Wireless LANs (CO72047) Bill Buchanan, Reader, School of Computing.
|
|
- Veronica Horn
- 6 years ago
- Views:
Transcription
1 Bill Buchanan, Reader, School of Computing. W.Buchanan (1)
2 Lab setup W.Buchanan (2)
3 W.Buchanan (3) Console Server Con Cisco Aironet Port 2001 Con Cisco Aironet Port 2002 Con Cisco Aironet Port 2003
4 W.Buchanan (4)
5 W.Buchanan (5) Wireless Network APskills1 APskills2 APskills Port: Console Server Con
6 W.Buchanan (6)
7 W.Buchanan (7)
8 W.Buchanan (8) Week Date Academic Cisco Lab/Tutorial 1 26 Sep 1: Radio Wave Fundamentals 2 3 Oct 2: Wireless Fundamentals Intro to Wireless LANs Access Point Tutorial 1 (T) 3 10 Oct 3: Wireless Infrastructures IEEE and NICs Access Point Tutorial 2 (T) 4 17 Oct 4: Encryption Wireless Radio Technology Ad-hoc Networks (L) 5 24 Oct Wireless Topologies Infrastructure Networks (L) 6 31 Oct 5: Authentication Access Points Radio Configuration Settings (L) 7 7 Nov 6: Antennas Bridges Filtering (L) 8 14 Nov 7: Filtering Antennas Encryption (L) 9 21 Nov 8: GSM/3G Security Authentication/EAP (L) Nov 9: Future Technologies Applications Configuring Services (L) 11 5 Dec 10: Site Surveys/ Troubleshooting Site Survey VLANs (L) Dec 11: Location-finding Troubleshooting Proxy Mobile IP (L) Holidays 13 9 Jan Revision/Cram (Cisco Exam) Emerging Technologies Power Management (L) Jan Revision (Napier Exam) Revision/Cram Coursework/Practical (50%) Jan Napier Exam (40%) Cisco Exam (10%)
9 Coursework W.Buchanan (9)
10 Academic Professional Certification On-line test: 40% On-line test: 10% Coursework test: 50% Demonstrates analytical and synthesis skills in defining the key stages in the development of a wireless solution from its specification and design to its evaluation. Provides an in-depth understanding of the key principles involved in the operation of a wireless system. Demonstrates key practical skills in the implementation, evaluation and debugging of wireless systems. Single mark submitted Academic/Professional Certification W.Buchanan (10)
11 W.Buchanan (11) Title: Secure Wireless Network Design Objective: To design a secure wireless network. Outline: The objective of this coursework is to design a secure wireless network which meets certain objectives, and to implement a prototype of the system. Submission: PDF document submitted to Web-CT by Monday, 16 January 2005, 12pm. Assessment: A grade will be assigned for the assessment, which will be returned to the student. This grade will then be converted to a mark for the module board.
12 W.Buchanan (12) Introduction. This should define the aims of the coursework, and provide background material. [5%] Design. This section should present a possible wireless design for an organisation network which supports up to 100 simultaneous users. This design should include encryption, authentication and the required firewalling/ filtering. Further details of the security constraints will be given in the lecture [25%] Implementation. This section should provide a prototype of the proposed wireless system including sample configurations, and an explanation of their operation. [35%] Conclusions. This should outline the main conclusions of the report. [15%] Presentation/references. This relates to the layout and format of the report. Any references should be given using the Harvard referencing standard. Do not copy any material directly from a source. [20%]
13 W.Buchanan (13) Production Sales Engineering
14 W.Buchanan (14) Three main groups: Sales, Production and Engineering. Each group has 60 users in each group. The standard network card is a Cisco Aironet 350, and the access point selected is a Cisco Aironet The physical span of the network is similar to the size of the Merchiston library. The Sales and Production departments should not be able to access the Web server on any access points, but Engineering can. The Sales department should not be able to ping any of the network, while the Production department can ping for the access point, while the Engineering department can ping any part of the network. The Engineering department should be able to access SNMP information on the access point and the router, but no other device. Sales and Production should not be able to access any SNMP information.
15 W.Buchanan (15) The department servers are located at: (for the Sales department); (for the Production department); and (for the Engineering department). Access should be barred to the server which is not defined for the department. There is also a public access server at External WWW access should only be allowed for the Sales department. An server is located at It supports most of the commonly used protocols. Every user should be able to access it. The organisation has external access to a single router which has an external IP address of /24, and has at least three ports (but more can be added, as required). Users in Engineering should be allowed to log into any access points, in a secure way. Overall, the network should be fairly secure and robust, in case of failures.
