knowt logoKnowt
0.0(0)
study
Generate Practice test
study
Chat with Kai
Explore Top Notes
5.1-5.3 Redox reactions and Oxidation and reduction
noteNote
studied byStudied by 1 person
5.0(1)
The I'm Bored Notes
noteNote
studied byStudied by 14 people
5.0(2)
Conformity
noteNote
studied byStudied by 18 people
5.0(1)
2.1 Population Distribution Notes
noteNote
studied byStudied by 32 people
4.0(1)
Exam 2 Lecture Notes
noteNote
studied byStudied by 27 people
5.0(1)
The Role of Provincial and Territorial Governments in Health Care
noteNote
studied byStudied by 5 people
5.0(1)
Home
Home
Last saved 20 days ago

WK 5 Consolidated Notes

Module 8: Access Control Lists (ACLs)Introduction to ACLs:Wildcard Masking:Configuring ACLs:Modifying and Implementing ACLs:Mitigating Attacks with ACLs:IPv6 ACLs (Optional):Module 9: Firewall TechnologiesTypes of Firewalls:Benefits and Limitations:Firewall Design in Networks:Layered Defense Strategy:Packet Flow and Firewall Configuration:

Module 8: Access Control Lists (ACLs)

Introduction to ACLs:

  • ACL Definition: ACLs are a set of rules used to control traffic flow based on packet header information, typically for filtering access to networks.

  • Packet Filtering: Can be done at Layer 3 (network layer) and Layer 4 (transport layer) to allow or block traffic based on IP addresses, protocols, and ports.

  • Types of ACLs:

    • Numbered ACLs: Range from 1-99 for standard ACLs and 100-199 for extended ACLs.

    • Named ACLs: Easier to manage and describe; recommended for most configurations.

Wildcard Masking:

  • Definition: Wildcard masks are used to define which parts of an IP address to match when filtering.

    • For example, a wildcard mask 0.0.0.255 applied to the network 192.168.3.0/24 would match the entire network except for the last octet.

  • Calculation: A wildcard mask is derived by subtracting the subnet mask from 255.255.255.255.

  • Wildcard Mask Keywords:

    • host (matches a single host)

    • any (matches any IP address).

Configuring ACLs:

  • Standard ACLs: Filter based on source IP address.

    • Command example: access-list 1 permit 192.168.1.0 0.0.0.255

  • Extended ACLs: Provide more flexibility, filtering based on source and destination IPs, protocols (TCP/UDP), ports, etc.

    • Command example: access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 80

  • Named ACLs: Created using ip access-list followed by the ACL name, allowing for easier management.

Modifying and Implementing ACLs:

  • Modify ACLs: Use sequence numbers or text editors to adjust ACL configurations. Sequence numbers can be assigned automatically when ACEs are entered, and changes can be made with specific commands like no [sequence-number].

  • Implementing ACLs: Apply ACLs to interfaces using ip access-group for incoming or outgoing traffic filtering.

Mitigating Attacks with ACLs:

  • Spoofing Protection: Prevent spoofed IP addresses from entering the network by filtering known dangerous address ranges.

  • ICMP and SNMP Mitigation: Block unnecessary ICMP messages and SNMP requests to reduce potential attack surfaces.

  • Traffic Filtering for Specific Services: Only allow necessary services (like DNS, FTP) while blocking others to limit exposure.

IPv6 ACLs (Optional):

  • IPv6 ACLs: Similar to IPv4 ACLs but with some differences. They must be named, and filtering can be done based on IPv6-specific parameters.

    • Command example: ipv6 access-list [name] permit ipv6 2001:db8::/32 any

Module 9: Firewall Technologies

Types of Firewalls:

  • Packet Filtering (Stateless) Firewalls: Perform filtering based on basic criteria like source and destination IP addresses and ports. They are generally fast but vulnerable to spoofing and cannot handle dynamic sessions.

  • Stateful Firewalls: Track the state of connections and provide more robust security by ensuring that packets belong to valid connections.

  • Application Gateway (Proxy) Firewalls: Operate at multiple layers (3-7), filtering traffic at the application layer. They provide deeper inspection of traffic but can impact network performance due to more intensive processing.

  • Next-Generation Firewalls (NGFW): Combine the capabilities of stateful firewalls with integrated intrusion prevention, application awareness, and more advanced features to address evolving threats.

Benefits and Limitations:

  • Packet Filtering Firewalls:

    • Benefits: Low cost, easy to deploy, minimal impact on performance.

    • Limitations: Susceptible to IP spoofing, stateless, cannot inspect fragmented packets.

  • Stateful Firewalls: More secure than stateless firewalls by keeping track of connections, but more resource-intensive.

Firewall Design in Networks:

  • Common Architectures:

    • Private and Public Networks: A simple design where firewalls protect the boundary between trusted (internal) and untrusted (external) networks.

    • DMZ (Demilitarized Zone): A middle ground between the internal and external networks, usually hosting services like web servers that need external access but should be isolated from the internal network.

    • Zone-Based Policy (ZPF): Allows more flexible and granular control by grouping interfaces into zones. Policies are then applied between zones to enforce security.

Layered Defense Strategy:

  • Combining Multiple Firewalls: Layers of defense (such as network core security, perimeter security, endpoint security) help address different threat vectors.

  • Firewall Best Practices:

    • Position firewalls at security boundaries to control traffic flow.

    • Deny all traffic by default, then permit only necessary services.

    • Regularly monitor firewall logs and ensure physical security of devices.

