Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lock and Key by Linda Wier 2/23/2019.

Published byMarvin Walker Modified over 5 years ago

Similar presentations

Presentation on theme: "Lock and Key by Linda Wier 2/23/2019."— Presentation transcript:

1 Lock and Key by Linda Wier 2/23/2019

2 Lock and Key Lock & key is a Cisco IOS traffic filtering security feature that dynamically filters IP protocol traffic.It temporarily provides a hole in the firewall without compromising other configured security restrictions.Lock & Key may be configured using IP dynamic extended access lists and can be used in conjunction with other standard access lists and static extended access lists. 2/23/2019

3 Lock & Key Dynamic Access List For Lock & Key to work
When to use lock & key Configuring lock & key 2/23/2019

4 Dynamic Access List Dynamic access lists enable designated users to gain temporary access to protected resources, no matter what IP address they come in on. When configured, lock & key modifies the existing IP access list of the interface so that it permits the IP addresses of designated users to reach specific destinations. After the user disconnects, lock & key returns the access list back to its original state. You should always define either an idle timeout (with the timeout keyword in this command) or an absolute timeout (with the timeout keyword in the access-list command). Otherwise, the dynamic access list will remain, even after the user has terminated the session. 2/23/2019

5 For lock & key to work The user must first telnet to the router. Telnetting gives the user a chance to tell the router who he or she is (by authenticating with a username & password), and and what IP address he or she is currently sending from. When authenticated to the router successfully, the users IP address can be granted temporary access through the router. Dynamic access list configuration determines the length of the access granted. TACACS- Terminal Access Controller Access Control System: TACACS is an access control protocol that a switch to authenticate all login attempts through a central authentication server. TACACS consists of 3 services: Authentication, authorization and accounting. Authentication action of determining who the user is & whether or not allowed access to the server. Authorization is the action of determining what the user is allowed to do on the system. Accounting is the action of collecting data related to resource usage. 2/23/2019

6 When to use lock & key To permit a user or a group of users to securely access a host within a protected network via the internet. Lock & key authenticates the user and than permits limited access through your firewall router, only for that individual host or subnet for a certain period of time. To allow certain users on a local network to access a host on a remote network protected by a firewall. Lock & key requires users to authenticate before allowing their hosts to access the remote hosts. 2/23/2019

7 Configuring lock & key Start by defining a dynamic access list.
Configure a router to authenticate VTY users using a local database. Enable router to create a temporary access list entry in a dynamic access list. Defining a dynamic access list Router (config)#access-list access-list-number dynamic dynamic-name[timeout minutes][deny – permit] protocol source address source wild card destination- address destination wildcard Configuring a dynamic access list 2/23/2019

8 Lock & Key Config Through Router
LabA>en Password: *Note: This config example LabA>config t was intended to LabA(Config)#username (project) password (cisco) demonstrate class LabA(ocnfig)#line vty purpose. Check LabA(config-line)#login local group #, int accordingly. LabA(config-line)#^z LabA(config)#access-list 101 permit tcp any any eq telnet LabA(config)#access-list 101 dynamic unlock timeout 120 permit ip any any LabA(config)#int s0/0 LabA(config-if)#ip access-group 101 in LabA(config-if)#^z LabA#show access-lists Result: Extended IP access list 101 Permit tcp any any eq telnet Dynamic unlock permit ip any any (time left 2061) *Lock & Key is usually configured using a TACACS server for authentication query process. For more information about Lock and Key go to Cisco’s search engine. 2/23/2019

9 Benefits of Lock & Key Lock & Key uses a challenge mechanism to authenticate individual users. Lock & Key provides simpler management in large internetworks. In many cases, Lock & Key reduces the amount of router processing required for access lists. Lock & Key reduces the opportunity for network break-ins by network hackers. With Lock & Key, you can specify which users are permitted access to which source/destination hosts. These users must pass a user authentication process before they are permitted access to their designated host(s). Lock & Key creates dynamis user access through a firewall, without compromising other configured security restrictions. 2/23/2019

Download ppt "Lock and Key by Linda Wier 2/23/2019."

Similar presentations

Access Control List (ACL)

Access Control List (ACL)
What is access control list (ACL)?

What is access control list (ACL)?
Chapter 9: Access Control Lists

Chapter 9: Access Control Lists
Basic IP Traffic Management with Access Lists

Basic IP Traffic Management with Access Lists
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—6-1 Access Control Lists Introducing ACL Operation.

© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—6-1 Access Control Lists Introducing ACL Operation.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5.
Standard, Extended and Named ACL.  In this lesson, you will learn: ◦ Purpose of ACLs  Its application to an enterprise network ◦ How ACLs are used to.

Standard, Extended and Named ACL.  In this lesson, you will learn: ◦ Purpose of ACLs  Its application to an enterprise network ◦ How ACLs are used to.
(Remote Access Security) AAA. 2 Authentication User named flannery dials into an access server that is configured with CHAP. The access server will.

(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
Access Lists 1 Network traffic flow and security influence the design and management of computer networks Access lists are permit or deny statements that.

Access Lists 1 Network traffic flow and security influence the design and management of computer networks Access lists are permit or deny statements that.
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.

Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control 172.16.3.0172.16.4.0 Non-172.16.0.0 e0e1 s0 172.16.4.13 server.

CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control Non e0e1 s server.
1 Semester 2 Module 11 Access Control Lists (ACLs) Yuda college of business James Chen

1 Semester 2 Module 11 Access Control Lists (ACLs) Yuda college of business James Chen
S6C12 - AAA AAA Facts. AAA Defined Authentication, Authorization, and Accounting Central Management of AAA –Information in a single, centralized, secure.

S6C12 - AAA AAA Facts. AAA Defined Authentication, Authorization, and Accounting Central Management of AAA –Information in a single, centralized, secure.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.

Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.
CISCO NETWORKING ACADEMY Chabot College ELEC 99.08 Access Control Lists - Introduction.

CISCO NETWORKING ACADEMY Chabot College ELEC Access Control Lists - Introduction.
Access Control Key concepts: Controlling the data flow within a network ACL (access control lists)

Access Control Key concepts: Controlling the data flow within a network ACL (access control lists)
© 1999, Cisco Systems, Inc. 11-1 Chapter 10 Controlling Campus Device Access Chapter 11 Controlling Access to the Campus Network © 1999, Cisco Systems,

© 1999, Cisco Systems, Inc Chapter 10 Controlling Campus Device Access Chapter 11 Controlling Access to the Campus Network © 1999, Cisco Systems,
Cisco PIX firewall Set up 3 security zones ***CS580*** John Trafecanty Jules R. Nya Baweu August 23, 2005.

Cisco PIX firewall Set up 3 security zones ***CS580*** John Trafecanty Jules R. Nya Baweu August 23, 2005.
Chapter 13 – Network Security

Chapter 13 – Network Security

Similar presentations

Ads by Google