...Set Up Access Control List for a Router Author Note This paper is being submitted on August 24, 2013, for N235/CET2629 Section 02 Cisco Networking Fundamentals and Routing course. Set Up Access Control List for a Router This configuration allows the IP packets with an IP header that has a source address in the network 182.64.0.0 and a destination address in the network 182.62.0.0 access to Network A. There is the implicit deny all clause at the end of the ACL which denies all other traffic passage through Ethernet 0 inbound on R1. Hostname R1 ! Interface Ethernet 0 IP access-group 101 in ! Access-list 101 permit IP 182.62.0.0 0.0.255.255 182.64.0.0 0.0.255.255 Hostname R1 ! Interface Ethernet 0 IP access-group 101 in ! Access-list 101 permit IP 182.62.0.0 0.0.255.255 182.64.0.0 0.0.255.255 In the command access-list 101 permit IP 182.62.0.0 0.0.255.255 182.64.0.0 0.0.255.255, the "0.0.255.255" is the inverse mask of network 182.62.0.0 with mask 255.255.0.0. ACLs use the inverse mask to know how many bits in the network address need to match. In the table, the ACL permits all hosts with source addresses in the 182.62.0.0 network and destination addresses in the 182.64.0.0 network. Deny Telnet Traffic (TCP, Port 23) Hostname R1 ! Interface ethernet0 IP access group 102 in ! Access-list 102 deny tcp any any eq 23 Access-list 102 permit IP any any Hostname R1 ! Interface ethernet0 IP access group 102 in ! Access-list...
Words: 527 - Pages: 3
...ACL Standard Extended Any Access 0.0.0.0 Lists permit deny Workbook Version 1.0 Instructor’s Edition access-group Wildcard Mask access-list Access-List Numbers IP Standard IP Extended Ethernet Type Code Ethernet Address DECnet and Extended DECnet XNS Extended XNS Appletalk 48-bit MAC Addresses IPX Standard IPX Extended IPX SAP (service advertisement protocol) IPX SAP SPX Extended 48-bit MAC Addresses IPX NLSP IP Standard, expanded range IP Extended, expanded range SS7 (voice) Standard Vines Extended Vines Simple Vines Transparent bridging (protocol type) Transparent bridging (vender type) Extended Transparent bridging Source-route bridging (protocol type) Source-route bridging (vender type) 1 100 200 700 300 400 500 600 700 800 900 1000 1000 1100 1200 1300 2000 2700 1 101 201 200 700 1100 200 700 to to to to to to to to to to to to to to to to to to to to to to to to to to 99 199 299 799 399 499 599 699 799 899 999 1099 1099 1199 1299 1999 2699 2999 100 200 300 299 799 1199 299 799 Produced by: Robb Jones jonesr@careertech.net Frederick County Career & Technology Center Cisco Networking Academy Frederick County Public Schools Frederick, Maryland, USA Special Thanks to Melvin Baker and Jim Dorsch for taking the time to check this workbook for errors. Instructors (and anyone else for that matter) please do not post the Instructors version on public websites. When you do this your giving everyone else worldwide the answers. Yes, students look for...
Words: 13656 - Pages: 55
...Chapter 10 Concept Question 1-6 1) If an ACL is not configured on an interface, what happens to all routable traffic entering or exiting that interface? Why does this happen? Traffic entering the interface is accepted for processing, and traffic exiting the interface is forwarded. By default, all traffic is permitted on an operational interface that has no access control. 2) A packet is evaluated against the statements in an ACLs. It matches none of the statements. What happens to the packet? Why does this happen? The packet is discarded. The Cisco IOS software uses an “implicit deny” procedure for ACLs. The last statement whether expilicity configured or not, is a deny statement. Any packet that does match a statement in the ACLs is discarded. 3) What are the two major steps to implement ACLs to filter inbound and/or outbound traffic? 1) Write the ACL in global configuration 2) Apply the ACL to the correct interface An ACL written in global configuration mode has no effect until it is applied. 4) You have already configured a numbered ACL. Upon further inspection, you realize that some traffic is still being allowed through. Another statement needs to be inserted into the existion numbered ACL. Describe the steps you would go through to make the change 1) Use the show run command to display the existing numbered AcL, and then copy it into Word. 2) Add a command at the beginning of the text to first remove the old ACL. The next command is the first statement...