Packet Flow and Firewall Configuration:

  • Network Traffic: Observe and analyze how traffic flows through a network, and how this changes based on firewall placement.

  • Firewalls in Action: A good understanding of where to place firewalls in a network and how to configure rules for filtering traffic efficiently is essential.


knowt logoKnowt
0.0(0)
study
Chat with Kai
Explore Top Notes
5.1-5.3 Redox reactions and Oxidation and reduction
noteNote
studied byStudied by 1 person
5.0(1)
The I'm Bored Notes
noteNote
studied byStudied by 14 people
5.0(2)
Conformity
noteNote
studied byStudied by 18 people
5.0(1)
2.1 Population Distribution Notes
noteNote
studied byStudied by 32 people
4.0(1)
Exam 2 Lecture Notes
noteNote
studied byStudied by 27 people
5.0(1)
The Role of Provincial and Territorial Governments in Health Care
noteNote
studied byStudied by 5 people
5.0(1)
robot
knowt logo

WK 5 Consolidated Notes

Module 8: Access Control Lists (ACLs)

Introduction to ACLs:

  • ACL Definition: ACLs are a set of rules used to control traffic flow based on packet header information, typically for filtering access to networks.

  • Packet Filtering: Can be done at Layer 3 (network layer) and Layer 4 (transport layer) to allow or block traffic based on IP addresses, protocols, and ports.

  • Types of ACLs:

    • Numbered ACLs: Range from 1-99 for standard ACLs and 100-199 for extended ACLs.

    • Named ACLs: Easier to manage and describe; recommended for most configurations.

Wildcard Masking:

  • Definition: Wildcard masks are used to define which parts of an IP address to match when filtering.

    • For example, a wildcard mask 0.0.0.255 applied to the network 192.168.3.0/24 would match the entire network except for the last octet.

  • Calculation: A wildcard mask is derived by subtracting the subnet mask from 255.255.255.255.

  • Wildcard Mask Keywords:

    • host (matches a single host)

    • any (matches any IP address).

Configuring ACLs:

  • Standard ACLs: Filter based on source IP address.

    • Command example: access-list 1 permit 192.168.1.0 0.0.0.255

  • Extended ACLs: Provide more flexibility, filtering based on source and destination IPs, protocols (TCP/UDP), ports, etc.

    • Command example: access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 80

  • Named ACLs: Created using ip access-list followed by the ACL name, allowing for easier management.

Modifying and Implementing ACLs:

  • Modify ACLs: Use sequence numbers or text editors to adjust ACL configurations. Sequence numbers can be assigned automatically when ACEs are entered, and changes can be made with specific commands like no [sequence-number].

  • Implementing ACLs: Apply ACLs to interfaces using ip access-group for incoming or outgoing traffic filtering.

Mitigating Attacks with ACLs:

  • Spoofing Protection: Prevent spoofed IP addresses from entering the network by filtering known dangerous address ranges.

  • ICMP and SNMP Mitigation: Block unnecessary ICMP messages and SNMP requests to reduce potential attack surfaces.

  • Traffic Filtering for Specific Services: Only allow necessary services (like DNS, FTP) while blocking others to limit exposure.

IPv6 ACLs (Optional):

  • IPv6 ACLs: Similar to IPv4 ACLs but with some differences. They must be named, and filtering can be done based on IPv6-specific parameters.

    • Command example: ipv6 access-list [name] permit ipv6 2001:db8::/32 any

Module 9: Firewall Technologies

Types of Firewalls:

  • Packet Filtering (Stateless) Firewalls: Perform filtering based on basic criteria like source and destination IP addresses and ports. They are generally fast but vulnerable to spoofing and cannot handle dynamic sessions.

  • Stateful Firewalls: Track the state of connections and provide more robust security by ensuring that packets belong to valid connections.

  • Application Gateway (Proxy) Firewalls: Operate at multiple layers (3-7), filtering traffic at the application layer. They provide deeper inspection of traffic but can impact network performance due to more intensive processing.

  • Next-Generation Firewalls (NGFW): Combine the capabilities of stateful firewalls with integrated intrusion prevention, application awareness, and more advanced features to address evolving threats.

Benefits and Limitations:

  • Packet Filtering Firewalls:

    • Benefits: Low cost, easy to deploy, minimal impact on performance.

    • Limitations: Susceptible to IP spoofing, stateless, cannot inspect fragmented packets.

  • Stateful Firewalls: More secure than stateless firewalls by keeping track of connections, but more resource-intensive.

Firewall Design in Networks:

  • Common Architectures:

    • Private and Public Networks: A simple design where firewalls protect the boundary between trusted (internal) and untrusted (external) networks.

    • DMZ (Demilitarized Zone): A middle ground between the internal and external networks, usually hosting services like web servers that need external access but should be isolated from the internal network.

    • Zone-Based Policy (ZPF): Allows more flexible and granular control by grouping interfaces into zones. Policies are then applied between zones to enforce security.

Layered Defense Strategy:

  • Combining Multiple Firewalls: Layers of defense (such as network core security, perimeter security, endpoint security) help address different threat vectors.

  • Firewall Best Practices:

    • Position firewalls at security boundaries to control traffic flow.

    • Deny all traffic by default, then permit only necessary services.

    • Regularly monitor firewall logs and ensure physical security of devices.

Packet Flow and Firewall Configuration:

  • Network Traffic: Observe and analyze how traffic flows through a network, and how this changes based on firewall placement.

  • Firewalls in Action: A good understanding of where to place firewalls in a network and how to configure rules for filtering traffic efficiently is essential.