Network Bulls
www.networkbulls.com
Best Institute for CCNA CCNP CCSP CCIP CCIE Training in India
M-44, Old Dlf, Sector-14 Gurgaon, Haryana, India
Call: +91-9654672192
Here’s a list of the many security threats you can mitigate with ACLs:
IP address spoofing, inbound
IP address spoofing, outbound
Denial of service (DoS) TCP SYN attacks, blocking external attacks
DoS TCP SYN attacks, using TCP Intercept
DoS smurf attacks
Filtering ICMP messages, inbound
Filtering ICMP messages, outbound
Filtering traceroute
It’s generally wise not to allow into a private network any IP packets that contain the source
address of any internal hosts or networks—just don’t do it!
Here’s a list of rules to live by when configuring ACLs from the Internet to your production
network to mitigate security problems:
Deny any addresses from your internal networks.
Deny any local host addresses (127.0.0.0/8).
315
Deny any reserved private addresses.
Deny any addresses in the IP multicast address range (224.0.0.0/4).
None of the above addresses should be allowed to enter your internetwork.
Exam Objectives
Remember the list of typical rules when configuring ACLs from the Internet to your production
network to mitigate security problems. Deny any addresses from your internal networks,
deny any local host addresses (127.0.0.0/8), deny any reserved private addresses, deny
any addresses in the IP multicast address range (224.0.0.0/4).
No comments:
Post a Comment