Words: 632 - Pages: 3
...confinguring access control lists (ACLs). Introduction A wise man once taught me how to properly configure access control lists (ACLs), which I still preach today. However, I find that after so many years of network administration being so straightforward, that many don’t follow this easy to follow and best security practice. If users and groups are not handled correctly when granting access to resources, via ACLs, disaster is just waiting to occur on your networks. Think about it this way, if you just casually give out keys to your house without keeping track of them, how will you know in a year or two who has a key to your house? The answer is you won’t. The same sort of issue occurs on your networks. If you grant the wrong permissions to the wrong objects, you are going to end up not knowing who has access to what in a year or two. The damage that can come of this to your corporate data is nearly as bad as not knowing who has a key to your house. First Things First We need to understand what I mean by Access Control List (ACL). An ACL is a list of “who” has “what” access to a resource. We also need to understand what a definition of resource in a Windows environment is. Let’s assume that we have an Active Directory domain, which will expand our definition of resource. First, a resource is anything with an ACL. I know, you are to never define one term with another that is unknown. However, in this case there is not much other option. Here is a full list of objects...
Words: 445 - Pages: 2
...I am employed, we have employees which access one file at a time. We offer any user to access the file at any time, but if a user already have the file open. He or she cannot make any changes to the file, until the primary user close the following file. This will protect the file from getting damage by other users, or other problems which may occur. When considering a system that supports 5,000 users. Suppose to only wanting to allow 4,990 of those users to be able to access one file can be accomplish in many different ways. Access control list can provide a greater control over file permissions when traditional UNIX file permissions are not enough. UNIX file protection provides read, write, and execute permissions for three user classes: owners, groups and other. An ACL provides better file security by enabling you to define file permissions for the owner, owner’s group, others, specific users, and groups. It also enables you to define default permissions for each if these categories. Another protection scheme that can be used is the universe access information applies to all users unless their name appears in the access-control list with different access permission. With this scheme you simply put the names of the remaining ten users in the access control list but with no access privileges allowed. A file system management system is essential when dealing with the issues of file access and other services in an operating system. Access is important in a business or organization...
Words: 320 - Pages: 2
...Unix File Access The Outlandish Shirt Printers is a solid company that has an organizational system that supports 5000 users. The company has a file that 10 of the users do not need to have access to. There are two ways to specify the protections scheme in Unix to ensure that 4,990 users have access to this file. This goal can be achieved by setting up access control list and groups. Outlandish Shirt Printers is also looking for a suggestion for another more effective protective scheme than the one provided by Unix. Access Control Lists and Groups The first protection scheme in Unix to allow 4,990 of the companies users access to this file is to set up an access control list. Access Control Lists allow more control over file permissions than the general Unix file permissions. Access Control Lists enable higher file security by defining file permissions for specific users, groups, owner, and owner’s group. ACL’s also give the ability to set default permissions for all of the categories. The protection provided by Unix only allows read, write, and execute permission for ower, group, or other system users (Softpanorama, 2013). To ensure that the 10 not given permissions to access file the company will create an access control list with the names of the 4,990 users that do have access to the file. Another way to establish that 4,990 users have access to the file is to set up a group. Gilman (2013) “The concept of groups in Unix is related to the permissions placed upon...
Words: 592 - Pages: 3
...File Management Protection scheme File Management Protection scheme When considering a system that supports 5,000 users, wanting to allow 4,990 of those users to be able to access one file can be accomplished in many different ways. This paper will discuss two different options on how to complete this task. One of the ways that this task could be completed is to create an access control list with the name of all 4990 users. The second option will be to put the 4,990 user in one group and set the group access accordingly. The last topic this paper will discuss will be to suggest another protection scheme that can be used more effectively for this purpose than the scheme provided by UNIX. There are two types of Access Control Lists (ACLs), ACLs and default ACLs. An access ACL is access control list for a specific file or directory. A default ACL can only be associated with a directory; if a file within the directory does not have an access ACL; it uses the rule of the default ACL for the directory. ACLs can be configured in several different ways, per the user, per group, via the effective rights mask, and for users not in the user group for the file. Access control list can provide a greater control over file permissions when traditional UNIX file permissions are not enough. UNIX file protection provides read, write, and execute permissions for three user classes: owners, groups and other. An ACL provides better file security by enabling you to define file permissions...
