ACL

Dynamic ACLs
Lock-and-key is a traffic-filtering security feature that uses dynamic ACLs, which are some-
times called lock-and-key ACLs, are available for IP traffic only. Dynamic ACLs are dependent on
Telnet connectivity, authentication (local or remote), and extended ACLs.Users who want to
traverse the router are blocked by the extended ACL
until they use Telnet to connect to the router and are authenticated. The Telnet connection is
then dropped, and a single-entry dynamic ACL is added to the existing extended ACL. This
permits traffic for a particular period; idle and absolute timeouts are possible.
Benefits of Dynamic ACLs
Dynamic ACLs have the following security benefits over standard and static extended
ACLs: Use of a challenge mechanism to authenticate individual users
Simplified management in large internetworks In many cases, a reduction in the amount of
router processing that is required for ACLs Less opportunity for hackers to break into the
network Creation of dynamic user access through a firewall, without compromising other
configured security restrictions

TIME BASED ACL

are similar to extended in function but allow access control based on time, you create a time
range. Benefits are example more control for administrator to control loging messages or
denying access to resources.

R3(config)# access-list 101 permit any host 10.2.2.2 eq telnet

R3(config)# access-list 101 dynamic router-telnet timeout 15 permit ip
192.168.10.0 0.0.0.255 192.168.30.0 0.0.0.255

R3(config)# interface S 0/0/1

R3(config-if)# ip access-group 101 in

Reflexive ACLs
Reflexive ACLs allow IP packets to be filtered based on upper-layer session information. They
generally are used to allow outbound traffic and to limit inbound traffic in response to sessions
that originate inside the router. This gives you greater control over what traffic you allow into
your network and increases the capabilities of extended access lists.

Standard Access Lists

Prevent only the PC from accessing the network where S2 is located. Allow access
everywhere else.
R2#configure terminal
R2(config)#access-list 1 deny host 10.1.0.5
R2(config)#access-list 1 permit any
R2(config)#interface fastEthernet 0/0
R2(config)#ip access-group 1 out

Configure standard named ACLs on the R1 and R3 VTY lines, permitting hosts
connected directly to their FastEthernet subnets to gain Telnet access. Deny and log
all other connection attempts. Document your testing procedures.
ip access-list standard VTY_LOCAL
permit 10.1.1.0 0.0.0.255
deny any log
line vty 0 4
access-class VTY_LOCAL in

Extended Access Lists

Prevent pings to the FastEthernet interface 0/0 on R3 from the PC.
R1#configure terminal
R1(config)#access-list 100 deny icmp host 10.1.0.5 host 5.1.1.1 echo
R1(config)#access-list 100 permit ip any any
R1(config)#interface fastethernet 0/0
R1(config-if)#ip access-group 100 in
R1(config-if)#^Z

Named Access Lists

Prevent the PC’s subnet from reaching the web management page on R2. Allow
all other traffic.
R1#configure terminal
R1(config)#ip access-list extended NOWEB
R1(config-ext-nacl)#deny tcp any 10.2.0.1 0.0.0.0 eq 80
R1(config-ext-nacl)#permit ip any any
R1(config-ext-nacl)#interface fastethernet 0/0
R1(config-if)#ip access-group NOWEB in
R1(config-if)#^Z

NETWORK BASELINE
Network baselining is the act of measuring and rating the performance of a network in real-
time situations. Providing a network baseline requires testing and reporting of the physical
connectivity, normal network utilization, protocol usage, peak network utilization, and average
throughput of the network usage. Such in-depth network analysis is required to identify
problems with speed and accessibility, and to find vulnerabilities and other problems within the
network. Once a network baseline has been established, this information is then used by
companies and organizations to determine both present and future network upgrade needs as
well as assist in making changes to ensure their current network is optimized for peak
performance.

Steps for Establishing a Network Baseline:

Step 1. Determine what types of data to collect.
Step 2. Identify devices and ports of interest.
Step 3. Determine the baseline duration.

Establishing a network performance baseline requires collecting key performance data from
the ports and devices that are essential to network operation. This information helps deter-
mine the network’s “personality” and provides answers to the following questions:
How does the network perform during a normal or average day?
Where are the underutilized and overutilized areas?
If errors are discovered, where are the most errors occurring?
What alert thresholds should be set for the devices that need to be monitored?
Can the network deliver the service identified in the Network Policy document?

Troubleshooting Methods
The three main methods of troubleshooting networks are
Bottom-up
Top-down
Divide-and-conquer

Bottom-up
start with the physical components of the network and
move up through the layers of the OSI model until the cause of the problem is identified. is a
good approach to use when the problem is suspected to be a physical one. The disadvantage of
bottom-up troubleshooting is that it requires you to check every device and interface on the
network until you find the possible cause of the problem.

Top-down
start with the end-user applications and move down through the layers of the OSI model until
the cause of the problem has been ideified. Use it when you think the problem is with a
software application. The disadvantage of the top-down approach is that it requires you to
check every network application until you find the possible cause of the problem.

