| From fiber to phone lines, from huge
corporate networks to a single home user, security dominates the
discussion of today's computer networks. Securing an IP-based
network can be a difficult task, largely because the Internet is
based on open standards. Because nonproprietary technologies such as
TCP/IP are so well known, their bugs and their limitations are well
publicized -- and often easily exploited.
Fortunately, the rush to connect
businesses, schools, and homes to the Internet has given way to a
more cautious, security-savvy approach to building networks. Even as
residential broadband brings "always-on" Internet
connectivity to homes, average home users have taken to installing
firewalls and other security measures. Meanwhile, the growth of
e-commerce has prompted corporations to spend more resources on
fortifying network security.
Virtually all computer networks have
some portion that is IP-based, so it is imperative that you learn
how to restrict and control TCP/IP access. The key to access control is the
access list, or access control list (ACL). These lists are the
building blocks of IP firewalls, and firewalls stand on the
frontlines of Internet security. A firewall is hardware and/or
software that works to protect a network from unauthorized access.
After providing a quick review of
access list syntax, this chapter examines advanced IP security
configurations, including restricting router access, dynamic access
lists (lock-and-key), null0 routes, and the established argument. Finally, this chapter examines the next generation of IP traffic
management: reflexive access lists and context-based access control.
|