Words: 410 - Pages: 2
...applications, the file is the central element.” A large number of UNIX operating systems are established on file access control. Unfortunately, permissions for both read and write cannot be assigned to only a certain number of users on the access control list (ACL). Suppose a system that must support 5,000 users was needed but only 4,990 are required to access one file, this would result in need for two user groups to be created, one group with read only permissions and another group for read and write permissions. Before implementing this protection scheme, a basic knowledge of file management hierarchy is needed. UNIX operating systems are established on file access control schemes. Every user is given an exclusive user ID along with a password to access the system. The user is also part of a primary group, which are identified with a group ID (GID). Every group has different access permissions, depending on the needs of the users within the group. They can range from read, write, and execute. By defining the permissions of each group, the users within that group can only perform the permissions assigned to them. This establishes file security because a user cannot change permissions assigned to them unless they are the superuser, known as “root”. For security measures, the superuser should be a UNIX administrator because the superuser or root has access to the complete system and is not controlled by the permissions set to the users, groups, or ACLs. The superuser...
Words: 687 - Pages: 3
...website, Windows domain and user groups, file and folder organization and security. In this paper, I will explain my responsibilities in the project as well as how I configured each task. Figure 1 Figure 1 A user account is an object stored in Active Directory that represents the information that defines a user with access to the network. With this user account a user can access the domain they belong to, or the local computer. All 20 users in the company have a user is and password. In an effort to keep things simple, everyone’s last name was their department. This made it easier for me to keep track of everyone and where they belonged. (See figure 1) There are 4 departments within this company; HR, Tech, Engineering and Sales. Every department has its own folders and sub folders. Creating folders gives each department their own location to store data needed for everyday operations. Attached to every folder are NTFS permissions. NTFS permissions are used to secure resources from certain users on the network. All NTFS permissions are stored in an access control list (ACL). The ACL is a list of all the users and groups on the network that shows what access they have to certain files and folders. Figure [ 2 ] Figure [ 2 ] To assign NTFS permissions to a file or folder, you click on Start > Computer > C drive > Right click the file or folder you want to...
Words: 1234 - Pages: 5
...users connect to the IT infrastructure. 3) LAN Domain: Is a group of computers connected together or to a common medium. The User domain is what defines the people who have access to the company’s information system. This is where all the information about the user/s is stored. This domain will also enforce an Acceptable Use Policy (AUP). The AUP is what defines the access a user has to company data and what they are allowed to do with it. This is the most vulnerable link in a company’s infrastructure. The Workstation domain is where the user’s information is verified, this is also where the account for the user will be setup. SO this is where a user gets their username, password, and permissions to access applications, and data. No external/removable media will be allowed on the network. There will be antivirus software installed and regular updates will be run. This is also where you would create an ACL or Access Control List. This list defines what access a user has on the network. The LAN domain contains all data closets and physical as well as logical elements of the LAN. This domain should have strong security, being as this is the door way to the WAN, makes private information easily accessible to the outside world. User’s that have access to this should be properly screen by IT personnel. An access code should be given to each user that has...
Words: 287 - Pages: 2
...Explain how the UNIX permission system implements access control. Describe an extension of this system that permits finer control. Access Control in Unix UNIX has an implementation of access control lists for providing the features of security to its users. Every user has a right to log into the system with his/her credentials (username and password) and initiate a process which can further make system requests. Every process is assigned a unique identifying number called the process “uid”. This number can be obtained from the /etc/password file. A sample record from this file looks like below: “uid” essentially is the user id of the user who started the process. Every process may also carry an “effective uid”, which may or may not be different from its uid. Access control lists are also categorized with the use of group ids or group names. Every process has a list of groups, it is associated with. This is the basic level of authentication implemented in Unix. Since Unix understands everything as a file, it is important to see how security is ensured for files in Unix. There are 12 mode bits which are used to encode the privileges related to protection. Out of these 12 bits, first 9 bits are divided into 3 groups. Each group contains 3 bits describing the permissions related to user (u), group (g) and others (o). If a bit is set to “ON”, the corresponding privilege is enabled (r – read, w – write, x – execute). Extension of Unix security system A finer security...