16 Filtering W.Buchanan (16)
17 Filtering Application Application Application Application Transport Transport Transport Transport TCP/UDP/ ICMP Internet Internet Network Network Host A Internet Internet Network Network Intermediate system Internet Internet Network Network Host B IP/IPX MAC Example of encryption applied at the Network layer W.Buchanan (17)
18 Screening Firewalls and Proxies: Proxy - isolates local network from untrusted networks (AKA: Application gateway) Application Screening firewall: Filters for source and destination TCP ports Screen firewall: Filters for source and destination IP addresses Transport Internet Internet model Firewalls W.Buchanan (18)
19 Screening Firewalls and Proxies: Proxy - isolates local network from untrusted networks (AKA: Application gateway) Application Screening firewall: Advantages: -Simple. - Low costs Disadvantages: - Complexity of rules. - Cost of managing firewall. - Lack of user-authentication. Transport Internet Internet model Firewalls and Proxies W.Buchanan (19)
20 W.Buchanan (20) Core Proxies/ Public access servers DMZ (Demilitarized Zone) Distribution Access
21 W.Buchanan (21) Core Proxies/ Public access servers PIX PIX firewall. firewall. Defines Defines security security rules rules DMZ (Demilitarized Zone) Distribution Access
22 W.Buchanan (22) Core Proxies/ Public access servers Screening Screening firewall. firewall. Filters Filters packets, packets, based based on on source/destination source/destination IP IP addresses addresses and and TCP TCP ports ports DMZ (Demilitarized Zone) Distribution Access
23 W.Buchanan (23) Core Proxies/ Public access servers DMZ (Demilitarized Zone) VLAN1 Distribution VLAN2 Access
24 W.Buchanan (24) Core Proxies/ Public access servers DMZ (Demilitarized Zone) VLANs. VLANs. MAC MAC filtering. filtering. IP IP filtering. filtering. TCP TCP filtering. filtering. NAT. NAT. Distribution Access
25 NAT W.Buchanan (25)
26 : :4444 Outgoing data data : :5555 Outgoing data data : :4444 Incoming data data : :5555 Incoming data data PAT (Port address translation) Maps many addresses to one global address. N Network address translation W.Buchanan (26)
27 : :4444 Outgoing data data : :5555 Outgoing data data : :4444 Incoming data data N : :5555 Incoming data data IP:port (inside) IP:port (outside) Ipdest:port : : :80 NAT router remembers the source and destination IP address and ports Network address translation W.Buchanan (27)
28 : :4444 Outgoing data data : :5555 Outgoing data data : :4444 Incoming data data IP:port (inside) IP:port (outside) Ipdest:port : : : : : : : : : : : :80 N : :5555 Incoming data data New connects in the table Network address translation W.Buchanan (28)
29 : :4444 Outgoing data data : :5555 Outgoing data data : :4444 Incoming data data Nat: Hides the network addresses of the network. Bars direct contact with a host. Increased range of address. Allow easy creation of subnetworks. Network address translation N : :5555 Incoming data data W.Buchanan (29)
30 Static translation. Each public IP address translates to a private one through a static table. Good for security/logging/traceabilty. Bad, as it does not hide the internal network. a1.b1.c1.d1 a2.b2.c2.d2 N w1.x1.y1.z1 w2.x2.y2.z2 IP Masquerading (Dynamic Translation). A single public IP address is used for the whole network. The table is thus dynamic. Load Balancing Translation. With this, a request is made to a resource, such as to a WWW server, the NAT device then looks at the current loading of the systems, and forwards the request to the one which is most lightly used Private address a1.b1.c1.d1 a2.b2.c2.d2 Private address N Public address w.x.y.z w.x.y.z Public address NAT W.Buchanan (30)
31 a1.b1.c1.d1 Or a1.b1.c1.d1 Or an.bn.cn.dn NAT device selects the least used resource w.x.y.z N a1.b1.c1.d1 a1.b1.c1.d1 an.bn.cn.dn Private address Server pool Public address NAT - Load balancing W.Buchanan (31)
32 a1.b1.c1.d1 a2.b2.c2.d2 Private address N w1.x1.y1.z1 w2.x2.y2.z2 Public address NAT is good as we are isolated from the external public network, where our hosts make the initiate connections a1.b1.c1.d1 a2.b2.c2.d2 Private address N w.x.y.z Public address but what happens if we use applications which create connections in the reverse direction, such as with FTP and IRC?.. we thus need some form of backtracking of connections in the NAT device. NAT - Backtrack connections W.Buchanan (32)
33 Static NAT is poor for security, as it does not hide the network. This is because there is a one-to-one mapping. Dynamic NAT is good for security, as it hides the network. Unfortunately it has two major weaknesses: - Backtracking allows external parties to trace back a connection. - If the NAT device becomes compromised the external party can redirect traffic. Corporate WWW site a1.b1.c1.d1 N w1.x1.y1.z1 Compromised NAT table causes the connection to point to the external intruder s WWW site Backtracking External Intruder s WWW site NAT - Weaknesses. W.Buchanan (33)
34 Screening Firewall W.Buchanan (34)
35 For example the firewall may block FTP traffic going out of the network. A port on a router can be setup with ACLs to filter traffic based on the network address or the source or destination port number Router with firewall Screening Firewall W.Buchanan (35)
36 MAC address. Source IP address. The address that the data packet was sent from. Destination IP address. The address that the data packet is destined for. Source TCP port. The port that the data segment originated from. Typical ports which could be blocked are FTP (port 21), TELNET (port 23), and WWW (port 80). Destination TCP port. The port that the data segment is destined for. Protocol type. This filters for UDP or TCP traffic. ACLs W.Buchanan (36)
37 MAC address filtering W.Buchanan (37)
38 W.Buchanan (38)
39 W.Buchanan (39) Scope of MAC address filtering Defined by broadcast domain
