Lock and Key by Linda Wier 2/23/2019.

Slides:



Advertisements
Similar presentations
Access Control List (ACL)
Advertisements

What is access control list (ACL)?
Chapter 9: Access Control Lists
Basic IP Traffic Management with Access Lists
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—6-1 Access Control Lists Introducing ACL Operation.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5.
Standard, Extended and Named ACL.  In this lesson, you will learn: ◦ Purpose of ACLs  Its application to an enterprise network ◦ How ACLs are used to.
(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
Access Lists 1 Network traffic flow and security influence the design and management of computer networks Access lists are permit or deny statements that.
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control Non e0e1 s server.
1 Semester 2 Module 11 Access Control Lists (ACLs) Yuda college of business James Chen
S6C12 - AAA AAA Facts. AAA Defined Authentication, Authorization, and Accounting Central Management of AAA –Information in a single, centralized, secure.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.
CISCO NETWORKING ACADEMY Chabot College ELEC Access Control Lists - Introduction.
Access Control Key concepts: Controlling the data flow within a network ACL (access control lists)
© 1999, Cisco Systems, Inc Chapter 10 Controlling Campus Device Access Chapter 11 Controlling Access to the Campus Network © 1999, Cisco Systems,
Cisco PIX firewall Set up 3 security zones ***CS580*** John Trafecanty Jules R. Nya Baweu August 23, 2005.
Chapter 13 – Network Security
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Access Control List ACL. Access Control List ACL.
1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)
1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)
User Access to Router Securing Access.
Instructor & Todd Lammle
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Access-Lists Securing Your Router and Protecting Your Network.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Page 1 Access Lists Lecture 7 Hassan Shuja 04/25/2006.
Access Control List ACL’s 5/26/ What Is an ACL? An ACL is a sequential collection of permit or deny statements that apply to addresses or upper-layer.
1 What Are Access Lists? –Standard –Checks Source address –Generally permits or denies entire protocol suite –Extended –Checks Source and Destination address.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
Page 1 Chapter 11 CCNA2 Chapter 11 Access Control Lists : Creating ACLs, using Wildcard Mask Bits, Standard and Extended ACLs.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 6 City College.
Chapter 3: Authentication, Authorization, and Accounting
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Verify that timestamps for debugging and logging messages has been enabled. Verify the severity level of events that are being captured. Verify that the.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 ver.2 Module 8 City College.
Configuring AAA Kamyar Miremadi Laila Sherif Summer 2005.
TOPIC: AUTHENTICITY CREATED BY SWAPNIL SAHOO AuthenticityAuthorisation Access Control Basic Authentication Apache BASIC AUTHENTICATIONDIGEST ACCESS AUTHENTICATIONDHCP.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
CCNA4 Perrine / Brierley Page 12/20/2016 Chapter 05 Access Control Non e0e1 s server.
ACLs Access Control Lists
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.
Cisco Routers Routers collectively provide the main feature of the network layer—the capability to forward packets end-to-end through a network. routers.
SECURE LAB: CREATING A CISCO 3550 VLSM NETWORK
Instructor & Todd Lammle
Instructor Materials Chapter 7: Access Control Lists
Only Two Ways through the PIX Firewall
CCENT Study Guide Chapter 12 Security.
Information Security Professionals
Managing IP Traffic with ACLs
Managing IP Traffic with ACLs
Radius, LDAP, Radius used in Authenticating Users
Virtual LANs.
Basic switch and router configuration
Introducing ACL Operation
Chapter 4: Access Control Lists (ACLs)
Access Control Lists (ACLs)
Chapter 7: Access Control Lists
Access Control Lists CCNA 2 v3 – Module 11
Cabrillo College Building Cisco Remote Access Network
– Chapter 3 – Device Security (B)
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.
CS580 Special Project: IOS Firewall Setup using CISCO 1600 router
AbbottLink™ - IP Address Overview
Introduction to Cisco IOS -(Internetwork Operating System)
Chabot College ELEC Access Control Lists - Introduction.
Presentation transcript:

Lock and Key by Linda Wier 2/23/2019

Lock and Key Lock & key is a Cisco IOS traffic filtering security feature that dynamically filters IP protocol traffic.It temporarily provides a hole in the firewall without compromising other configured security restrictions.Lock & Key may be configured using IP dynamic extended access lists and can be used in conjunction with other standard access lists and static extended access lists. 2/23/2019

Lock & Key Dynamic Access List For Lock & Key to work When to use lock & key Configuring lock & key 2/23/2019

Dynamic Access List Dynamic access lists enable designated users to gain temporary access to protected resources, no matter what IP address they come in on. When configured, lock & key modifies the existing IP access list of the interface so that it permits the IP addresses of designated users to reach specific destinations. After the user disconnects, lock & key returns the access list back to its original state. You should always define either an idle timeout (with the timeout keyword in this command) or an absolute timeout (with the timeout keyword in the access-list command). Otherwise, the dynamic access list will remain, even after the user has terminated the session. 2/23/2019

For lock & key to work The user must first telnet to the router. Telnetting gives the user a chance to tell the router who he or she is (by authenticating with a username & password), and and what IP address he or she is currently sending from. When authenticated to the router successfully, the users IP address can be granted temporary access through the router. Dynamic access list configuration determines the length of the access granted. TACACS- Terminal Access Controller Access Control System: TACACS is an access control protocol that a switch to authenticate all login attempts through a central authentication server. TACACS consists of 3 services: Authentication, authorization and accounting. Authentication action of determining who the user is & whether or not allowed access to the server. Authorization is the action of determining what the user is allowed to do on the system. Accounting is the action of collecting data related to resource usage. 2/23/2019

When to use lock & key To permit a user or a group of users to securely access a host within a protected network via the internet. Lock & key authenticates the user and than permits limited access through your firewall router, only for that individual host or subnet for a certain period of time. To allow certain users on a local network to access a host on a remote network protected by a firewall. Lock & key requires users to authenticate before allowing their hosts to access the remote hosts. 2/23/2019

Configuring lock & key Start by defining a dynamic access list. Configure a router to authenticate VTY users using a local database. Enable router to create a temporary access list entry in a dynamic access list. Defining a dynamic access list Router (config)#access-list access-list-number dynamic dynamic-name[timeout minutes][deny – permit] protocol source address source wild card destination- address destination wildcard Configuring a dynamic access list 2/23/2019

Lock & Key Config Through Router LabA>en Password: *Note: This config example LabA>config t was intended to LabA(Config)#username (project) password (cisco) demonstrate class LabA(ocnfig)#line vty 0 4 purpose. Check LabA(config-line)#login local group #, int accordingly. LabA(config-line)#^z LabA(config)#access-list 101 permit tcp any any eq telnet LabA(config)#access-list 101 dynamic unlock timeout 120 permit ip any any LabA(config)#int s0/0 LabA(config-if)#ip access-group 101 in LabA(config-if)#^z LabA#show access-lists Result: Extended IP access list 101 Permit tcp any any eq telnet Dynamic unlock permit ip any any (time left 2061) *Lock & Key is usually configured using a TACACS server for authentication query process. For more information about Lock and Key go to Cisco’s search engine. 2/23/2019

Benefits of Lock & Key Lock & Key uses a challenge mechanism to authenticate individual users. Lock & Key provides simpler management in large internetworks. In many cases, Lock & Key reduces the amount of router processing required for access lists. Lock & Key reduces the opportunity for network break-ins by network hackers. With Lock & Key, you can specify which users are permitted access to which source/destination hosts. These users must pass a user authentication process before they are permitted access to their designated host(s). Lock & Key creates dynamis user access through a firewall, without compromising other configured security restrictions. 2/23/2019