Words: 440 - Pages: 2
...JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES LABORATORY MANUAL TO ACCOMPANY Security Strategies in Windows Platforms and Applications 1E REVISED 38542_FMxx.indd i 9/5/12 10:48 AM World Headquarters Jones & Bartlett Learning 5 Wall Street Burlington, MA 01803 978-443-5000 info@jblearning.com www.jblearning.com Jones & Bartlett Learning books and products are available through most bookstores and online booksellers. To contact Jones & Bartlett Learning directly, call 800-832-0034, fax 978-443-8000, or visit our website, www.jblearning.com. Substantial discounts on bulk quantities of Jones & Bartlett Learning publications are available to corporations, professional associations, and other qualified organizations. For details and specific discount information, contact the special sales department at Jones & Bartlett Learning via the above contact information or send an email to specialsales@jblearning.com. Copyright © 2013 by Jones & Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the copyright owner. The Laboratory Manual to accompany Security Strategies in Windowa Platforms and Applications is an independent publication and has not been authorized, sponsored, or otherwise...
Words: 25969 - Pages: 104
...carried out a user must have permission or authorization to access the file. A user(s) access is dependent upon the Access Control List (ACL) they are on which is a set of rules or guidelines which sets the permission level and access a user will have to network assets. UNIX systems are typically based on the file access control schema, which is designed to assign a User Identification number or User ID, which is unique to the individual user. The same goes for a group of users as well but instead of a single user the users are under the Group ID umbrella, which lists all individual users and designates their permissions within the group. A user can have a different set of access within their single user permission opposed to their group permissions. Files are typically secured within UNIX file permissions and through ACLs. Other types of files such as those with sticky bits, and files that are executable require additional special security measures to be implemented in order for users to access them. Traditional UNIX file permissions are classified by ownership using three classes of users: users, groups and others. The owner of the file can usually has the ability to assign or modify file permissions. The root account can also change a file's ownership. All of the permissions are carried out by command line input by the user who owns the file and they are in charge of giving the group access. Read, write, execute and deny. For example if a...
Words: 630 - Pages: 3
...File Management Paper There are issues that arise concerning file sharing in a multiuser system, and that is access rights and the management of simultaneous access. Access rights to a file is granted unique users whether singular or grouped. A flexible tool is provided to allow extensive file sharing among the users while providing a number of options so that certain access can be harnessed or controlled (Stallings , 2012). Although a wide range of access is being used, there is still a list of representatives with access rights that can be designated to a certain user for a unique file. One way is masking the existence of the file, leaving the user oblivious to its existence. If by chance the user gain knowledge of the files existence and owner identification, a petition to the owner can be put in place to gain additional access rights. There are ways where the user can load and execute a program with copy restrictions. Propriety programs are an example of this because they are made accessible to users with this restriction (Stallings, 2012). The only user with full access rights and the power to grant rights to others is the owner of the file created. There are also three classes of users provided said access by the owner. One- third of the class is a specific user, which are individual users who are assigned by a user id. User groups is the another class with a set of users that are not defined individually. The final class is granted to all users because the files are...
Words: 793 - Pages: 4
...zero day attack or DoS attack. Another important step when hardening is to close ports not being used. This will prevent unessential ports to be used as a back door to your data. It is very important to make sure your operating system stays up to date this is because new malware and spyware are discovered constantly and if you are not up to date your systems can get infected (Techotopia, 2009). Also it is good for the team, including the administrator to have strong passwords. Nothing that is easily guessable such as a birthday or name of spouse. It should have a deep combination of letters, numbers, symbols, lower case and upper case. Any unnecessary accounts such as guess accounts should be eliminated. Make sure you are using the Access Control List (ACLs) and file permissions, all files and directories need to be controlled from this (Techotopia, 2009). A few extra things you can do in defense of your Network and data you can set up a DMZ or Demilitarized zone this way you can put information out to the internet such as a web page and people from the outside can look at the web page but only information that you allow them to see through the DMZ can be seen. Another awesome thing is a Honeypot and this is something you can set up to trick script kiddies you put this up to trick them...
Words: 414 - Pages: 2