40 W.Buchanan (40) access-list [< > < >] [deny permit] [source ac] [source mask] [dest mac] [dest mask] For example to disallow the node with the mac address of b54.d83a access to 0060.b39f.cae1: (config)# access-list 1101 deny b54.d83a b39f.cae (config)# access-list 1101 permit ffff.ffff.ffff ffff.ffff.ffff (config)# int d0 (config-if)# l2-filter bridge-group-acl (config-if)# bridge-group input-address-list D D0
41 Standard ACLs W.Buchanan (41)
42 Router# access-list access-list-value {permit deny} source source-mask Router# access-list 1 deny Router# access-list 1 deny Router# access-list 1 deny Router# access-list 1 permit ip any any Standard ACLs filter on the source IP address Router (config)# interface Ethernet0 Router (config-if)# ip address Router (config-if)# ip access-group 1 in Standard ACLs W.Buchanan (42)
43 E0 D Traffic from any address rather than can pass Match this part Router# access-list 1 deny Router# access-list 1 permit any Ignore this part Router (config)# interface D0 Router (config-if)# ip address Router (config-if)# ip access-group 1 in Standard ACLs W.Buchanan (43)
44 E ! interface E0 ip address ip access-group 1 in! access-list 1 deny access-list 1 permit any Standard ACLs are applied as near to the destination as possible, so that they do not affect any other traffic Standard ACLs W.Buchanan (44)
45 W.Buchanan (45) (config)#ip access-list standard? <1-99> Standard IP access-list number < > Standard IP access-list number (expanded range) WORD Access-list name where WORD is the name of the access-list is be defined. For example: (config)#ip access-list standard Test (config-std-nacl)#? Standard Access List configuration commands: deny Specify packets to reject exit Exit from access-list configuration mode no Negate a command or set its defaults permit Specify packets to forward and to define a standard access-list: (config-std-nacl)#deny (config-std-nacl)#permit? Hostname or A.B.C.D Address to match any Any source host host A single host address
46 W.Buchanan (46) (config-std-nacl)#permit? Hostname or A.B.C.D Address to match any Any source host host A single host address (config-std-nacl)#permit any? log Log matches against this entry <cr> (config-std-nacl)#permit any It can then be applied with: (config)#int e0 (config-if)#ip access-group? <1-199> IP access list (standard or extended) < > IP expanded access list (standard or extended) WORD Access-list name (config-if)#ip access-group Test? in inbound packets out outbound packets (config-if)#ip access-group Test in
47 Extended ACLs W.Buchanan (47)
48 Router# access-list access-list-value {permit deny} {test-conditions} Router(config)#access-list 100 deny ip host Router(config)#access-list 100 permit ip any any Router(config)#access-list 100 deny ip Router(config)#access-list 100 permit ip any any Router(config)#access-list 100 deny ip host Router(config)#access-list 100 permit ip any any Router (config)# interface Ethernet0 Router (config-if)# ip address Router (config-if)# ip access-group 100 in Extended ACLs W.Buchanan (48)
49 E0 D from (config)#access-list 100 deny ip host (config)#access-list 100 permit ip any any to Denies traffic from to the network (config)#access-list 100 deny ip (config)#access-list 100 permit ip any any Denies traffic from any host on to the network Extended ACLs W.Buchanan (49)
50 Traffic blocked to the barred site All other traffic can flow ! interface D0 ip address ip access-group 100 in! access-list 100 deny ip access-list 100 permit ip any any Extended ACLs are applied as near to the source as possible, as they are more targeted Example of an Extended ACL W.Buchanan (50)
51 An extended ACLs can also filter for TCP/UDP traffic, such as: Optional field in brackets Router(config)#access-list access-list-value { permit deny } {tcp udp igrp} source source-mask destination destination-mask {eq neq lt gt} port access-list 101 deny tcp eq any host eq telnet access-list 101 permit ip any any E No Telnet Access to E Extended ACLs filtering TCP traffic W.Buchanan (51)
52 access-list 101 permit. access-list 101 deny ip any any E0 D A closed firewall, permits some things, and denies everything else access-list 101 deny. access-list 101 permit ip any any E0 D An open firewall, denies some things, and permits everything else Open and closed firewalls W.Buchanan (52)
Prof. Bill Buchanan Room: C.63
Wireless LAN CO72047 Unit 7: Filtering Prof. Bill Buchanan Contact: w.buchanan@napier.ac.uk Room: C.63 Telephone: X2759 MSN Messenger: w_j_buchanan@hotmail.com WWW: http://www.dcs.napier.ac.uk/~bill http://buchananweb.co.uk
More informationAdvanced Security and Forensic Computing
Advanced Security and Forensic Computing Unit 2: Network Security Elements Dr Dr Bill Buchanan, Reader, School of of Computing. >Unit 2: 2: Network Security Elements Advanced Security and Forensic Computing
More information7 Filtering and Firewalling
7 Filtering and Firewalling 7.1 Introduction Security is becoming a major concern in IT, and A major concern in networking and the Internet, and wireless systems are probably more open to abuse than any
More informationAdvanced Security and Mobile Networks
WJ Buchanan. ASMN (1) Advanced Security and Mobile Networks Unit 1: Network Security Application Presentation Session Transport Network Data Link Physical OSI Application Transport Internet Internet model
More informationWireless LANs (CO72047)
W.Buchanan (1) (c) buchanan Teaching Team W.Buchanan (2) Dr WJ Buchanan, Module Leader, Reader. Group Leader, DSMA (Dist. Sys. and Mobile Agents) Dr Imed Romdhani, Lecturer. Specialist in Wireless and
More informationProf. Bill Buchanan Room: C.63
Wireless LAN CO72047 Introduction Prof. Bill Buchanan Contact: w.buchanan@napier.ac.uk Room: C.63 Telephone: X2759 MSN Messenger: w_j_buchanan@hotmail.com WWW: http://www.dcs.napier.ac.uk/~bill http://buchananweb.co.uk
More information6 Network Security Elements
6 Network Security Elements http://www.asecuritysite.com/security/information/chapter06 6.1 Objectives The key objectives of this unit are to: Provide an overview of security devices and infrastructures.
