The paper creates Extended Access Control Lists for ABC Corporation using Port Numbers.
Extended Access Control Lists for ABC Corporation using Port Numbers
access-list 101 permit tcp 172.16.3.0. 0.0.0.255 any eq 20
access-list 101 permit tcp 172.16.5.0. 0.0.0.255 any eq 21
access-list 101 permit tcp 172.16.3.1/16. 0.0.0.255 any eq 22
access-list 101 permit tcp 172.16.3.254/16. 0.0.0.255 any eq 25
access-list 101 permit tcp 172.16.5.254/16. 0.0.0.255 any eq 35
access-list 101 permit tcp 172.16.0.254/16. 0.0.0.255 any eq18
access-list 101 permit tcp 172.16.5.35/16. 0.0.0.255 any eq19
access-list 101 permit tcp 172.16.0.0/16. 0.0.0.255 any eq39
access-list 101 deny tcp 172.16.0.254/16. 0.0.0.255 any eq26
access-list 101 deny tcp 172.16.5.35/16 . 0.0.0.255 any eq23
Further steps is the configuration of ACL for ABC Corporation. Configuration of Extended Access Control list is critical for the protection of network infrastructures of ABC Corporation.
Configuration of Extended Access Control Lists for ABC Corporation using Port Numbers.
The following commands are used for the configuration of Extended Access Control List for the ABC Corporation network infrastructure.:
R1(config)#access-list 101 permit tcp 172.16.3.0. 0.0.0.255 any eq 20
R1(config)#access-list 101 permit tcp 172.16.5.0. 0.0.0.255 any eq 21
R1(config)#access-list 101 permit tcp 172.16.3.1/16. 0.0.0.255 any eq 22
R1(config)#access-list 101 permit tcp 172.16.3.254/16. 0.0.0.255 any eq 25
R1(config)#access-list 101 permit tcp 172.16.5.254/16. 0.0.0.255 any eq 35
R1(config)#access-list 101 permit tcp 172.16.0.254/16. 0.0.0.255 any eq18
R1(config)#access-list 101 permit tcp 172.16.5.35/16. 0.0.0.255 any eq19
R1(config)#access-list 101 permit tcp 172.16.0.0/16. 0.0.0.255 any eq39
R1(config)#access-list 101 deny tcp 172.16.0.254/16. 0.0.0.255 any eq26
R1(config)#access-list 101 deny tcp 172.16.5.35/16 . 0.0.0.255 any eq23
Based on the configuration of the ACL for ABC Corporation, the paper re-creates the diagram.
Fig 2: Re-create of ACL Diagram for ABC Corporation
With the ACL commands, the paper recreates the diagram, and creates filtering rules for the router to follow. From the diagram in Fig 2, router will filter all hosts 172.16.5.35 from getting access onto the Internet. When host 172.16.5.35 attempts to get access into the internet, the ACL commands will prevent host 172.16.5.35 from getting access. This is very important because some malicious users may want to get access to the internet using these devices. By creating the ACL filtering rules, the host 172.16.5.35 will not be able to get access to the ABC Corporation.
Additional filtering rules that will be implemented based on Fig 2 are that the router will deny all other traffic to get access to 172.16.5.3.0. The router will serve as a guard to prevent other network from getting access to 172.16.5.3.0. In these devices, when a packet arrives onto the network router, and based on the filtering rules, the packet will extract information from the packet and the router will make decision whether to pass the information into the network or deny the information. Based on the filtering rules created, the router will deny other network traffic from getting access to the 172.16.5.3.0.
More importantly, the router will not allow outside traffic to ping telnet and ftp. This is very important for security reason because Telnet does not encrypt the data that come from other network. Thus, it is practical for eavesdropper to extract information from the network if allowing outside traffic to get access to the network. Moreover, there is no authentication that would ensure that there is no interception when the communication is being carried out over the network. Based on the shortcoming of the Telnet, it is very critical for ABC Corporation not to allow outside network from getting access to the Telnet.
Additionally, part of the filtering rules is not to allow outside network to get access to the File Transfer Control (FTP). Typically, FTP is a standard network protocol that is used to transfer files over the network. While FTP may have security devices such as authentication, there are still security loopholes identified with FTP based on the sophisticated method that malicious users tamper with network protocol. Typically, the FTP infrastructure is not designed with security to protect itself against sophisticated it hackers. Thus, FTP could face series of vulnerable problems such as Spoof attacks, Bounce attacks, Port stealing, brute force attacks, and Packet capture sniffing. Based on the security vulnerability of Telnet and FTP, the ACL will not allow outside network to get access to the Telnet and FTP.
To enhance greater understanding on the importance of access control lists, the paper provides justification of ACL for ABC Corporation.
Justification of Access Control Lists for ABC Corporation
In the contemporary business environment, various malicious users attempt to get access to the organizational network infrastructure to steal valuable information. Typically, many of these malicious users tampers with the network devices of organization in order to steal valuable information through several technique such as sniffing, eavesdropping and other malicious technique. ACL has been identified as an effective security device. ABC Corporation could enjoy several benefits from using ACL for the company network security.
First, ACL will prevent ABC Corporation from ISL tagging attack. Malicious users often tagging attacks to get access onto the network. For example, an attacker could send fake DTP onto the network in order to get access. ACL is very effective to prevent this sort of attack into the network by preventing such attack getting into the network. Moreover, ACL could prevent organization from brute force attack. Malicious user tries to exploit switch potential vulnerability to get access into the network. The attack could use attack such as bugs to attack the network. With ACL in place, this type of attack will be ineffective on to the company network.
More importantly, ACL will prevent ABC organization from flooding attack. This type of attack is to send flood of traffic onto the network in order to sniff information from the organizational network. There are several programs to perform this type of malicious acts and when attackers identify weakness in the network, they use flooding attack to exploit the network devices. Typically, an attacker could use this attack to impersonate permitted network. To protect network infrastructure against this sort of attack, ACL will be very effective to prevent this type of attack from occurring onto the company network.
The technical paper provides a security plan that ABC Corporation could employ to protect network infrastructure. ABC Organization has just installed a new router onto the network, and since malicious user often attack network infrastructure from the router, the proposal provides security plan to enhance adequate security for the organizational network. To implement effective security for the ABC organization, Access Control Lists are used for the…