Archive | Cisco Network Security Little Black Book RSS feed for this section

Configuring Permit Lists

20 Mar

Configuring Permit Lists
The IP permit list is a feature of the CatOS that permits authorized Telnet and SNMP access to the switch only from authorized source IP addresses. IP permit lists do not affect traffic that is transiting the switch or that is locally originated by the switch. IP permit lists only affect inbound Telnet [...]

Appendix B: Securing Ethernet Switches

20 Mar

Appendix B: Securing Ethernet Switches
This appendix covers security features that are available and can be used on the Catalyst series Ethernet switches. Security topics for the Catalyst switches are configuring management access to the switch, controlling Telnet, and Simple Network Management Protocol (SNMP) access, configuring the switch to support the AAA architecture, and configuring private [...]

Appendix A: IOS Firewall IDS Signature List

20 Mar

Appendix A: IOS Firewall IDS Signature List
This appendix includes a complete list of Cisco IOS Firewall IDS signatures. A signature detects patterns of misuse in network traffic. The 59 intrusion−detection signatures included in the Cisco IOS Firewall software represent the most common network attacks and information−gathering scans that should be considered intrusive activity in an [...]

Configuring Time-Based Access Lists

20 Mar

Configuring Time−Based Access Lists
To configure time−based access lists, perform the following steps:
1.Use the time−range name command to define the name of the timed access list. Issuing this command moves you into time−range configuration mode.
2.Use either of the following commands to specify when the timed access list should be in effect:
absolute <start time date> <end time [...]

Configuring Reflexive Access Lists

20 Mar

Configuring Reflexive Access Lists
To define a reflexive access list, you must create an entry in an extended named IP access list. This entry must use the reflect keyword and is nested inside of another access list. To define reflexive access lists, follow these steps:
1.Use this command to define an extended named access list:
ip access−list extended [...]