Upload
keiko-gill
View
68
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Chapter 9 Intermediate TCP /IP/ Access Control Lists (ACLs). Objectives. TCP Operation. The transport layer is responsible for the reliable transport of and regulation of data flow from source to destination. Synchronization or Three-Way Handshake. Denial - of - Service Attacks. - PowerPoint PPT Presentation
Citation preview
1© 2004, Cisco Systems, Inc. All rights reserved.
Chapter 9
Intermediate TCP/IP/ Access Control Lists (ACLs)
222© 2004, Cisco Systems, Inc. All rights reserved.
Objectives
333© 2004, Cisco Systems, Inc. All rights reserved.
TCP Operation
The transport layer is responsible for the reliable transport of and regulation of data flow from source to destination.
444© 2004, Cisco Systems, Inc. All rights reserved.
Synchronization or Three-Way Handshake
555© 2004, Cisco Systems, Inc. All rights reserved.
Denial-of-Service Attacks
666© 2004, Cisco Systems, Inc. All rights reserved.
Simple Windowing
777© 2004, Cisco Systems, Inc. All rights reserved.
TCP Sequence and Acknowledgment Numbers
888© 2004, Cisco Systems, Inc. All rights reserved.
Positive ACK
• Acknowledgement is a common step in the synchronization process which includes sliding windows and data sequencing.
999© 2004, Cisco Systems, Inc. All rights reserved.
Protocol Graph: TCP/IP
101010© 2004, Cisco Systems, Inc. All rights reserved.
UDP Segment Format
111111© 2004, Cisco Systems, Inc. All rights reserved.
Port Numbers
121212© 2004, Cisco Systems, Inc. All rights reserved.
Telnet Port Numbers
131313© 2004, Cisco Systems, Inc. All rights reserved.
Reserved TCP and UDP Port Numbers
141414© 2004, Cisco Systems, Inc. All rights reserved.
Ports for Clients
• Whenever a client connects to a service on a server, a source and destination port must be specified.
• TCP and UDP segments contain fields for source and destination ports.
151515© 2004, Cisco Systems, Inc. All rights reserved.
Port Numbering and Well-Known Port Numbers
• Port numbers are divided into three different categories:
well-known ports
registered ports
dynamic or private ports
161616© 2004, Cisco Systems, Inc. All rights reserved.
Port Numbers and Socket
171717© 2004, Cisco Systems, Inc. All rights reserved.
Comparison of MAC addresses, IP addresses, and port numbers
• A good analogy can be made with a normal letter.
• The name on the envelope would be equivalent to a port number, the street address is the MAC, and the city and state is the IP address.
181818© 2004, Cisco Systems, Inc. All rights reserved.
Summary
19© 2004, Cisco Systems, Inc. All rights reserved.
Access Control Lists (ACLs)
202020© 2004, Cisco Systems, Inc. All rights reserved.
Objectives
212121© 2004, Cisco Systems, Inc. All rights reserved.
What are ACLs?
• ACLs are lists of conditions used to test network traffic that tries to travel across a router interface. These lists tell the router what types of packets to accept or deny.
222222© 2004, Cisco Systems, Inc. All rights reserved.
How ACLs Work
232323© 2004, Cisco Systems, Inc. All rights reserved.
Protocols with ACLs Specified by Numbers
242424© 2004, Cisco Systems, Inc. All rights reserved.
Creating ACLs
252525© 2004, Cisco Systems, Inc. All rights reserved.
The Function of a Wildcard Mask
262626© 2004, Cisco Systems, Inc. All rights reserved.
Verifying ACLs
• There are many show commands that will verify the content and placement of ACLs on the router.
show ip interface
show access-lists
Show running-config
272727© 2004, Cisco Systems, Inc. All rights reserved.
Standard ACLs
282828© 2004, Cisco Systems, Inc. All rights reserved.
Extended ACLs
292929© 2004, Cisco Systems, Inc. All rights reserved.
Named ACLs
303030© 2004, Cisco Systems, Inc. All rights reserved.
Placing ACLs
• Standard ACLs should be placed close to the destination.
• Extended ACLs should be placed close to the source.
313131© 2004, Cisco Systems, Inc. All rights reserved.
Firewalls
A firewall is an architectural structure that exists between the user and the outside world to protect the internal network from intruders.
323232© 2004, Cisco Systems, Inc. All rights reserved.
Restricting Virtual Terminal Access
333333© 2004, Cisco Systems, Inc. All rights reserved.
Summary
343434© 2004, Cisco Systems, Inc. All rights reserved.
Question/Answer