Sunday, July 22, 2012

Some of the Security ACLs

  • Standard IP ACLs – uses the source IP addresses for matching operations
  • Extended ACLs – use a combination of source and destination IP addresses and optional protocol-type information for matching operations.
  • Turbo ACLs - creates a set of data tables and compiles them into fast lookup tables allowing for very large filter lists to be used without an increase in packet latency.
  • Named ACLs – can identify IP ACLs with an alphanumeric string rather than a number and enable you to configure more than 99 standard IP ACLs in a router.
  • Timed ACLs – an extended IP ACL that becomes active only during a specified time period. The time range specified may be periodical (such as every Monday at 2 a.m.) or absolute (which is active only one time at a particular date and time).
  • Established ACLs – in which inbound TCP traffic is limited to return traffic from TCP sessions initiated from the inside of the network. No inbound TCP sessions are accepted unless they are explicitly allowed by an inbound ACL on the outside interface. This firewall action only applies to TCP sessions; it does not support UDP sessions.
  • Reflexive ACLs – works similarly to Established ACLs, but supports firewalling TCP and UDP sessions. Reflexive ACLs require the use of both inbound and outbound ACLs.
  • Lock and Key – typically used to permit inbound or outbound access to a resource only when the dynamic ACLs are activated (unlocked) by a Telnet connection (the key). Once activated, the ACL remains active until a timeout value expires.
  • Context Based Access Control (CBAC) – this ACL represents a true firewall and is only available on Cisco routers that have the advanced Firewall IOS feature set. This firewall ACL protects UDP, TCP, FTP, HTTP and other session types, as well as providing protection from spam attacks and certain types of DOS attacks.

Best Practice On Communication

Source: http://www.secureflorida.org/bestpractices/key_components/

Here are some of the key components of good security policy.

1.Identify your risks.
Determine what your company’s most critical information assets are, and spend your time and energy protecting what is most important.

2.Get the CEO involved.
Good security has to start from the top, with executives who help create a corporate culture that values security.

3.Put someone in charge.
Security is a complex job, so make sure someone is in charge of coordinating security efforts.

4.Develop and implement a security policy.
Establish guidelines for how your company handles and protects its data — from who makes sure software patches are installed, to how employees access their e-mail on the road, to how often passwords should be changed.

5.Educate employees and raise awareness.
Make security awareness an ongoing project. Employees need to understand why their role is so critical.

6.Have a security audit done.
Hire an independent third party to evaluate your security posture, and then use the recommendations made by the auditor.

7.Incorporate physical security into the plan.
The best security technology in the world will not do any good if a well-meaning employee lets the wrong person into the server room.

8.Remember internal threats.
Most attempted hacks come from the outside, but most successful ones start with people who have inside knowledge. Have a process in place to delete user accounts when employees quit or are let go.

9.Stay tuned in.
Make sure someone keeps track of new developments in information security, including new vulnerabilities and attacks.

10.Prepare for the worst.
Create an incident response plan to help you save time in the event of a security problem. This will lay out who needs to be involved, what their jobs are, and how you will minimize the damage.

Tuesday, July 10, 2012

Access Control List (ACL) filter (command)

  • Access-list number    Identifies the access list using a number in the range 100 – 999 (extended IP ACL) 2000 – 2699 (expanded IP ACLs)
  • Deny    Denies access if the conditions are matched
  • Permit    Permits access if the conditions are match
  • Remark    Indicates whether this entry allows or blocks the specified address. Could also be used to enter a remark.
  • Protocol    Name or number of an internet protocol. Common keyword include ICMP IP, TCP or UDP
  • Source    Number of the network or host from which the packet is being sent
  • Source-wildcard    Wildcard bit to be applied to source
  • Destination    Number of the network or host to which the packet is being sent
  • Destination wild-card    Wildcard bit to be applied to the destination
  • Port    The decimal number or name of a TCP or UDP port
  • Established     For the TCP protocol only; indicates an established connection.
  • Operator   
    • lt (less than) 
    • gt (greater than)
    • eq (equal)
    • neq (not equal)

Source: http://www.orbit-computer-solutions.com/Access-Control-Lists-%28ACL%29.php

Three port numbers ranges


  1. System Ports -- ranges from 0 to 1023
  2. User Ports -- ranges from 1024 to 49151
  3. Dynamic and/or Private Ports -- ranges from 49152 to 65535


http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml

Saturday, July 7, 2012

Cisco 3600 Series routers

Two more additional units to my rack... Cisco 3640's  4 Slot Modular Chassis