Wednesday, September 30, 2009

How Many Types of ACLs are there in Cisco's Big IOS Security World....Continued

I thought to add some more IOS Security features in my previous list...might not be an exact ACL feature but in some way sometimes relies heavily on ACL.

1. ACL using Group-Objects...YES...now can use group objects to minimize number of ACLs like we do in ASA :-) isn't that cool enough...those old days are gone now. Thanks to some great programmers sitting out there in Cisco.

ACL group object feature came I guess in IOS 12.4(20T). It allows you to configure two types of group object.

* Network Objects
* Service Objects

And guess what...one more surprise with this feature is now we can use / notation with our IP addresses in Network Objects Group like 1.1.1.1/1...isn't that cool

Anyways...I'll demonstrate this feature in my next post and till the time I'll try to find out IOS for it.

2.) TCP Intercept - Another Cool IOS security feature

3.) URPF - Sometimes it also has to rely on ACLs...depending upon it's configuration mode

4.) NBAR - Cool QOS based Security Feature

5.) CAR -Of Course it not four wheeler CAR but CAR is acronym for Committed Access Rate and can be used as a security feature.

6.) IOS based IPS

7.) 802.1x

8.) CoPP - Control Plane Policing

9.) Setting up privilege level / Menu based Access For Users

10.) Setting Up Connection Limits - Defining Max number of TCP/UDP/ICMP packets from Single host
under defined time value, Max number of Half TCP sessions from
anyone under defined time value

I am sure there would be some other features as well along with some protocol specific features like RTBHF and Sink hole filtering...Those are more or less CCIE Security Topics anyways :-)

Happy Studying & Stay Tuned....

Best Regards,
Deepak Arora
CCIE#XXXXX...Oops that number is still missing

No comments: