[...]... from observation Recognizing the limitations of access lists, both Cisco systems and other hardware and software vendors developed a series of other security devices that we will briefly review in this introductory chapter Other Security Devices Limitations associated with router ACLs resulted in the development of several additional security devices Those devices include firewalls, proxy servers, encryption... and Reflexive access control lists (Reflexive ACLs) CBAC is the heart of the Cisco firewall feature set, which is a specific code revision available for the Cisco 1600- and 2500-series routers Beginning with IOS 12.0T, CBAC is available on the 3600-series router and might be available on other platforms when newer versions of Cisco' s IOS are introduced This feature is capable of maintaining information... generation, and proxy services Because one or more of these features might not be fully recognizable to some readers, let's briefly review the general function associated with each security feature Later in this book when we discuss Cisco security products in detail, we will also discuss each of these firewall features in considerably more detail Packet Filtering Although most firewalls perform packet filtering... create that painting To obtain an appreciation for configuring access lists, as well as other security- related router features, you should obtain a basic understanding of the hardware and software components of a Cisco router, which is the purpose of Chapter 6 In Chapter 6, we will first review the basic Cisco router hardware and software components Once this task is accomplished, we will obtain an... Chapter 7 examines Cisco Systems router access lists in detail After examining the syntax and format of access lists we will turn our attention to the construction of access lists, using several networking examples to illustrate how an access list can become your first line of network defense In Chapter 8, we examine how you can construct a Cisco firewall using such enhanced IOS security features as... General Routing Encapsulation 48 MHRP Mobile Host Routing Protocol 49 BNA BNA 50 ESP Encap Security Payload for IPv6 51 AH Authentication Header for IPv6 52 I-NLSP Integrated Net Layer Security 53 SWIPE IP with Encryption 54 NARP NBMA Address Resolution P t l Protocol 55 MOBILE IP Mobility 56 TLSP Transport Layer Security Protocol (using Kryptonet key management) 57 SKIP SKIP 58 IPv6-ICMP ICMP for IPv6... executable programs that they either embed in an e-mail or attach to their electronic message—which results in another potential security hazard that network managers, LAN administrators, and network users must consider Now that we have an appreciation for a few of the major security threats to a network, let's focus our attention on the role of routers in defending a network The Role of Routers From... Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) Because most network security methods involve the use of TCP and UDP port numbers, after we review the header format for each protocol, a comprehensive list of 'well-known' ports will be presented and will serve as a reference for performing security- related tasks described in the remainder of this book NetWare Because NetWare protocols... flow on private networks, this protocol cannot be overlooked when developing security methods to protect an organization's computational facilities In Chapter 5, we will examine the IPX and SPX headers— as well as the manner by which Novell networks implement network and host station addressing Router Hardware and Software A Cisco Systems router can be considered to represent a fine painting with a variety... connection and examining application layer information for a limited number of TCP and UDP protocols It provides a significantly greater level of security than traditional access lists Reflexive ACLs are a new feature introduced in the 11.3 revision of the Cisco IOS Reflexive ACLs maintain a degree of "pseudo-state" information by creating dynamic entries in traditional ACLs, once a legitimate conversation