- Standard IP ACLs – uses the source IP addresses for matching operations
- Extended ACLs – use a combination of source and destination IP addresses and optional protocol-type information for matching operations.
- Turbo ACLs - creates a set of data tables and compiles them into fast lookup tables allowing for very large filter lists to be used without an increase in packet latency.
- Named ACLs – can identify IP ACLs with an alphanumeric string rather than a number and enable you to configure more than 99 standard IP ACLs in a router.
- Timed ACLs – an extended IP ACL that becomes active only during a specified time period. The time range specified may be periodical (such as every Monday at 2 a.m.) or absolute (which is active only one time at a particular date and time).
- Established ACLs – in which inbound TCP traffic is limited to return traffic from TCP sessions initiated from the inside of the network. No inbound TCP sessions are accepted unless they are explicitly allowed by an inbound ACL on the outside interface. This firewall action only applies to TCP sessions; it does not support UDP sessions.
- Reflexive ACLs – works similarly to Established ACLs, but supports firewalling TCP and UDP sessions. Reflexive ACLs require the use of both inbound and outbound ACLs.
- Lock and Key – typically used to permit inbound or outbound access to a resource only when the dynamic ACLs are activated (unlocked) by a Telnet connection (the key). Once activated, the ACL remains active until a timeout value expires.
- Context Based Access Control (CBAC) – this ACL represents a true firewall and is only available on Cisco routers that have the advanced Firewall IOS feature set. This firewall ACL protects UDP, TCP, FTP, HTTP and other session types, as well as providing protection from spam attacks and certain types of DOS attacks.
Here we go... MIND-OVER-MATTER, if you don't mind it doesn't matter. NOW STUDY!!!
Sunday, July 22, 2012
Some of the Security ACLs
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment