Presentation is loading. Please wait.

Presentation is loading. Please wait.

CBAC L AB. Nmap Port scanner Nmap: the beef, Zenmap: GUI frontend Findings before CBAC firewall c. What services are running and available on R1 from.

Published bySilvester O’Connor’ Modified over 8 years ago

Similar presentations

Presentation on theme: "CBAC L AB. Nmap Port scanner Nmap: the beef, Zenmap: GUI frontend Findings before CBAC firewall c. What services are running and available on R1 from."— Presentation transcript:

1 CBAC L AB

2 Nmap Port scanner Nmap: the beef, Zenmap: GUI frontend Findings before CBAC firewall c. What services are running and available on R1 from the perspective of PC-C? Telnet and HTTP d. In the Nmap scan output, refer to the TRACEROUTE information. How many hops are between PC-C and R1 and through what IP addresses? Three hops. The scan went from PC-C to the R3 Fa0/1 default gateway (192.168.3.1) to R2 S0/0/1 (10.2.2.2) and then to R1 S0/0/0 (10.1.1.1).

3 CBAC L AB In Part 2 of this lab you configured a CBAC firewall on R1 and then used Nmap again to test access from external host PC-C to R1. You used the AutoSecure IOS feature to enable CBAC. A sort of a dialog mode, automatically do things like disabling services Configure CBAC Firewall feature? [yes/no]: yes

4 CBAC L AB Automatically generated configuration requires fine tuning The AutoSecure CBAC firewall on R1 does not permit EIGRP hellos and neighbor associations to occur permit eigrp any any permit udp any any eq bootpc

5 CBAC L AB After CBAC config the result of the port scan When the R1 CBAC firewall is in place, what services are available on R1 and what is the status of R1 from the perspective of external PC- C? No services are detected. Nmap, run from PC- C, reports the status of host R1 10.1.1.1 as down.

6 CBAC L AB c. Which protocols did AutoSecure configure to be inspected as they leave the S0/0/0 interface? Cuseeme, FTP, HTTP, RCMD, Realaudio, SMTP, TFTP, UDP AND TCP. d. To which interface is the ACL autosec_firewall_acl applied and in which direction? S0/0/0 inbound. e. What is the purpose of the ACL autosec_firewall_acl? It allows bootp traffic to enter the S0/0/0 interface and blocks all other non-established connections from outside R1.

7 CBAC L AB Step 2: From PC-A, ping the R2 external WAN interface. a. From PC-A, ping the R2 interface S0/0/0 at IP address 10.1.1.2. C:\> ping 10.1.1.2 b. Were the pings successful? Why or why not? No. The ICMP protocol was not included in the autosec_inspect list, so the pings that PC-A sends are blocked from returning. Step 3: Add ICMP to the autosec_inspect list. R1(config)# ip inspect name autosec_inspect icmp timeout 5 Step 4: From PC-A, ping the R2 external WAN interface. a. From PC-A, ping the R2 interface S0/0/0 at IP address 10.1.1.2. C:\> ping 10.1.1.2 b. Were the pings successful? Why or why not? Yes, ICMP is now included in the autosec_inspect list, so the ICMP replies for ICMP requests originating from within the R1 LAN are allowed to return.

Download ppt "CBAC L AB. Nmap Port scanner Nmap: the beef, Zenmap: GUI frontend Findings before CBAC firewall c. What services are running and available on R1 from."

Similar presentations

Cisco Device Hardening Disabling Unused Cisco Router Network Services and Interfaces.

Cisco Device Hardening Disabling Unused Cisco Router Network Services and Interfaces.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
DMZ (De-Militarized Zone)

DMZ (De-Militarized Zone)
DMZ (De-Militarized Zone)

DMZ (De-Militarized Zone)
Implementing Firewall Technologies

Implementing Firewall Technologies
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.
Cisco IOS Firewall ( CBAC-Context Based Access Control)

Cisco IOS Firewall ( CBAC-Context Based Access Control)
Standard, Extended and Named ACL.  In this lesson, you will learn: ◦ Purpose of ACLs  Its application to an enterprise network ◦ How ACLs are used to.

Standard, Extended and Named ACL.  In this lesson, you will learn: ◦ Purpose of ACLs  Its application to an enterprise network ◦ How ACLs are used to.
1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &

1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod5_L4 1 Implementing Secure Converged Wide Area Networks (ISCW)

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod5_L4 1 Implementing Secure Converged Wide Area Networks (ISCW)
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
PIX Firewall. Stateful Packet Filter Runs on its own Operating System Assigning varying security levels to interfaces (0 – 100) Access Control Lists Extensive.

PIX Firewall. Stateful Packet Filter Runs on its own Operating System Assigning varying security levels to interfaces (0 – 100) Access Control Lists Extensive.
Security Issues on Distributed Systems 7 August, 1999 S 1 Prepared by : Lorrien K. Y. Lau Student I.D. : 97077200 7 August 1999 The Chinese University.

Security Issues on Distributed Systems 7 August, 1999 S 1 Prepared by : Lorrien K. Y. Lau Student I.D. : August 1999 The Chinese University.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.

Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control 172.16.3.0172.16.4.0 Non-172.16.0.0 e0e1 s0 172.16.4.13 server.

CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control Non e0e1 s server.
IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)

IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)
Advanced Networking for DVRs

Advanced Networking for DVRs
© 2012 Cisco and/or its affiliates. All rights reserved. 1 Classic IOS Firewall using CBACs.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 Classic IOS Firewall using CBACs.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

Similar presentations

Ads by Google