CST3607 Class Notes 2021-11-16

News & Tools

Exam-02 Debriefing

Single Sign On & Federation

Single Sign On (SSO) allows a single authentication process (managed by a single Identity Provider, Directory Server, or other authentication mechanism) to be used across multiple systems (Service Providers) within a single organization or across multiple organizations.

Authentication vs Authorization

Network Security

Types of attacks

  • Application-layer attacks
  • Backdoors
  • DDoS Attacks
  • Network Reconnaissance

Mitigating Attacks

  • Perimeter, Stateful Firewall, and Internal Routers
  • Appliances

Access Control List (ACL)

  • An access list is a list of conditions that categorize packets.
  • Creating an access lists is like programming a series of if-then statements – if a given condition is met, then a given action is taken. If the specific condition isn’t met, nothing happens and the next statement is evaluated.
  • Access-list statements are packet filters that packets are compared against, categorized by, and acted upon.
  • Access-lists can be applied to inbound or outbound traffic on any interface.

Wildcard Mask

  • Identifies the part of the IP or network address that must match.
  • A “0” bit in the wildcard mask means the corresponding part/octet in the IP address should exactly match
  • A “1” bit means the corresponding part/octet in IP address can be ignored. (It can be any value.)
  • MicroNugget: Wildcard Masks by Keith Barker

Standard IP Access List

  • Filters network traffic by examining the source IP address in a packet
  • Access-list numbers: 1-99 or 1300-1999
  • Applied closest to the destination
  • Denies or Permits: source IP address

Extended IP Access List

  • Can evaluate many of the other fields in the layer 3 and layer 4 headers of an IP packet.
  • Can evaluate source and destination IP addresses, the protocol field in the Network layer header, and the port number at the Transport layer header.
  • Access-list numbers: 100-199 or 2000-2699
  • Applied closest to the source
  • Denies or Permits: source IP address, destination IP address, port or service

Inbound and Outbound ACLs

  • Inbound access list are applied to inbound packets on an interface, before being routed.
  • Outbound access list are applied to outbound packets on an interface, after being routed.
  • An access list must be applied to an interface to be executed.

Hands-On Lab-08: Access Control Lists

  • Use Cisco Packet Tracer v8.x
  • You must be present for this class, and submit your 100% Packet Tracer file, to get full credit for this lab.
  • This lab is due tonight before you sign off.
  1. Download the Lab Assets zip file
  2. Read the instructions!!!!! (Make note of the passwords!!!)
  • The passwords are included in the lab instructions. Read!!!!

Read / Watch

Read / Watch / Do

CCNA Certification Study Guide, Volume 2

  • Read Chapter 11: Network Address Translation (NAT)
  • Do the Written Labs
  • Answer the Review Questions
    • Do not submit your answers for this chapter. The answers are in Appendix.

Better Focus and Efficient Studying When Not Multitasking