More informationWireless Filtering and Firewalling
Wireless Filtering and Firewalling Outline: The objective of this lab is demonstrate the principles of creating filtering rules on the wireless access point. At the start of the lab, the access point settings
More informationConsole Server. Con. Cisco Aironet Port Figure 1: Aironet configuration
Lab details At present C.6 has three Cisco Aironet 1200 access points, and three Linksys access points. The Cisco Aironets can be accessed through a console server using the console address and a specific
More informationConfiguring Commonly Used IP ACLs
Configuring Commonly Used IP ACLs Document ID: 26448 Contents Introduction Prerequisites Requirements Components Used Conventions Configuration Examples Allow a Select Host to Access the Network Deny a
More informationCCNA Discovery 3 Chapter 8 Reading Organizer
Name Date Chapter 8 Reading Organizer After completion of this chapter, you should be able to: Describe traffic filtering and explain how Access Control Lists (ACLs) can filter traffic at router interfaces.
More informationImplementing Traffic Filtering with ACLs
Implementing Traffic Filtering with ACLs Managing Network Device Security 2013 Cisco Systems, Inc. ICND1 3-36 How can you restrict Internet access for PC2? 2013 Cisco Systems, Inc. ICND1 3-37 ACL operation
More informationUnderstanding Access Control Lists (ACLs) Semester 2 v3.1
1 Understanding Access Control Lists (ACLs) Access Control Lists 2 Access control lists (ACLs) are lists of instructions you apply to a router's interface. These lists tell the router what kinds of packets
More informationSybex CCENT Chapter 12: Security. Instructor & Todd Lammle
Sybex CCENT 100-101 Chapter 12: Security Instructor & Todd Lammle Chapter 12 Objectives The CCENT Topics Covered in this chapter include: IP Services Describe the types, features, and applications of ACLs
More information2002, Cisco Systems, Inc. All rights reserved.
2002, Cisco Systems, Inc. All rights reserved. Configuring IP Access Lists 2002, Cisco Systems, Inc. All All rights reserved. ICND v2.0 6-2 2 Objectives Upon completing this lesson, you will be able to:
More informationObject Groups for ACLs
The feature lets you classify users, devices, or protocols into groups and apply those groups to access control lists (ACLs) to create access control policies for those groups. This feature lets you use
More informationObject Groups for ACLs
The feature lets you classify users, devices, or protocols into groups and apply those groups to access control lists (ACLs) to create access control policies for those groups. This feature lets you use
More informationObject Groups for ACLs
The feature lets you classify users, devices, or protocols into groups and apply these groups to access control lists (ACLs) to create access control policies for these groups. This feature lets you use
More informationLab - Troubleshooting Standard IPv4 ACL Configuration and Placement Topology
Lab - Troubleshooting Standard IPv4 ACL Configuration and Placement Topology 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 8 Addressing Table Objectives
More informationImplementing Firewall Technologies
Implementing Firewall Technologies Network firewalls separate protected from non-protected areas preventing unauthorized users from accessing protected network resources. Technologies used: ACLs Standard,
More informationLab - Troubleshooting ACL Configuration and Placement Topology
Topology 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 8 Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway HQ G0/1 192.168.1.1
More informationUnit 4: Firewalls (I)
Unit 4: Firewalls (I) What is a firewall? Types of firewalls Packet Filtering Statefull Application and Circuit Proxy Firewall services and limitations Writing firewall rules Example 1 Example 2 What is
More informationThis document is a tutorial related to the Router Emulator which is available at:
Introduction This document is a tutorial related to the Router Emulator which is available at: http://www.dcs.napier.ac.uk/~bill/router.html A demo is also available at: http://www.dcs.napier.ac.uk/~bill/router_demo.htm
More informationChapter 8 roadmap. Network Security
Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e-mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7 Securing
More informationCCNA Access List Questions
CCNA Access List Questions Here you will find answers to CCNA Access list questions Note: If you are not sure about how to use Access list, please read my Access list tutorial Question 1 Your boss is learning
More informationLab 6: Access Lists. Device Interface IP Address Subnet Mask Gateway/Clock Rate Fa 0/ R1
Lab 6: Access Lists Network Topology:- Device Interface IP Address Subnet Mask Gateway/Clock Rate Fa 0/0 192.168.0.1 255.255.255.0 ----- R1 Fa 0/1 192.168.10.1 255.255.255.0 ----- Se 0/0/0 10.0.0.1 255.255.255.252
More informationAppendix B Policies and Filters
Appendix B Policies and Filters NOTE: This appendix does not describe Access Control Lists (ACLs) or IPX SAP ACLs, which are additional methods for filtering packets. See Software-Based IP Access Control
More informationCSC Network Security
CSC 474 -- Security Topic 9. Firewalls CSC 474 Dr. Peng Ning 1 Outline Overview of Firewalls Filtering Firewalls Proxy Servers CSC 474 Dr. Peng Ning 2 Overview of Firewalls CSC 474 Dr. Peng Ning 3 1 Internet
More informationConfiguring IPv6 ACLs
CHAPTER 37 When the Cisco ME 3400 Ethernet Access switch is running the metro IP access image, you can filter IP Version 6 (IPv6) traffic by creating IPv6 access control lists (ACLs) and applying them
More informationFundamentals of Network Security v1.1 Scope and Sequence
Fundamentals of Network Security v1.1 Scope and Sequence Last Updated: September 9, 2003 This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document
More informationLab c Simple DMZ Extended Access Lists
Lab 11.2.3c Simple DMZ Extended Access Lists Objective In this lab, the use extended access lists to create a simple DeMilitarized Zone (DMZ) will be learned. 1-9 CCNA 2: Routers and Routing Basics v 3.0
More informationLab b Simple DMZ Extended Access Lists
Lab 11.2.3b Simple DMZ Extended Access Lists Objective In this lab, the use of extended access lists to create a simple DeMilitarized Zone (DMZ) will be learned. 1-9 CCNA 2: Routers and Routing Basics
More informationLab Configuring and Verifying Extended ACLs Topology
Topology 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 8 Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway R1 G0/1 192.168.10.1
More informationPIX/ASA : Port Redirection(Forwarding) with nat, global, static and access list Commands
PIX/ASA : Port Redirection(Forwarding) with nat, global, static and access list Commands Document ID: 63872 Introduction Prerequisites Requirements Components Used Related Products Conventions Network
More informationLab b Simple DMZ Extended Access Lists Instructor Version 2500
Lab 11.2.3b Simple DMZ Extended Access Lists Instructor Version 2500 Objective In this lab, the use of extended access lists to create a simple DeMilitarized Zone (DMZ) will be learned. 372-833 CCNA 2:
More informationChapter 4 Software-Based IP Access Control Lists (ACLs)
Chapter 4 Software-Based IP Access Control Lists (ACLs) This chapter describes software-based ACLs, which are ACLs that processed traffic in software or CPU. (This type of ACL was also referred to as flow-based
More informationApplied IT Security. System Security. Dr. Stephan Spitz 6 Firewalls & IDS. Applied IT Security, Dr.
Applied IT Security System Security Dr. Stephan Spitz Stephan.Spitz@de.gi-de.com Overview & Basics System Security Network Protocols and the Internet Operating Systems and Applications Operating System
More informationRouters use access lists to control incoming or outgoing traffic. You should know the following characteristics of an access list.
8.1. Access List Routers use access lists to control incoming or outgoing traffic. You should know the following characteristics of an access list. Access lists describe the traffic type that will be controlled.
More informationCCRI Networking Technology I CSCO-1850 Spring 2014
CCRI Networking Technology I CSCO-1850 Spring 2014 Instructor John Mowry Telephone 401-825-2138 E-mail jmowry@ccri.edu Office Hours Room 2126 Class Sections 102 Monday & Wednesday 6:00PM-9:50PM, starts
More informationActual4Test. Actual4test - actual test exam dumps-pass for IT exams
Actual4Test http://www.actual4test.com Actual4test - actual test exam dumps-pass for IT exams Exam : 200-125 Title : CCNA Cisco Certified Network Associate CCNA (v3.0) Vendor : Cisco Version : DEMO Get
More informationConfiguring IP Session Filtering (Reflexive Access Lists)
Configuring IP Session Filtering (Reflexive Access Lists) This chapter describes how to configure reflexive access lists on your router. Reflexive access lists provide the ability to filter network traffic
More informationRouter and ACL ACL Filter traffic ACL: The Three Ps One ACL per protocol One ACL per direction One ACL per interface
CCNA4 Chapter 5 * Router and ACL By default, a router does not have any ACLs configured and therefore does not filter traffic. Traffic that enters the router is routed according to the routing table. *
More informationSupport for policy-based routing applies to the Barracuda Web Security Gateway running version 6.x only.
