CST3607 Class Notes 2021-04-06

News & Tools

Subnetting Tutorial & Reference

Troubleshooting & Verifying Networks

Self-Evaluation

  • At this point in the semester, you should be confident in your understanding of Cisco IOS, routing protocols, etc., to complete this Lab-04 (OSPF, Serial, DHCP), using only the network diagram as your guide, with 100% accuracy, in less than 30 minutes.
  • If that’s not the case, then you must practice, practice, practice, to gain the necessary skills and confidence.
  • Practice makes improvement.

Single Sign On & Federation

Single Sign On (SSO) allows a single authentication process (managed by a single Identity Provider, Directory Server, or other authentication mechanism) to be used across multiple systems (Service Providers) within a single organization or across multiple organizations.

Authentication vs Authorization

Network Security

Types of attacks

  • Application-layer attacks
  • Backdoors
  • DDoS Attacks
  • Network Reconnaissance

Mitigating Attacks

  • Perimeter, Stateful Firewall, and Internal Routers
  • Appliances

Access Control List (ACL)

  • An access list is a list of conditions that categorize packets.
  • Creating an access lists is like programming a series of if-then statements – if a given condition is met, then a given action is taken. If the specific condition isn’t met, nothing happens and the next statement is evaluated.
  • Access-list statements are packet filters that packets are compared against, categorized by, and acted upon.
  • Access-lists can be applied to inbound or outbound traffic on any interface.

Wildcard Mask

  • Identifies the part of the IP or network address that must match.
  • A “0” bit in the wildcard mask means the corresponding part/octet in the IP address should exactly match
  • A “1” bit means the corresponding part/octet in IP address can be ignored. (It can be any value.)
  • MicroNugget: Wildcard Masks by Keith Barker

Standard IP Access List

  • Filters network traffic by examining the source IP address in a packet
  • Access-list numbers: 1-99 or 1300-1999
  • Applied closest to the destination
  • Denies or Permits: source IP address

Extended IP Access List

  • Can evaluate many of the other fields in the layer 3 and layer 4 headers of an IP packet.
  • Can evaluate source and destination IP addresses, the protocol field in the Network layer header, and the port number at the Transport layer header.
  • Access-list numbers: 100-199 or 2000-2699
  • Applied closest to the source
  • Denies or Permits: source IP address, destination IP address, port or service

Inbound and Outbound ACLs

  • Inbound access list are applied to inbound packets on an interface, before being routed.
  • Outbound access list are applied to outbound packets on an interface, after being routed.
  • An access list must be applied to an interface to be executed.

Hands-On Lab-07: Access Control Lists

  • Use Cisco Packet Tracer v8.x
  • You must be present for this class, and submit your 100% Packet Tracer file, to get full credit for this lab.
  • This lab is due tonight before you sign off.
  1. Log into Cisco Packet Tracer
  2. Download the Lab-07 Assets zip file
  3. Unzip/extract the Lab-07 Packet Tracer file
  4. Rename the CST3607 Lab-07 YourLastName, YourFirstName v01 pka file with your last and first names
  5. Open and log into Packet Tracer
  6. Open the Lab-07 pka file in Packet Tracer
  7. Read the instructions!!!!!
  8. E-mail your 100% Lab-07 to me. Subject: CST3607 Lab-07 YourLastName, YourFirstName
  • The passwords are included in the lab instructions. Read!!!!
  • 1st password to log into a switch or router is the “console” password
  • 2nd password to get into privileged mode is the “secret” password

Study for Exam 2

Read / Watch

Better Focus and Efficient Studying When Not Multitasking