Divide-and-Conquer
you select a layer and test in both directions from the starting layer, start by collecting users’
experiences with the problem and document the symptoms. Then, using that information, you
decide at which OSI layer to start your investigation.

Gathering Symptoms
Step 1. Analyze existing symptoms: Analyze symptoms gathered from the trouble tick-
et, users, or end systems affected by the problem to form a definition of the
problem.
Step 2. Determine ownership: If the problem is within your system, you can move on
to the next stage. If the problem is outside the boundary of your control, such as
lost Internet connectivity outside the autonomous system, you need to contact an
administrator for the external system before gathering additional network symptoms.
Step 3. Narrow the scope: Isolate the geographic area involved, and determine if the
problem is at the network’s core, distribution, or access layer. After you’ve iden-
tified the problem, analyze the existing symptoms, and use your knowledge of
the network topology to determine which devices are probably involved.
Step 4. Gather symptoms from suspect devices: Using a layered troubleshooting
approach, gather hardware and software symptoms from the suspect devices.
Start with the most likely possibility, and use knowledge and experience to deter-
mine if the problem is more likely a hardware or software configuration problem.
Step 5. Document symptoms: Sometimes the problem can be solved using the docu-
mented symptoms. If not, begin the isolating phase of the general troubleshooting
process.

Useful Troubleshooting Commands

ping
traceroute
{destination} Identifies the path a packet takes through the networks. The destination
variable is the hostname or IP address of the target system1 to 3
telnet
show ip int brief
sh ip route
sh protocols

SECURITY

Many attackers use this seven-step process :

1. Perform footprint analysis
2. Enumerate information. (monitor network, finding informations like ftpservers and mails,
3. Manipulate users to gain access.
4.Escalate privileges. After attackers gain basic access, they use their skills to
increase their network privileges
5. Gather additional passwords and secrets. With improved access privileges,
attackers use their talents to gain access to well-guarded, sensitive information.
6. Install back doors. Back doors give the attacker a way to enter the system with-
out being detected. The most common back door is an open listening TCP or
UDP port.
7. Leverage the compromised system. After a system is compromised, an attacker
uses it to stage attacks on other hosts in the network.

Types of Computer Crime

Insider abuse of network access
Viruses
Mobile device theft
Phishing, in which an organization is fraudulently represented as the sender
Instant-messaging (IM) misuse
Denial of service
Unauthorized access to information
Abuse of a wireless network
System penetration
Financial fraud
Teleworking (or telecommuting) is when an employee performs his or her job away from a
traditional workplace, usually from a home office

three remote-connection technologies available to organizations to support

teleworker services:
Traditional private WAN Layer 2 technologies, including Frame Relay, ATM, and
leased lines, provide many remote-connection solutions. The security of these connec-
tions depends on the service provider.
IPsec Virtual Private Networks (VPN) offer flexible and scalable connectivity.
Site-to-site connections can provide a secure, fast, and reliable remote connection to
teleworkers. This is the most common option for teleworkers, combined with remote
access over broadband, to establish a secure VPN over the public Internet. (A less reli-
able means of connectivity using the Internet is a dialup connection.)

telecommuting requires the following components:

Teleworker and home office components: The required home office components are a
laptop or desktop computer, broadband access (cable or DSL), and a VPN router or
VPN client software installed on the computer. Additional components might include a
wireless access point. When traveling, teleworkers need an Internet connection and a
VPN client to connect to the corporate network over any available dialup, network, or
broadband connection.
Headquarters and corporate components: Corporate components are VPN-capable
routers, VPN concentrators, multifunction security appliances, authentication, and cen-
tral management devices for resilient aggregation and termination of the VPN connec-
tions.
Dialup access is an inexpensive option With speeds up to 56 kbps

DSL typically is more expensive than dialup but provides a faster connection. DSL also
uses telephone lines, but unlike dialup access, DSL provides a continuous connection
to the Internet. DSL uses a special high-speed modem that separates the DSL signal
from the telephone signal and provides an Ethernet connection to a host computer or
LAN.
DSL provides high-speed broadband access at speeds of 200 kbps and higher. Upload
and download speeds vary according to the user’s distance from the central office.

Cable modem service usually is offered by cable television service providers. The
Internet signal is carried on the same coaxial cable that delivers cable television. A spe-
cial cable modem separates the Internet signal from the other signals carried on the
cable and provides an Ethernet connection to a host computer or LAN.
Cable is similar to DSL in that it provides broadband access at speeds of 200 kbps and
higher.

Satellite Internet access is offered by satellite service providers. The computer con-
nects through Ethernet to a satellite modem that transmits radio signals to the nearest
point of presence (POP) within the satellite network.
Satellite Internet access speeds range from 128 kbps to 512 kbps, depending on the
subscriber plan.

Types of Broadband Wireless

Municipal Wi-Fi
WiMAX
Satellite Internet