600/index.htm
Cisco 2600 Series Routers
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/cis2600/index.htm
Cisco 2800 Series Integrated Services Routers
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/2800/index.htm
Cisco 3600 Series Routers
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/cis3600/index.htm
Cisco Product Documentation
http://www.cisco.com/univercd/cc/td/doc/product/
Cisco 2500 Series Routers
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/cis2600/index.htm
Cisco 2600 Series Routers
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/cis2600/index.htm
Cisco 2800 Series Integrated Services Routers
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/2800/index.htm
Cisco 3600 Series Routers
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/cis3600/index.htm
Tuesday, July 10, 2012
Access Control List (ACL) filter (command)
- Access-list number Identifies the access list using a number in the range 100 – 999 (extended IP ACL) 2000 – 2699 (expanded IP ACLs)
- Deny Denies access if the conditions are matched
- Permit Permits access if the conditions are match
- Remark Indicates whether this entry allows or blocks the specified address. Could also be used to enter a remark.
- Protocol Name or number of an internet protocol. Common keyword include ICMP IP, TCP or UDP
- Source Number of the network or host from which the packet is being sent
- Source-wildcard Wildcard bit to be applied to source
- Destination Number of the network or host to which the packet is being sent
- Destination wild-card Wildcard bit to be applied to the destination
- Port The decimal number or name of a TCP or UDP port
- Established For the TCP protocol only; indicates an established connection.
- Operator
- lt (less than)
- gt (greater than)
- eq (equal)
- neq (not equal)
Source: http://www.orbit-computer-solutions.com/Access-Control-Lists-%28ACL%29.php
Three port numbers ranges
- System Ports -- ranges from 0 to 1023
- User Ports -- ranges from 1024 to 49151
- Dynamic and/or Private Ports -- ranges from 49152 to 65535
http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml
Saturday, July 7, 2012
Friday, July 6, 2012
My second 2500 in the rack...
Got my second Cisco 2520 today... was surprised NICE AND CLEAN UNIT!! My first was Cisco 2500 was the RJ 2511 Access Server.
There is a known poor performance issue with this model, http://www.cisco.com/en/US/ts/fn/misc/fna-2196-1.html But I received a fixed revision unit -- 800-00590-03A0.
There is a known poor performance issue with this model, http://www.cisco.com/en/US/ts/fn/misc/fna-2196-1.html But I received a fixed revision unit -- 800-00590-03A0.
Sunday, July 1, 2012
More cables...
Just made additional 4 crossover, 6 rollover, 4 T1 and 10 straight-thru cables. How many more do I need?
I still need some serial cables... that I don't know how to make -=8o)
I still need some serial cables... that I don't know how to make -=8o)
What next?
Don't know... so I grab this book...
http://www.ciscopress.com/bookstore/product.asp?isbn=1587051176
dddddiiiiiiiggggggggggggg-iiiiiiiiinnnnnnnnnnnnnnnn...................
http://www.ciscopress.com/bookstore/product.asp?isbn=1587051176
dddddiiiiiiiggggggggggggg-iiiiiiiiinnnnnnnnnnnnnnnn...................
Subscribe to:
Posts (Atom)