index_82
Router Security Configuration Guide
UNCLASSIFIED
82
UNCLASSIFIED
Version 1.0g
access-list 102 permit udp 14.2.6.0 0.0.0.255 any range 33400
34400 log
access-list 102 deny tcp any range 0 65535 any range 0 65535 log
access-list 102 deny udp any range 0 65535 any range 0 65535 log
access-list 102 deny ip any any log
!
! access-list 150 applies to remote access from specific hosts
! (14.2.6.10, 14.2.6.11 and 14.2.6.12) to the router itself
no access-list 150
access-list 150 permit tcp host 14.2.6.6 host 0.0.0.0 eq 23 log
access-list 150 permit tcp host 14.2.6.18 host 0.0.0.0 eq 23 log
access-list 150 deny ip any any log
!
snmp-server community n3t-manag3m3nt ro 75
!
line vty 0 4
access-class 150 in
password 7 123456789012345678901234
login
transport input telnet
4.3.5.
References
[1] Chapman, D. Brent and Zwicky, Elizabeth D., Building Internet Firewalls,
OReilly Associates, 1995.
This text provides valuable information on how to packet filter many of the
commonly used services, e.g., SMTP, FTP, Telnet, etc.
[2] Karrenberg, D., Moskowitz, B. and Rekhter, Y. Address Allocation for Private
Internets, RFC 1918,, February 1996.
This RFC describes the IP address allocation for private intranets. The
Internet Assigned Numbers Authority has reserved the following three blocks
of the IP address space for private intranets: 10.0.0.0 - 10.255.255.255,
172.16.0.0 - 172.31.255.255, and 192.168.0.0 - 192.168.255.255.
[3] Held, G., and Hundley, K., Cisco Access List Field Guide, McGraw-Hill, 1999.
This book offers detailed information and examples on access list syntax and
usage.
[4] Held, G., and Hundley, K., Cisco Security Architectures, McGraw-Hill, 1999
This book includes a good introduction to router security, and a good primer
on access lists