Professional Documents
Culture Documents
2
Introduction to Security
Attacks
• APPLICATION-LAYER ATTACKS
• AUTOROOTERS
• BACKDOORS
• DENIAL OF SERVICE (DOS)
AND DISTRIBUTED DENIAL OF
SERVICE (DDOS) ATTACKS
– (MANY OTHERS)
Mitigating Attacks
• Appliances
– IDS
– IPS
• STATEFUL IOS FIREWALL
INSPECTION ENGINE
• FIREWALL VOICE TRAVERSAL
• ICMP INSPECTION
• AUTHENTICATION PROXY
Access Lists
• Purpose:
– Used to permit or deny packets
moving through the router
– Permit or deny Telnet (VTY) access
to or from a router
– Create dial-on demand (DDR)
interesting traffic that triggers dialing
to a remote location
Important Rules
• Packets are compared to each line of
the assess list in sequential order
• Packets are compared with lines of
the access list only until a match is
made
– Once a match is made & acted upon no
further comparisons take place
• An implicit “deny” is at the end of
each access list
– If no matches have been made, the
packet will be discarded
Types of Access Lists
• Permit or deny?
Router(config)#access-list 10 deny ?
Hostname or A.B.C.D Address to match
any any source host
host A single host address
Router(config)#access-list ?
<1-99> IP standard access list
<100-199> IP extended access list
<1000-1099> IPX SAP access list
<1100-1199> Extended 48-bit MAC address access list
<1200-1299> IPX summary address access list
<200-299> Protocol type-code access list
<300-399> DECnet access list
<600-699> Appletalk access list
<700-799> 48-bit MAC address access list
<800-899> IPX standard access list
<900-999> IPX extended access list
Router(config)#access-list 110 ?
deny Specify packets to reject
dynamic Specify a DYNAMIC list of PERMITs or DENYs
permit Specify packets to forward
Extended IP ACLs
Router(config)#access-list 110 deny ?
<0-255> An IP protocol number
ahp Authentication Header Protocol
eigrp Cisco's EIGRP routing protocol
esp Encapsulation Security Payload
gre Cisco's GRE tunneling
icmp Internet Control Message Protocol
igmp Internet Gateway Message Protocol
igrp Cisco's IGRP routing protocol
ip Any Internet Protocol
ipinip IP in IP tunneling
nos KA9Q NOS compatible IP over IP tunneling
ospf OSPF routing protocol
pcp Payload Compression Protocol
tcp Transmission Control Protocol
udp User Datagram Protocol
28