Support for policy-based routing applies to the Barracuda Web Security Gateway running version 6.x only. Transparently Routing Web Traffic to the Barracuda Web Security Gateway This article demonstrates
More informationCourse Outline. Interconnecting Cisco Networking Devices Part 1 Lab.
Course Outline Interconnecting Cisco Networking 22 Mar 2018 Contents 1. Course Objective 2. Expert Instructor-Led Training 3. ADA Compliant & JAWS Compatible Platform 4. State of the Art Educator Tools
More informationLab Configuring and Verifying Standard IPv4 ACLs Topology
Topology 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 10 Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway R1 G0/1 192.168.10.1
More informationInformation about Network Security with ACLs
This chapter describes how to configure network security on the switch by using access control lists (ACLs), which in commands and tables are also referred to as access lists. Finding Feature Information,
More informationTeacher s Reference Manual
UNIVERSITY OF MUMBAI Teacher s Reference Manual Subject: Security in Computing Practical with effect from the academic year 2018 2019 Practical 1: Packet Tracer - Configure Cisco Routers for Syslog, NTP,
More informationAntonio Cianfrani. Access Control List (ACL) Part I
Antonio Cianfrani Access Control List (ACL) Part I Index ACL? How to configure Standard ACL Extended ACL Named ACL Limiting the vty access ACL (1/3) Control lists applied to traffic incoming in / outgoing
More informationLab Configuring and Verifying Standard IPv4 ACLs (Instructor Version Optional Lab)
(Instructor Version Optional Lab) Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only. Optional activities are designed to enhance understanding and/or
More informationTable of Contents. Cisco Configuring IP Access Lists
Table of Contents Configuring IP Access Lists...1 Introduction...1 Prerequisites...2 Requirements...2 Components Used...2 Conventions...2 ACL Concepts...2 Masks...2 ACL Summarization...3 Process ACLs...4
More informationipro-04n Security Configuration Guide
Disclaimer: The contents of these notes does not specifically relate to any release of Firmware and may change without notice Status: uncontrolled 1 Introduction...5 2 Security package...6 2.1 Basic network
More informationDOWNLOAD PDF CISCO ASA 5505 CONFIGURATION GUIDE
Chapter 1 : Cisco ASA DMZ Configuration Example â Speak Network Solutions Cisco ASA Quick Start Guide. Step 1 Connect the power supply adaptor to the power cable.. Step 2 Connect the rectangular connector
More informationAccess Control List Overview
Access lists filter network traffic by controlling the forwarding or blocking of packets at the interface of a device. A device examines each packet to determine whether to forward or drop that packet,
More informationExtended ACL Configuration Mode Commands
Extended ACL Configuration Mode Commands To create and modify extended access lists on a WAAS device for controlling access to interfaces or applications, use the ip access-list extended global configuration
More informationTestOut Routing and Switching Pro - English 6.0.x COURSE OUTLINE. Modified
TestOut Routing and Switching Pro - English 6.0.x COURSE OUTLINE Modified 2017-07-10 TestOut Routing and Switching Pro Outline- English 6.0.x Videos: 133 (15:42:34) Demonstrations: 78 (7:22:19) Simulations:
More informationHands-On TCP/IP Networking
Hands-On Course Description In this Hands-On TCP/IP course, the student will work on a live TCP/IP network, reinforcing the discussed subject material. TCP/IP is the communications protocol suite on which
More informationIPv6 Access Control Lists
Access lists determine what traffic is blocked and what traffic is forwarded at device interfaces and allow filtering of traffic based on source and destination addresses, and inbound and outbound traffic
More informationNetworking 101 By: Stefan Jagroop
Networking 101 By: Stefan Jagroop The Internet The Internet is governed by a series of protocols that form the rules for how communications should happen The Internet is a network of networks. There is
More informationLab 8: Firewalls ASA Firewall Device
Lab 8: Firewalls ASA Firewall Device 8.1 Details Aim: Rich Macfarlane 2015 The aim of this lab is to investigate a Cisco ASA Firewall Device, its default traffic flows, its stateful firewalling functionality,
More informationConfiguration Examples
CHAPTER 4 Before using this chapter, be sure that you have planned your site s security policy, as described in Chapter 1, Introduction, and configured the PIX Firewall, as described in Chapter 2, Configuring
More informationChapter 10 - Configure ASA Basic Settings and Firewall using ASDM
Chapter 10 - Configure ASA Basic Settings and Firewall using ASDM This lab has been updated for use on NETLAB+ Topology Note: ISR G1 devices use FastEthernet interfaces instead of GigabitEthernet interfaces.
More informationCase Study. Routing & Switching. Cisco Networking Academy Routing and Switching: Scaling Network Case Study
Case Study Routing & Switching Cisco Networking Academy Routing and Switching: Scaling Network Case Study Overview and Objectives This case study allows students to build and configure a complex network
More informationIT Exam Training online / Bootcamp
DumpCollection IT Exam Training online / Bootcamp http://www.dumpcollection.com PDF and Testing Engine, study and practice Exam : 210-260 Title : Implementing Cisco Network Security Vendor : Cisco Version
More informationFirewalls and NAT. Firewalls. firewall isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others.
Firews and NAT 1 Firews By conventional definition, a firew is a partition made of fireproof material designed to prevent the spread of fire from one part of a building to another. firew isolates organization
More informationNetworking By: Vince
Networking 192.168.1.101 By: Vince Disclaimer I am NOT a Networking expert you might ask questions that I don t know the answer to Networking is hard to teach but I know how to do your homeworks so that
More information"Charting the Course... Interconnecting Cisco Networking Devices Accelerated 3.0 (CCNAX) Course Summary
Description Course Summary The Cisco CCNA curriculum includes a third course, Interconnecting Cisco Networking Devices: Accelerated (CCNAX), consisting of Interconnecting Cisco Networking Devices, Part
More informationObject Groups for ACLs
Object Groups for ACLs Last Updated: January 18, 2012 The Object Groups for ACLs feature lets you classify users, devices, or protocols into groups and apply those groups to access control lists (ACLs)
More informationNAPIER UNIVERSITY SCHOOL OF COMPUTING
NAPIER UNIVERSITY SCHOOL OF COMPUTING Level III SESSION 2000/2001 Duration: 2 hours Computer Networks and Distributed Systems MODULE NO: CO32006 (MM32021) There are SIX questions in this paper Attempt
More informationConfiguring Web Cache Services By Using WCCP
CHAPTER 44 Configuring Web Cache Services By Using WCCP This chapter describes how to configure your Catalyst 3560 switch to redirect traffic to wide-area application engines (such as the Cisco Cache Engine
More informationCisco EXAM CCNA Cisco Certified Network Associate. Buy Full Product.
Cisco EXAM - 200-120 CCNA Cisco Certified Network Associate Buy Full Product http://www.examskey.com/200-120.html Examskey Cisco 200-120 exam demo product is here for you to test the quality of the product.
More informationIndicate whether the statement is true or false.
Indicate whether the statement is true or false. 1. Packet-filtering firewalls scan network data packets looking for compliance with the rules of the firewall s database or violations of those rules. 2.
More informationComputer Network Vulnerabilities
Computer Network Vulnerabilities Objectives Explain how routers are used to protect networks Describe firewall technology Describe intrusion detection systems Describe honeypots Routers Routers are like
More informationCS 326e Lab 2, Edmondson-Yurkanan, Spring 2004 Router Configuration, Routing and Access Lists
CS 326e Lab 2, Edmondson-Yurkanan, Spring 2004 Router Configuration, Routing and Access Lists Name: In this lab you will learn: PartA Cisco 2600 Router Configuration Static Routing PartB 20 min Dynamic
More informationCCNA Exploration Network Fundamentals
CCNA Exploration 4.0 1. Network Fundamentals The goal of this course is to introduce you to fundamental networking concepts and technologies. These online course materials will assist you in developing
More informationDistributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013
Distributed Systems 27. Firewalls and Virtual Private Networks Paul Krzyzanowski Rutgers University Fall 2013 November 25, 2013 2013 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive
More informationBroadcast Infrastructure Cybersecurity - Part 2
SBE Webinar Series - 2018 Broadcast Infrastructure Cybersecurity - Part 2 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services KAMU FM-TV Broadcast Infrastructure Cybersecurity
More informationHands-On Activity. Firewall Simulation. Simulated Network. Firewall Simulation 3/19/2010. On Friday, February 26, we will be meeting in
Hands-On Activity Firewall Simulation COMP620 On Friday, February 26, we will be meeting in the Graham 212 lab to participate in a firewall configuration simulation. This simulator was written by Dr. Williams
More informationICND1 v2.0 Interconnecting Cisco Networking Devices Part 1 CCENT & Part of CCNA Rout/Switch
ICND1 v2.0 Interconnecting Cisco Networking Devices Part 1 CCENT & Part of CCNA Rout/Switch Course Length: 5 days Course Delivery: Traditional Classroom Online Live Course Overview Interconnecting Cisco
More information8 VLANs. 8.1 Introduction. 8.2 vlans. Unit 8: VLANs 1
8 VLANs 8.1 Introduction Layer 2 devices, such as network switches and wireless access points can be used to create virtual LANs (vlans), which can enhanced network security as it can be used to isolate
More informationCCNA. Course Catalog
CCNA Course Catalog 2012-2013 This course is intended for the following audience: Network Administrator Network Engineer Systems Engineer CCNA Exam Candidates Cisco Certified Network Associate (CCNA 640-802)
More informationSkills Assessment Student Training Exam
Skills Assessment Student Training Exam Topology Assessment Objectives Part 1: Initialize Devices (2 points, 5 minutes) Part 2: Configure Device Basic Settings (18 points, 20 minutes) Part 3: Configure
More informationConfiguring Authentication Proxy
The Cisco IOS Firewall Authentication Proxy feature provides dynamic, per-user authentication and authorization, authenticating users against industry standard TACACS+ and RADIUS authentication protocols.
