Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)
-
Upload
keiko-gill -
Category
Documents
-
view
61 -
download
0
description
Transcript of Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)
![Page 1: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/1.jpg)
1© 2004, Cisco Systems, Inc. All rights reserved.
Chapter 9
Intermediate TCP/IP/ Access Control Lists (ACLs)
![Page 2: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/2.jpg)
222© 2004, Cisco Systems, Inc. All rights reserved.
Objectives
![Page 3: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/3.jpg)
333© 2004, Cisco Systems, Inc. All rights reserved.
TCP Operation
The transport layer is responsible for the reliable transport of and regulation of data flow from source to destination.
![Page 4: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/4.jpg)
444© 2004, Cisco Systems, Inc. All rights reserved.
Synchronization or Three-Way Handshake
![Page 5: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/5.jpg)
555© 2004, Cisco Systems, Inc. All rights reserved.
Denial-of-Service Attacks
![Page 6: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/6.jpg)
666© 2004, Cisco Systems, Inc. All rights reserved.
Simple Windowing
![Page 7: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/7.jpg)
777© 2004, Cisco Systems, Inc. All rights reserved.
TCP Sequence and Acknowledgment Numbers
![Page 8: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/8.jpg)
888© 2004, Cisco Systems, Inc. All rights reserved.
Positive ACK
• Acknowledgement is a common step in the synchronization process which includes sliding windows and data sequencing.
![Page 9: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/9.jpg)
999© 2004, Cisco Systems, Inc. All rights reserved.
Protocol Graph: TCP/IP
![Page 10: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/10.jpg)
101010© 2004, Cisco Systems, Inc. All rights reserved.
UDP Segment Format
![Page 11: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/11.jpg)
111111© 2004, Cisco Systems, Inc. All rights reserved.
Port Numbers
![Page 12: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/12.jpg)
121212© 2004, Cisco Systems, Inc. All rights reserved.
Telnet Port Numbers
![Page 13: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/13.jpg)
131313© 2004, Cisco Systems, Inc. All rights reserved.
Reserved TCP and UDP Port Numbers
![Page 14: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/14.jpg)
141414© 2004, Cisco Systems, Inc. All rights reserved.
Ports for Clients
• Whenever a client connects to a service on a server, a source and destination port must be specified.
• TCP and UDP segments contain fields for source and destination ports.
![Page 15: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/15.jpg)
151515© 2004, Cisco Systems, Inc. All rights reserved.
Port Numbering and Well-Known Port Numbers
• Port numbers are divided into three different categories:
well-known ports
registered ports
dynamic or private ports
![Page 16: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/16.jpg)
161616© 2004, Cisco Systems, Inc. All rights reserved.
Port Numbers and Socket
![Page 17: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/17.jpg)
171717© 2004, Cisco Systems, Inc. All rights reserved.
Comparison of MAC addresses, IP addresses, and port numbers
• A good analogy can be made with a normal letter.
• The name on the envelope would be equivalent to a port number, the street address is the MAC, and the city and state is the IP address.
![Page 18: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/18.jpg)
181818© 2004, Cisco Systems, Inc. All rights reserved.
Summary
![Page 19: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/19.jpg)
19© 2004, Cisco Systems, Inc. All rights reserved.
Access Control Lists (ACLs)
![Page 20: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/20.jpg)
202020© 2004, Cisco Systems, Inc. All rights reserved.
Objectives
![Page 21: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/21.jpg)
212121© 2004, Cisco Systems, Inc. All rights reserved.
What are ACLs?
• ACLs are lists of conditions used to test network traffic that tries to travel across a router interface. These lists tell the router what types of packets to accept or deny.
![Page 22: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/22.jpg)
222222© 2004, Cisco Systems, Inc. All rights reserved.
How ACLs Work
![Page 23: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/23.jpg)
232323© 2004, Cisco Systems, Inc. All rights reserved.
Protocols with ACLs Specified by Numbers
![Page 24: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/24.jpg)
242424© 2004, Cisco Systems, Inc. All rights reserved.
Creating ACLs
![Page 25: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/25.jpg)
252525© 2004, Cisco Systems, Inc. All rights reserved.
The Function of a Wildcard Mask
![Page 26: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/26.jpg)
262626© 2004, Cisco Systems, Inc. All rights reserved.
Verifying ACLs
• There are many show commands that will verify the content and placement of ACLs on the router.
show ip interface
show access-lists
Show running-config
![Page 27: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/27.jpg)
272727© 2004, Cisco Systems, Inc. All rights reserved.
Standard ACLs
![Page 28: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/28.jpg)
282828© 2004, Cisco Systems, Inc. All rights reserved.
Extended ACLs
![Page 29: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/29.jpg)
292929© 2004, Cisco Systems, Inc. All rights reserved.
Named ACLs
![Page 30: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/30.jpg)
303030© 2004, Cisco Systems, Inc. All rights reserved.
Placing ACLs
• Standard ACLs should be placed close to the destination.
• Extended ACLs should be placed close to the source.
![Page 31: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/31.jpg)
313131© 2004, Cisco Systems, Inc. All rights reserved.
Firewalls
A firewall is an architectural structure that exists between the user and the outside world to protect the internal network from intruders.
![Page 32: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/32.jpg)
323232© 2004, Cisco Systems, Inc. All rights reserved.
Restricting Virtual Terminal Access
![Page 33: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/33.jpg)
333333© 2004, Cisco Systems, Inc. All rights reserved.
Summary
![Page 34: Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs)](https://reader036.fdocuments.us/reader036/viewer/2022081503/5681362c550346895d9da891/html5/thumbnails/34.jpg)
343434© 2004, Cisco Systems, Inc. All rights reserved.
Question/Answer