HostedDB - Dedicated UNIX Servers

index_73
UNCLASSIFIED Implementing Security on Cisco Routers  Version 1.0g  UNCLASSIFIED 73   ip access-list {standard | extended} name   where    standard specifies a standard IP access list. extended specifies an extended IP access list. name is the name of the access list.  The name cannot contain spaces or punctuation and must begin with an alphabetic character. General Recommendations  Refer to the two tables in Section 3.2.2 that present common services to restrict because they can be used to gather information about an internal network or they have weaknesses that can be exploited.  The first table lists those services that should be completely blocked at the router; they should not be allowed across the router in either direction or to the router.  The second table lists those services on the internal network or on the router that should not be accessible by external clients. In each access list there must be at least one permit statement.  Otherwise, an access list with no permit statements will block all network traffic wherever it is applied. Note that an access list is applied to packets traveling in one direction only.  For any connection that requires two-way interaction (e.g., all TCP traffic, some UDP traffic) the access list will only affect approximately half the packets.  It is possible however to apply two access lists (one for each direction) for router interfaces, vty lines and routing protocols.  The diagram below shows how access lists work when applied to router interfaces, using the router East as an example. Figure 4-2: Conceptual Model for Access Lists on Interfaces East 14.1.0.0/16 14.2.6.0/24 E t h 1 14.2.6.250 Eth0 14.1.1.20 Interface Eth0 Interface Eth1 Trash Trash Inbound Access List Inbound Access List Outbound Access List Outbound Access List Routing permit permit permit permit deny deny 14.1.0.0 network 14.2.6.0 network