More informationMultihoming with BGP and NAT
Eliminating ISP as a single point of failure www.noction.com Table of Contents Introduction 1. R-NAT Configuration 1.1 NAT Configuration 5. ISPs Routers Configuration 3 15 7 7 5.1 ISP-A Configuration 5.2
More informationIPv4 Firewall Rule configuration on Cisco SA540 Security Appliance
IPv4 Firewall Rule configuration on Cisco SA540 Security Appliance Objective The objective of this document to explain how to configure IPv4 firewall rules on Cisco SA540 Security Appliance. Firewall provide
More informationAccess Rules. Controlling Network Access
This chapter describes how to control network access through or to the ASA using access rules. You use access rules to control network access in both routed and transparent firewall modes. In transparent
More informationIntroduction p. 1 Self-Assessment p. 9 Networking Fundamentals p. 17 Introduction p. 18 Components and Terms p. 18 Topologies p. 18 LAN Technologies
Introduction p. 1 Self-Assessment p. 9 Networking Fundamentals p. 17 Introduction p. 18 Components and Terms p. 18 Topologies p. 18 LAN Technologies p. 19 Ethernet p. 19 WAN Technologies p. 21 Dedicated
More informationCompTIA Exam JK0-023 CompTIA Network+ certification Version: 5.0 [ Total Questions: 1112 ]
s@lm@n CompTIA Exam JK0-023 CompTIA Network+ certification Version: 5.0 [ Total Questions: 1112 ] Topic break down Topic No. of Questions Topic 1: Network Architecture 183 Topic 3: Troubleshooting 140
More informationLab Configuring and Verifying Standard ACLs Topology
Topology 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 9 Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway R1 G0/1 192.168.10.1
More informationThree interface Router without NAT Cisco IOS Firewall Configuration
Three interface Router without NAT Cisco IOS Firewall Configuration Document ID: 13893 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram Configurations
More informationCisco 3: Advanced Routing & Switching
Western Technical College 10150130 Cisco 3: Advanced Routing & Switching Course Outcome Summary Course Information Description Career Cluster Instructional Level Total Credits 3.00 Total Hours 90.00 This
More informationCisco CCNA (ICND1, ICND2) Bootcamp
Cisco CCNA (ICND1, ICND2) Bootcamp Course Duration: 5 Days Course Overview This five-day course covers the essential topics of ICND1 and ICND2 in an intensive Bootcamp format. It teaches students the skills
More informationCompTIA Security+ CompTIA SY0-401 Dumps Available Here at: https://www.certification-questions.com/comptia-exam/sy0-401-dumps.html
CompTIA Security+ CompTIA SY0-401 Dumps Available Here at: /comptia-exam/sy0-401-dumps.html Enrolling now you will get access to 1776 questions in a unique set of SY0-401 dumps Question 1 Sara, the security
More informationLab Catalyst 2950 and 3550 Series Intra-VLAN Security
Lab 7.2.5.1 Catalyst 2950 and 3550 Series Intra-VLAN Security Objective Scenario Configure intra-vlan security with Access Control Lists (ACLs) using the command-line interface (CLI) mode. This lab will
More informationConfiguring Authentication Proxy
Configuring Authentication Proxy Last Updated: January 7, 2013 The Cisco IOS Firewall Authentication Proxy feature provides dynamic, per-user authentication and authorization, authenticating users against
More informationLab 1.3.2: Review of Concepts from Exploration 1 - Challenge
Lab 1.3.2: Review of Concepts from Exploration 1 - Challenge Topology Diagram Learning Objectives Upon completion of this lab, you will be able to: Create a logical topology given network requirements
More informationexam. Number: Passing Score: 800 Time Limit: 120 min CISCO Interconnecting Cisco Networking Devices Part 1 (ICND)
100-105.exam Number: 100-105 Passing Score: 800 Time Limit: 120 min CISCO 100-105 Interconnecting Cisco Networking Devices Part 1 (ICND) Exam A QUESTION 1 Which route source code represents the routing
More informationInterconnecting Cisco Networking Devices
Interconnecting Cisco Networking Devices Q&A DEMO Version Copyright (c) 2007 Chinatag LLC. All rights reserved. Important Note Please Read Carefully For demonstration purpose only, this free version Chinatag
More informationCISCO EXAM QUESTIONS & ANSWERS
CISCO 100-101 EXAM QUESTIONS & ANSWERS Number: 100-101 Passing Score: 800 Time Limit: 120 min File Version: 35.5 http://www.gratisexam.com/ CISCO 100-101 EXAM QUESTIONS & ANSWERS Exam Name: CCNA Interconnecting
More informationIntroduction to Firewalls using IPTables
Introduction to Firewalls using IPTables The goal of this lab is to implement a firewall solution using IPTables, and to write and to customize new rules to achieve security. You will need to turn in your
More informationCisco 1: Networking Fundamentals
Western Technical College 10150110 Cisco 1: Networking Fundamentals Course Outcome Summary Course Information Description Career Cluster Instructional Level Total Credits 3.00 Total Hours 90.00 This course
More information