SlideShare uma empresa Scribd logo

Anilnet

Anil Sharma
Anil Sharma
Tecnologia
1 de 8
Baixar para ler offline
 Name access list Submitted To, Mr. Parvesh Mor Submitted by, Anil Sharma Reg: 11107936 Permit or deny statements that filter traffic based on the source address,    destination address, protocol type, and port number of a packet Available for IP, IPX, AppleTalk, Introduction: An access list is essentially a list of conditions that categorize packets. They can be really helpful when you need to exercise control over network traffic. An access list would be your tool of choice for decision making in these situation. One of the most common and easiest to understand uses of access list is filtering unwanted packet when implementing security policies. For example, you can set them up to make very specific decisions about regulating traffic pattern so that they will allow only certain host to access web resources on the internet while restricting others. With the right combination of access list, network managers arm themselves with the power to enforce any security any policy they can invent. Some important points under access list • Powerful tools that control access both to and from network segments • Can be used to implement security • Powerful tools that control access both to and from network segments • Can filter unwanted packets • Can be used to implement security Access List Usage: • You can create a standard access list that examines a packet for the packet’s source header information • deny any statement Can filter unwanted packets • and many other protocols – Implicitly blocks all packets that do not meet the requirements of the access list
– • With careful planning, you can create access lists that control which traffic crosses particular links And which segments of your network will have access to others Problems with Access Lists: • • Lack of planning is one of the most common problems associated with access lists The need to enter the list sequentially into the router also presents problems – – • Exists even though it is not shown as part of the access list You cannot move individual statements once they are entered When making changes, you must remove the list, using the no access-list [list number] command, and then retype the commands Access lists begin working the second they are applied to an interface Access List Rules: • Example of the structure of a standard IP access list: RouterA(config)#access-list 1 deny 172.22.5.2 0.0.0.0 RouterA(config)#access-list 1 deny 172.22.5.3 0.0.0.0 RouterA(config)# access-list 1 permit any • Router applies each line in the order in which you type it into the access list • The no access-list [list #] command is used to remove an access list • As a general rule, the lines with the most potential matches should be first in the list
– So that packets will not undergo unnecessary processing inbound or outbound traffic filters – Only one list, per protocol, per direction can be applied to an interface – Access lists are effective as soon as they are applied Standard IP Access Lists: • Standard IP access lists • You should avoid unnecessarily long access lists – Filter network traffic based on the source IP address only • After you create access lists, you must apply them to interfaces so they can begin filtering traffic – Using a standard IP access list, you can filter traffic by a host IP, subnet, or a network address – • You apply a list as either an outgoing or an incoming filter • – In summary, all access lists follow these rules: – Routers apply lists sequentially in the order in which you type them into the router – Routers apply lists to packets sequentially, from the top down, one line at a time – Packets are processed only until a match is made – Lists always end with an implicit deny – Access lists must be applied to an interface as either Configure standard IP access lists: • access-list [list #] [permit|deny] [source address] [source wildcard mask] Routers use wildcards to determine which bits in an address will be significant Wildcard mask example:
Wildcard masking matching a single host: example • Standard Examples: • IP Access List If you decide that an access list needs to be removed from an interface – You can remove it with the no ip access-group [list #] command Standard IP access lists permit or deny packets based only on the source address – Addresses can be a single host address, a subnet address, or a full network address • • • • • Correct placement of a list is imperative To view the access lists defined on your router, use the show access-lists command – For IP access lists you could also use the show ip accesslists command Application of the list as an outbound filter on FastEthernet0/0 – See Figure 10-15 Use the show access-lists or show ip access-lists command followed by the show ip interface command – To verify that the list has been entered and applied correctly
Monitoring Lists: • Standard IP Access – Three main commands are available for monitoring access lists on your router – show access-lists – show ip access-lists – show interfaces or show ip interface • Use the no ip accessgroup [list #][direction] command to remove the application of the list Using Named Lists: • Extended IP Access Lists: • Extended IP access lists – – Can filter by source IP address, destination IP address, protocol type, and application port number This granularity allows you to design extended IP access lists that: • • • Permit or deny a single type of IP protocol Filter by a particular port of a particular protocol To configure extended IP access lists, you must create the list and then apply it to an interface using the following syntax Named access lists – Use the no access-list [list #] command to remove the list • access-list [list #] [permit|deny] [protocol] [source IP address] [source wildcard mask] [operator] [port] [destination IP address] [destination wildcard mask] [operator] [port] [log] • In Cisco IOS versions 11.2 and above, names instead of numbers can be used to identify lists To name a standard IP access list, use the following syntax: RouterC(config)#ip standard [name] • access-list To name an extended IP access list, use the following syntax: RouterC(config)#ip extended [name] access-list • Once the list is named, the permit or deny statement is entered • The commands follow the same syntax as unnamed lists – • The beginning part of the command is not included To apply a standard IP named list to an interface, the syntax is: RouterC(config-if)#ip access-group [name] [in | out]
Advantages: – – – – RouterA(config-line)#access-class Allows you to maintain security by using an easily identifiable access list Removes the limit of 100 lists per filter type With named access lists lines can be selectively deleted in the ACL Named ACLs provide greater flexibility to network administrators who work in environments where large numbers of ACLs are needed 12 in • RouterA(config)#access-list permit 192.168.12.0 0.0.0.255 RouterA(config-line)#access-class 13 in Using Security Device Manager to Create Access Control Lists: • Using the SDM, an administrator can accomplish all the tasks that formerly required use of the CLI interface • SDM allows you to easily create a standard or an extended access list or, as it is known in the SDM, an Access Control List (ACL) Access lists are used for both traffic flow and security • One useful security feature of access lists is restricting access to telnet on your router – • By controlling VTY line access You must first create a standard IP access list that permits the management workstation RouterA(config)#access-list permit 192.168.12.12 0.0.0.0 12 • Then, it must be applied to the VTY lines access-class [acl #] in | out • To apply access list 12 to the VTY lines, use the following command: RouterA(config)#line vty 0 4 13 RouterA(config)#line vty 0 4 Controlling VTY Line Access: • The commands to restrict access to the VTY lines to network 192.168.12.0/24 only are:
Router1: E0:- 10.0.0.1 E1:-11.0.0.1 Router2: E0:-11.0.0.2 E1:12.0.0.1 Router3: E0:- 12.0.0.2 E1:-13.0.0.1 Router 4: E0:- 13.0.0.2 E1:-14.0.0.1 Router 5: Router 6: E0/0:E0:-15.0.0.2 14.0.0.2 E1:-16.0.0.2 E0/1:-14.0.0.1 E0/2:-16.0.0.1 Router 7: E0:-17.0.0.1 E1:-18.0.0.1 Topology: Router 8 :E0:-18.0.0.2 E1:-19.0.0.1 Pc1 E0:- 10.0.0.2 Pc2: E0:-10.0.0.3 Pc3: E0:-15.0.0.2 Pc4: E0:-19.0.0.2 Pc5: E0:-19.0.0.3 Switch1 F/E SWITCH2 0/1 F/E0/1 15.0.0.2
10.0.0.4 SWITCH3 FE/E0/1 19.0.0.4 Reference:     http://en.wikipedia.org/wiki/Access_c ontrol_list Book – CCNA(Todd Lammle) http://www.cisco.com/en/US/product s/sw/secursw/ps1018/products_tech _note09186a00800a5b9a.shtml http://www.cisco.com/en/US/docs/ro uters/asr9000/software/asr9k_r4.2/a ddr_serv/command/reference/b_ipad dr_cr42asr9k_chapter_01.html

Recomendados

Acl
AclAcl
AclRaghu Kiran
 
Access Control List & its Types
Access Control List & its TypesAccess Control List & its Types
Access Control List & its TypesNetwax Lab
 
Access control list [1]
Access control list [1]Access control list [1]
Access control list [1]Summit Bisht
 
Types of ACLs
Types of ACLsTypes of ACLs
Types of ACLsNetProtocol Xpert
 
Standard & Extended ACL Configuration
Standard & Extended ACL ConfigurationStandard & Extended ACL Configuration
Standard & Extended ACL ConfigurationMdAlAmin187
 
Guide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgGuide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgEric Vanderburg
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccnarobertoxe
 
Easy steps-cisco-extended-access-list-231
Easy steps-cisco-extended-access-list-231Easy steps-cisco-extended-access-list-231
Easy steps-cisco-extended-access-list-231Stillward Laud Mark-Mills
 

Recomendados

Acl
AclAcl
AclRaghu Kiran
 
Access Control List & its Types
Access Control List & its TypesAccess Control List & its Types
Access Control List & its TypesNetwax Lab
 
Access control list [1]
Access control list [1]Access control list [1]
Access control list [1]Summit Bisht
 
Types of ACLs
Types of ACLsTypes of ACLs
Types of ACLsNetProtocol Xpert
 
Standard & Extended ACL Configuration
Standard & Extended ACL ConfigurationStandard & Extended ACL Configuration
Standard & Extended ACL ConfigurationMdAlAmin187
 
Guide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgGuide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgEric Vanderburg
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccnarobertoxe
 
Easy steps-cisco-extended-access-list-231
Easy steps-cisco-extended-access-list-231Easy steps-cisco-extended-access-list-231
Easy steps-cisco-extended-access-list-231Stillward Laud Mark-Mills
 
Chapter 10
Chapter 10Chapter 10
Chapter 10guest35417d
 
Router security-configuration-guide-executive-summary
Router security-configuration-guide-executive-summaryRouter security-configuration-guide-executive-summary
Router security-configuration-guide-executive-summarymoonmanik
 
Firewall
FirewallFirewall
FirewallMuuluu
 
Access list-cheatsheet
Access list-cheatsheetAccess list-cheatsheet
Access list-cheatsheetvannastart
 
TCP/IP
TCP/IPTCP/IP
TCP/IPRehan ali
 
Chapter 08 - Acl
Chapter 08 - AclChapter 08 - Acl
Chapter 08 - Aclphanleson
 
Switch security
Switch securitySwitch security
Switch securitynullowaspmumbai
 
Free OpManager training_Part 1- Discovery & classification
Free OpManager training_Part 1- Discovery & classificationFree OpManager training_Part 1- Discovery & classification
Free OpManager training_Part 1- Discovery & classificationManageEngine, Zoho Corporation
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)ISMT College
 
Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWallwebhostingguy
 
IP Security
IP SecurityIP Security
IP SecurityDr.Florence Dayana
 
IP Tables And Filtering
IP Tables And FilteringIP Tables And Filtering
IP Tables And FilteringSuperstarRr
 
Palo Alto Virtual firewall deployment guide on OpenStack Cloud
Palo Alto Virtual firewall deployment guide on OpenStack Cloud Palo Alto Virtual firewall deployment guide on OpenStack Cloud
Palo Alto Virtual firewall deployment guide on OpenStack Cloud Ajeet Singh
 
Switching and Port Security
Switching and Port Security Switching and Port Security
Switching and Port Securityusman19
 
5.programmable interval timer 8253
5.programmable interval timer 82535.programmable interval timer 8253
5.programmable interval timer 8253MdFazleRabbi18
 
Access List in Networks
Access List in NetworksAccess List in Networks
Access List in Networkswolverinetyagi
 
Monitoring network performance- Part 3_Free OpManager training
Monitoring network performance- Part 3_Free OpManager training Monitoring network performance- Part 3_Free OpManager training
Monitoring network performance- Part 3_Free OpManager training ManageEngine, Zoho Corporation
 
VLAN
VLANVLAN
VLANISMT College
 
Ccna PPT2
Ccna PPT2Ccna PPT2
Ccna PPT2AIRTEL
 
Hector 02
Hector 02Hector 02
Hector 02Hectormatiasdel
 
Derecho yenny
Derecho yennyDerecho yenny
Derecho yennyYennyAntonio26
 
CID 22234
CID 22234CID 22234
CID 22234Natalia Tobon
 

Mais conteúdo relacionado

Mais procurados

Router security-configuration-guide-executive-summary
Router security-configuration-guide-executive-summaryRouter security-configuration-guide-executive-summary
Router security-configuration-guide-executive-summarymoonmanik
 
Firewall
FirewallFirewall
FirewallMuuluu
 
Access list-cheatsheet
Access list-cheatsheetAccess list-cheatsheet
Access list-cheatsheetvannastart
 
Chapter 08 - Acl
Chapter 08 - AclChapter 08 - Acl
Chapter 08 - Aclphanleson
 
Free OpManager training_Part 1- Discovery & classification
Free OpManager training_Part 1- Discovery & classificationFree OpManager training_Part 1- Discovery & classification
Free OpManager training_Part 1- Discovery & classificationManageEngine, Zoho Corporation
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)ISMT College
 
Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWallwebhostingguy
 
IP Tables And Filtering
IP Tables And FilteringIP Tables And Filtering
IP Tables And FilteringSuperstarRr
 
Palo Alto Virtual firewall deployment guide on OpenStack Cloud
Palo Alto Virtual firewall deployment guide on OpenStack Cloud Palo Alto Virtual firewall deployment guide on OpenStack Cloud
Palo Alto Virtual firewall deployment guide on OpenStack Cloud Ajeet Singh
 
Switching and Port Security
Switching and Port Security Switching and Port Security
Switching and Port Securityusman19
 
5.programmable interval timer 8253
5.programmable interval timer 82535.programmable interval timer 8253
5.programmable interval timer 8253MdFazleRabbi18
 
Access List in Networks
Access List in NetworksAccess List in Networks
Access List in Networkswolverinetyagi
 
Monitoring network performance- Part 3_Free OpManager training
Monitoring network performance- Part 3_Free OpManager training Monitoring network performance- Part 3_Free OpManager training
Monitoring network performance- Part 3_Free OpManager training ManageEngine, Zoho Corporation
 
Ccna PPT2
Ccna PPT2Ccna PPT2
Ccna PPT2AIRTEL
 

Mais procurados (19)

Chapter 10
Chapter 10Chapter 10
Chapter 10
 
Router security-configuration-guide-executive-summary
Router security-configuration-guide-executive-summaryRouter security-configuration-guide-executive-summary
Router security-configuration-guide-executive-summary
 
Firewall
FirewallFirewall
Firewall
 
Access list-cheatsheet
Access list-cheatsheetAccess list-cheatsheet
Access list-cheatsheet
 
TCP/IP
TCP/IPTCP/IP
TCP/IP
 
Chapter 08 - Acl
Chapter 08 - AclChapter 08 - Acl
Chapter 08 - Acl
 
Switch security
Switch securitySwitch security
Switch security
 
Free OpManager training_Part 1- Discovery & classification
Free OpManager training_Part 1- Discovery & classificationFree OpManager training_Part 1- Discovery & classification
Free OpManager training_Part 1- Discovery & classification
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)
 
Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWall
 
IP Security
IP SecurityIP Security
IP Security
 
IP Tables And Filtering
IP Tables And FilteringIP Tables And Filtering
IP Tables And Filtering
 
Palo Alto Virtual firewall deployment guide on OpenStack Cloud
Palo Alto Virtual firewall deployment guide on OpenStack Cloud Palo Alto Virtual firewall deployment guide on OpenStack Cloud
Palo Alto Virtual firewall deployment guide on OpenStack Cloud
 
Switching and Port Security
Switching and Port Security Switching and Port Security
Switching and Port Security
 
5.programmable interval timer 8253
5.programmable interval timer 82535.programmable interval timer 8253
5.programmable interval timer 8253
 
Access List in Networks
Access List in NetworksAccess List in Networks
Access List in Networks
 
Monitoring network performance- Part 3_Free OpManager training
Monitoring network performance- Part 3_Free OpManager training Monitoring network performance- Part 3_Free OpManager training
Monitoring network performance- Part 3_Free OpManager training
 
VLAN
VLANVLAN
VLAN
 
Ccna PPT2
Ccna PPT2Ccna PPT2
Ccna PPT2
 

Destaque

Destaque (6)

Hector 02
Hector 02Hector 02
Hector 02
 
Derecho yenny
Derecho yennyDerecho yenny
Derecho yenny
 
CID 22234
CID 22234CID 22234
CID 22234
 
Simple presentslideshare
Simple presentslideshareSimple presentslideshare
Simple presentslideshare
 
Mi presentación
Mi presentaciónMi presentación
Mi presentación
 
Ptsd
PtsdPtsd
Ptsd
 

Semelhante a Anilnet

access control list(ACL) from data communication and networking
access control list(ACL) from data communication and networkingaccess control list(ACL) from data communication and networking
access control list(ACL) from data communication and networkingtayybahaseeb18
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Shu Shin
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Shu Shin
 
CNIT 123: Ch 13: Network Protection Systems
CNIT 123: Ch 13: Network Protection SystemsCNIT 123: Ch 13: Network Protection Systems
CNIT 123: Ch 13: Network Protection SystemsSam Bowne
 
Basic ip traffic management with access control lists
Basic ip traffic management with access control listsBasic ip traffic management with access control lists
Basic ip traffic management with access control listsSourabh Badve
 
Ch 13: Network Protection Systems
Ch 13: Network Protection SystemsCh 13: Network Protection Systems
Ch 13: Network Protection SystemsSam Bowne
 
distribution layer
distribution layerdistribution layer
distribution layererick chuwa
 
Cryptography Project by Aelsayed & Kyasser.pdf
Cryptography Project by Aelsayed & Kyasser.pdfCryptography Project by Aelsayed & Kyasser.pdf
Cryptography Project by Aelsayed & Kyasser.pdfahmeddeath6
 
5 ip security aaa and acl
5 ip security aaa and acl5 ip security aaa and acl
5 ip security aaa and aclSagarR24
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data planeNetProtocol Xpert
 

Semelhante a Anilnet (20)

CCNA Access Lists
CCNA Access ListsCCNA Access Lists
CCNA Access Lists
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccna
 
Acl
AclAcl
Acl
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccna
 
Ip Access Lists
Ip Access ListsIp Access Lists
Ip Access Lists
 
Chapter 10
Chapter 10Chapter 10
Chapter 10
 
CCNA part 7 acl
CCNA part 7 aclCCNA part 7 acl
CCNA part 7 acl
 
20 access lists[1]
20 access lists[1]20 access lists[1]
20 access lists[1]
 
access control list(ACL) from data communication and networking
access control list(ACL) from data communication and networkingaccess control list(ACL) from data communication and networking
access control list(ACL) from data communication and networking
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
 
CNIT 123: Ch 13: Network Protection Systems
CNIT 123: Ch 13: Network Protection SystemsCNIT 123: Ch 13: Network Protection Systems
CNIT 123: Ch 13: Network Protection Systems
 
Basic ip traffic management with access control lists
Basic ip traffic management with access control listsBasic ip traffic management with access control lists
Basic ip traffic management with access control lists
 
Ch 13: Network Protection Systems
Ch 13: Network Protection SystemsCh 13: Network Protection Systems
Ch 13: Network Protection Systems
 
distribution layer
distribution layerdistribution layer
distribution layer
 
Cryptography Project by Aelsayed & Kyasser.pdf
Cryptography Project by Aelsayed & Kyasser.pdfCryptography Project by Aelsayed & Kyasser.pdf
Cryptography Project by Aelsayed & Kyasser.pdf
 
Network security
Network securityNetwork security
Network security
 
5 ip security aaa and acl
5 ip security aaa and acl5 ip security aaa and acl
5 ip security aaa and acl
 
CCNA
CCNACCNA
CCNA
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data plane
 

Último

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 

Último (20)

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

Anilnet

  • 1.  Name access list Submitted To, Mr. Parvesh Mor Submitted by, Anil Sharma Reg: 11107936 Permit or deny statements that filter traffic based on the source address,    destination address, protocol type, and port number of a packet Available for IP, IPX, AppleTalk, Introduction: An access list is essentially a list of conditions that categorize packets. They can be really helpful when you need to exercise control over network traffic. An access list would be your tool of choice for decision making in these situation. One of the most common and easiest to understand uses of access list is filtering unwanted packet when implementing security policies. For example, you can set them up to make very specific decisions about regulating traffic pattern so that they will allow only certain host to access web resources on the internet while restricting others. With the right combination of access list, network managers arm themselves with the power to enforce any security any policy they can invent. Some important points under access list • Powerful tools that control access both to and from network segments • Can be used to implement security • Powerful tools that control access both to and from network segments • Can filter unwanted packets • Can be used to implement security Access List Usage: • You can create a standard access list that examines a packet for the packet’s source header information • deny any statement Can filter unwanted packets • and many other protocols – Implicitly blocks all packets that do not meet the requirements of the access list
  • 2. – • With careful planning, you can create access lists that control which traffic crosses particular links And which segments of your network will have access to others Problems with Access Lists: • • Lack of planning is one of the most common problems associated with access lists The need to enter the list sequentially into the router also presents problems – – • Exists even though it is not shown as part of the access list You cannot move individual statements once they are entered When making changes, you must remove the list, using the no access-list [list number] command, and then retype the commands Access lists begin working the second they are applied to an interface Access List Rules: • Example of the structure of a standard IP access list: RouterA(config)#access-list 1 deny 172.22.5.2 0.0.0.0 RouterA(config)#access-list 1 deny 172.22.5.3 0.0.0.0 RouterA(config)# access-list 1 permit any • Router applies each line in the order in which you type it into the access list • The no access-list [list #] command is used to remove an access list • As a general rule, the lines with the most potential matches should be first in the list
  • 3. – So that packets will not undergo unnecessary processing inbound or outbound traffic filters – Only one list, per protocol, per direction can be applied to an interface – Access lists are effective as soon as they are applied Standard IP Access Lists: • Standard IP access lists • You should avoid unnecessarily long access lists – Filter network traffic based on the source IP address only • After you create access lists, you must apply them to interfaces so they can begin filtering traffic – Using a standard IP access list, you can filter traffic by a host IP, subnet, or a network address – • You apply a list as either an outgoing or an incoming filter • – In summary, all access lists follow these rules: – Routers apply lists sequentially in the order in which you type them into the router – Routers apply lists to packets sequentially, from the top down, one line at a time – Packets are processed only until a match is made – Lists always end with an implicit deny – Access lists must be applied to an interface as either Configure standard IP access lists: • access-list [list #] [permit|deny] [source address] [source wildcard mask] Routers use wildcards to determine which bits in an address will be significant Wildcard mask example:
  • 4. Wildcard masking matching a single host: example • Standard Examples: • IP Access List If you decide that an access list needs to be removed from an interface – You can remove it with the no ip access-group [list #] command Standard IP access lists permit or deny packets based only on the source address – Addresses can be a single host address, a subnet address, or a full network address • • • • • Correct placement of a list is imperative To view the access lists defined on your router, use the show access-lists command – For IP access lists you could also use the show ip accesslists command Application of the list as an outbound filter on FastEthernet0/0 – See Figure 10-15 Use the show access-lists or show ip access-lists command followed by the show ip interface command – To verify that the list has been entered and applied correctly
  • 5. Monitoring Lists: • Standard IP Access – Three main commands are available for monitoring access lists on your router – show access-lists – show ip access-lists – show interfaces or show ip interface • Use the no ip accessgroup [list #][direction] command to remove the application of the list Using Named Lists: • Extended IP Access Lists: • Extended IP access lists – – Can filter by source IP address, destination IP address, protocol type, and application port number This granularity allows you to design extended IP access lists that: • • • Permit or deny a single type of IP protocol Filter by a particular port of a particular protocol To configure extended IP access lists, you must create the list and then apply it to an interface using the following syntax Named access lists – Use the no access-list [list #] command to remove the list • access-list [list #] [permit|deny] [protocol] [source IP address] [source wildcard mask] [operator] [port] [destination IP address] [destination wildcard mask] [operator] [port] [log] • In Cisco IOS versions 11.2 and above, names instead of numbers can be used to identify lists To name a standard IP access list, use the following syntax: RouterC(config)#ip standard [name] • access-list To name an extended IP access list, use the following syntax: RouterC(config)#ip extended [name] access-list • Once the list is named, the permit or deny statement is entered • The commands follow the same syntax as unnamed lists – • The beginning part of the command is not included To apply a standard IP named list to an interface, the syntax is: RouterC(config-if)#ip access-group [name] [in | out]
  • 6. Advantages: – – – – RouterA(config-line)#access-class Allows you to maintain security by using an easily identifiable access list Removes the limit of 100 lists per filter type With named access lists lines can be selectively deleted in the ACL Named ACLs provide greater flexibility to network administrators who work in environments where large numbers of ACLs are needed 12 in • RouterA(config)#access-list permit 192.168.12.0 0.0.0.255 RouterA(config-line)#access-class 13 in Using Security Device Manager to Create Access Control Lists: • Using the SDM, an administrator can accomplish all the tasks that formerly required use of the CLI interface • SDM allows you to easily create a standard or an extended access list or, as it is known in the SDM, an Access Control List (ACL) Access lists are used for both traffic flow and security • One useful security feature of access lists is restricting access to telnet on your router – • By controlling VTY line access You must first create a standard IP access list that permits the management workstation RouterA(config)#access-list permit 192.168.12.12 0.0.0.0 12 • Then, it must be applied to the VTY lines access-class [acl #] in | out • To apply access list 12 to the VTY lines, use the following command: RouterA(config)#line vty 0 4 13 RouterA(config)#line vty 0 4 Controlling VTY Line Access: • The commands to restrict access to the VTY lines to network 192.168.12.0/24 only are:
  • 7. Router1: E0:- 10.0.0.1 E1:-11.0.0.1 Router2: E0:-11.0.0.2 E1:12.0.0.1 Router3: E0:- 12.0.0.2 E1:-13.0.0.1 Router 4: E0:- 13.0.0.2 E1:-14.0.0.1 Router 5: Router 6: E0/0:E0:-15.0.0.2 14.0.0.2 E1:-16.0.0.2 E0/1:-14.0.0.1 E0/2:-16.0.0.1 Router 7: E0:-17.0.0.1 E1:-18.0.0.1 Topology: Router 8 :E0:-18.0.0.2 E1:-19.0.0.1 Pc1 E0:- 10.0.0.2 Pc2: E0:-10.0.0.3 Pc3: E0:-15.0.0.2 Pc4: E0:-19.0.0.2 Pc5: E0:-19.0.0.3 Switch1 F/E SWITCH2 0/1 F/E0/1 15.0.0.2
  • 8. 10.0.0.4 SWITCH3 FE/E0/1 19.0.0.4 Reference:     http://en.wikipedia.org/wiki/Access_c ontrol_list Book – CCNA(Todd Lammle) http://www.cisco.com/en/US/product s/sw/secursw/ps1018/products_tech _note09186a00800a5b9a.shtml http://www.cisco.com/en/US/docs/ro uters/asr9000/software/asr9k_r4.2/a ddr_serv/command/reference/b_ipad dr_cr42asr9k_chapter_01.html