From Managing Cisco Network Security

Introduction

Traffic filtering controls the type of traffic that can be forwarded to and from a network. This function enforces security policies in a specific point on a network, often between networks with different level of security.

This chapter covers the different traffic filtering mechanisms available in Cisco IOS and Cisco Secure Integrated Software. In the simplest case, IP filtering consists of an access list that permits or denies traffic based on the source or destination IP address.

Often, however, basic traffic filtering is not sufficient to provide adequate security in a network. Today, modern security products provide more control over the network traffic entering and exiting the network. To achieve that, the traffic must be inspected and the state of the connection must be kept. These advanced features require the router or firewall to understand the internal workings of the protocol it is trying to secure.

Access Lists

A very important step to security is the capability to control the flow of data within a network. A way to accomplish this is to utilize one of the many features of the Cisco Internetwork Operating System (IOS), known as an access list. The function of an access list will depend of the context in which it is used. For instance, access lists can:

  • Control access to networks attached to a router or define a particular type of traffic that is allowed to pass to and from a network.
  • Limit the contents of routing updates that are advertised by various routing...
Copyright Syngress Publishing, Inc. 2000 under license agreement with Books24x7

Products & Services
Network Security Software
Network security software includes everything from remote access protection to firewall and security appliance solutions to email security to web filtering, monitoring, bandwidth protection, and all elements of computer network security/computer security.
Network Appliances
Network appliances are inexpensive personal computers (PC) or computer boards that provide Internet access and promote network security. They lack many of the features of fully-equipped PCs, however.
Packet Switching Chips
Packet switching chips are communication integrated circuits (ICs) used in packet-switched networks to rout packets between network nodes.
Security Software
Security software programs are used to restrict access to data, files and users on a computer or server.
Network Routers
Network routers are protocol-dependent devices that connect subnetworks, or that break down a large network into smaller subnetworks.

Topics of Interest

Introduction In today s world of Enterprise networks, one of the major problems facing IT professionals is the rapidly depleting supply of legal network addresses. Measures have been taken to slow...

Introduction Traffic filtering consists of controlling the type of traffic that can be forwarded to and from a network. This function is used to enforce security policies at a specific point on a...

Introduction As the use of technology continues to grow in business, the volume of data that companies need to exchange is increasing to match that growth. To facilitate the exchange of this data, a...

Introduction A firewall is a security mechanism located on a network that protects resources from other networks and individuals. A firewall controls access to a network and enforces a security...

Introduction A firewall is a security mechanism located on a network that protects resources from other networks and individuals. A firewall controls access to a network and enforces a security...