Managing Cisco Network Security, Second Edition

As the use of technology continues to grow in business, the volume of data that companies need to exchange is increasing to match that growth. To facilitate the exchange of this data, a connection must be established between the networks of these companies. Without some form of security, each network will have complete access to the other with no way of controlling what data someone will be able to see.
One of the easiest ways to protect your network from unauthorized access is to filter the traffic at the point where it enters your network. By catching all traffic before it can be forwarded into your network, you can minimize the chance someone will be able to sidestep your security measures and find an alternate path to the data they are trying to access.
In many cases, the device used to connect two or more networks together is a router. To allow traffic filtering at the connection point to other networks, we need some method of filtering traffic on the router itself. This chapter will cover the different traffic filtering mechanisms available in a Cisco router.
In the simplest case, traffic filtering can consist of a list that permits or denies traffic based on the source or destination IP address. But very often, basic traffic filtering is not sufficient to provide adequate security in a network. Today, modern security products provide more control over the network traffic entering and exiting the network. To achieve that, the traffic must be...