16.3.1/16. 0.0.0.255 any eq 22 access-list 101 permit tcp 172.16.3.254/16. 0.0.0.255 any eq 25

access-list 101 permit tcp 172.16.5.254/16. 0.0.0.255 any eq 35

access-list 101 permit tcp 172.16.0.254/16. 0.0.0.255 any eq18

access-list 101 permit tcp 172.16.5.35/16. 0.0.0.255 any eq19

access-list 101 permit tcp 172.16.0.0/16. 0.0.0.255 any eq39

access-list 101 deny tcp 172.16.0.254/16. 0.0.0.255 any eq26

access-list 101 deny tcp 172.16.5.35/16 . 0.0.0.255 any eq23

Further steps is the configuration of ACL for ABC Corporation. Configuration of Extended Access Control list is critical for the protection of network infrastructures of ABC Corporation.

Configuration of Extended Access Control Lists for ABC Corporation using Port Numbers.

The following commands are used for the configuration of Extended Access Control List for the ABC Corporation network infrastructure.:

R1(config)#access-list 101 permit tcp 172.16.3.0. 0.0.0.255 any eq 20

R1(config)#access-list 101 permit tcp 172.16.5.0. 0.0.0.255 any eq 21

R1(config)#access-list 101 permit tcp 172.16.3.1/16. 0.0.0.255 any eq 22

R1(config)#access-list 101 permit tcp 172.16.3.254/16. 0.0.0.255 any eq 25

R1(config)#access-list 101 permit tcp 172.16.5.254/16. 0.0.0.255 any eq 35

R1(config)#access-list 101 permit tcp 172.16.0.254/16. 0.0.0.255 any eq18

R1(config)#access-list 101 permit tcp 172.16.5.35/16. 0.0.0.255 any eq19

R1(config)#access-list 101 permit tcp 172.16.0.0/16. 0.0.0.255 any eq39

R1(config)#access-list 101 deny tcp 172.16.0.254/16. 0.0.0.255 any eq26

R1(config)#access-list 101 deny tcp 172.16.5.35/16 . 0.0.0.255 any eq23

Based on the configuration of the ACL for ABC Corporation, the paper re-creates the diagram.

Fig 2: Re-create of ACL Diagram for ABC Corporation

With the ACL commands, the paper recreates the diagram, and creates filtering rules for the router to follow. From the diagram in Fig 2, router will filter all hosts 172.16.5.35 from getting access onto the Internet. When host 172.16.5.35 attempts to get access into the internet, the ACL commands will prevent host 172.16.5.35 from getting access. This is very important because some malicious users may want to get access to the internet using these devices. By creating the ACL filtering rules, the host 172.16.5.35 will not be able to get access to the ABC Corporation.

Additional filtering rules that will be implemented based on Fig 2 are that the router will deny all other traffic to get access to 172.16.5.3.0. The router will serve as a guard to prevent other network from getting access to 172.16.5.3.0. In these devices, when a packet arrives onto the network router, and based on the filtering rules, the packet will extract information from the packet and the router will make decision whether to pass the information into the network or deny the information. Based on the filtering rules created, the router will deny other network traffic from getting access to the 172.16.5.3.0.

More importantly, the router will not allow outside traffic to ping telnet and ftp. This is very important for security reason because Telnet does not encrypt the data that come from other network. Thus, it is practical for eavesdropper to extract information from the network if allowing outside traffic to get access to the network. Moreover, there is no authentication that would ensure that there is no interception when the communication is being carried out over the network. Based on the shortcoming of the Telnet, it is very critical for ABC Corporation not to allow outside network from getting access to the Telnet.

Additionally, part of the filtering rules is not to allow outside network to get access to the File Transfer Control (FTP). Typically,...

While FTP may have security devices such as authentication, there are still security loopholes identified with FTP based on the sophisticated method that malicious users tamper with network protocol. Typically, the FTP infrastructure is not designed with security to protect itself against sophisticated it hackers. Thus, FTP could face series of vulnerable problems such as Spoof attacks, Bounce attacks, Port stealing, brute force attacks, and Packet capture sniffing. Based on the security vulnerability of Telnet and FTP, the ACL will not allow outside network to get access to the Telnet and FTP.
To enhance greater understanding on the importance of access control lists, the paper provides justification of ACL for ABC Corporation.

Justification of Access Control Lists for ABC Corporation

In the contemporary business environment, various malicious users attempt to get access to the organizational network infrastructure to steal valuable information. Typically, many of these malicious users tampers with the network devices of organization in order to steal valuable information through several technique such as sniffing, eavesdropping and other malicious technique. ACL has been identified as an effective security device. ABC Corporation could enjoy several benefits from using ACL for the company network security.

First, ACL will prevent ABC Corporation from ISL tagging attack. Malicious users often tagging attacks to get access onto the network. For example, an attacker could send fake DTP onto the network in order to get access. ACL is very effective to prevent this sort of attack into the network by preventing such attack getting into the network. Moreover, ACL could prevent organization from brute force attack. Malicious user tries to exploit switch potential vulnerability to get access into the network. The attack could use attack such as bugs to attack the network. With ACL in place, this type of attack will be ineffective on to the company network.

More importantly, ACL will prevent ABC organization from flooding attack. This type of attack is to send flood of traffic onto the network in order to sniff information from the organizational network. There are several programs to perform this type of malicious acts and when attackers identify weakness in the network, they use flooding attack to exploit the network devices. Typically, an attacker could use this attack to impersonate permitted network. To protect network infrastructure against this sort of attack, ACL will be very effective to prevent this type of attack from occurring onto the company network.

Conclusion

The technical paper provides a security plan that ABC Corporation could employ to protect network infrastructure. ABC Organization has just installed a new router onto the network, and since malicious user often attack network infrastructure from the router, the proposal provides security plan to enhance adequate security for the organizational network. To implement effective security for the ABC organization, Access Control Lists are used for the company network security. The paper uses standard ACL and extended ACL to provide adequate security for the company router. Installation of ACL security devices will provide essential security for the company router and network infrastructure.

References

Cisco Systems (2002).Virtual LAN Security Best Practices. Cisco Inc. White Paper.

Cisco (2010).Protecting Your Core: Infrastructure Protection Access Control Lists Document ID: 43920. Cisco Systems, Inc. Research Paper.

National Institute of Science and Technology (2010). The NIST Definition of Cloud Computing USA.

Sun CTO (2009). Cloud computing is like the mainframe.Techtarget.

ACL: Deny Access to 172.16.0.0/16

ACL: Deny…