Contents
News & Tools
- NYC’s nonprofit DIY internet is taking on Verizon & more | Just Might Work by Freethink
- NYC’s nonprofit DIY internet is taking on Verizon & more: 1.5 million New Yorkers lack access to high-speed internet. Can a DIY mesh internet network change that?
- Free WiFi in apartment buildings helps close the digital divide: No Home Left Offline has a plan to bring the internet to 18 million U.S. households
Exam-02 Debriefing
Single Sign On & Federation
Single Sign On (SSO) allows a single authentication process (managed by a single Identity Provider (IdP), Directory Server, or other authentication mechanism) to be used across multiple systems (Service Providers) within a single organization or across multiple organizations.
Network Security
Types of attacks
- Application-layer attacks
- Backdoors
- DDoS Attacks
- Network Reconnaissance
Mitigating Attacks
- Perimeter, Stateful Firewall, and Internal Routers
- Appliances
Access Control List (ACL)
- An access list is a list of conditions that categorize packets.
- Creating an access lists is like programming a series of if-then statements – if a given condition is met, then a given action is taken. If the specific condition isn’t met, nothing happens and the next statement is evaluated.
- Access-list statements are packet filters that packets are compared against, categorized by, and acted upon.
- Access-lists can be applied to inbound or outbound traffic on any interface.
Wildcard Mask
- Identifies the part of the IP or network address that must match.
- A “0” bit in the wildcard mask means the corresponding part/octet in the IP address should exactly match
- A “1” bit means the corresponding part/octet in IP address can be ignored. (It can be any value.)
- MicroNugget: Wildcard Masks by Keith Barker
Standard IP Access List
- Filters network traffic by examining the source IP address in a packet
- Access-list numbers: 1-99 or 1300-1999
- Applied closest to the destination
- Denies or Permits: source IP address
Extended IP Access List
- Can evaluate many of the other fields in the layer 3 and layer 4 headers of an IP packet.
- Can evaluate source and destination IP addresses, the protocol field in the Network layer header, and the port number at the Transport layer header.
- Access-list numbers: 100-199 or 2000-2699
- Applied closest to the source
- Denies or Permits: source IP address, destination IP address, port or service
Inbound and Outbound ACLs
- Inbound access list are applied to inbound packets on an interface, before being routed.
- Outbound access list are applied to outbound packets on an interface, after being routed.
- An access list must be applied to an interface to be executed.
Hands-On Lab-08: Access Control Lists
- Use Cisco Packet Tracer v8.x
- You must be present for this class, and submit your 100% Packet Tracer file, to get full credit for this lab.
- This lab is due tonight before you sign off.
- Download the Lab Assets zip file
- Read the instructions!!!!! (Make note of the passwords!!!)
- The passwords are included in the lab instructions. Read!!!!
Read / Watch
- Cisco Router Access-Lists Part 1 (Fundamentals): Cisco Router Training 101 by soundtraining.net
- Cisco Router Access-Lists Part 2 (Advanced): Cisco Router Training 101 by soundtraining.net
- Access-list – Practice Test
- MicroNugget: Wildcard Masks by Keith Barker
- Understanding Access Control List Logging (cisco.com)
- Quizlet: Chapter 12: Security by Sidd_ (ACLs (Access Control Lists))
- Quizlet.com – CCNA 3 chap 6 by kodiak117 (VLANs)
- How to Add, Delete and Renumber a Cisco Access Control List (ACL)
Read / Watch / Do
CCNA Certification Study Guide, Volume 2
- Read Chapter 11: Network Address Translation (NAT)
- Do the Written Labs
- Answer the Review Questions
- Do not submit your answers for this chapter. The answers are in Appendix.