ACL Compliance Director FAQ



Similar documents
FIREWALLS & CBAC. philip.heimer@hh.se

Cisco Application Networking Manager Version 2.0

CISCO IOS NETWORK SECURITY (IINS)

Lab Configure IOS Firewall IDS

Securing Networks with PIX and ASA

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Cisco Certified Security Professional (CCSP)

Cisco PIX vs. Checkpoint Firewall

Cisco ASA. Administrators

Introduction of Intrusion Detection Systems

PCISS-1. Job Description: Key Responsibilities: I. Perform troubleshooting& support:

Access Control Lists: Overview and Guidelines

Cisco Firewall Technology

Cisco ASA and NetFlow Using ASA NetFlow with LiveAction Flow Software

SOFTNIX LOGGER Centralized Logs Management

- Introduction to PIX/ASA Firewalls -

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Case Study for Layer 3 Authentication and Encryption

CCNA Security. IINS v2.0 Implementing Cisco IOS Network Security ( )

Cisco Secure Access Control Server 4.2 for Windows

Host Hardening. OS Vulnerability test. CERT Report on systems vulnerabilities. (March 21, 2011)

Where can I install GFI EventsManager on my network?

The Cisco IOS Firewall feature set is supported on the following platforms: Cisco 2600 series Cisco 3600 series

Cisco Adaptive Security Device Manager Version 5.2F for Cisco Firewall Services Module Software Version 3.2

Table of Contents. Configuring IP Access Lists

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia 2006 Cisco Systems, Inc. All rights reserved.

Network Monitoring Comparison

Deploying in a Distributed Environment

Security Technology: Firewalls and VPNs

FireMon Security Manager Fact Sheet

CCNA Security 1.1 Instructional Resource

Lab Developing ACLs to Implement Firewall Rule Sets

Network Defense Tools

CCNA Security. Chapter Two Securing Network Devices Cisco Learning Institute.

EPICenter Network Management Software

IT Security Standard: Network Device Configuration and Management

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

How To Set Up Foglight Nms For A Proof Of Concept

A Model Design of Network Security for Private and Public Data Transmission

Integrated Cisco Products

CCNA Security 2.0 Scope and Sequence

TABLE OF CONTENTS NETWORK SECURITY 1...1

2. Are explicit proxy connections also affected by the ARM config?

Implementing Cisco IOS Network Security v2.0 (IINS)

Cisco Certified Network Expert (CCNE)

General Network Security

Configuring Tunnel Default Gateway on Cisco IOS EasyVPN/DMVPN Server to Route Tunneled Traffic

TABLE OF CONTENTS NETWORK SECURITY 2...1

Cisco Wide Area Application Services (WAAS) Software Version 4.0

SonicWALL PCI 1.1 Implementation Guide

Firewall Firewall August, 2003

Cisco ASA, PIX, and FWSM Firewall Handbook

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Troubleshooting the Firewall Services Module

Securizarea Calculatoarelor și a Rețelelor 13. Implementarea tehnologiei firewall CBAC pentru protejarea rețelei

Security Policies Tekenen? Florian Buijs

YubiRADIUS Deployment Guide for corporate remote access. How to Guide

Technical Note. ForeScout CounterACT: Virtual Firewall

ACCREDITED SOLUTION. EXPLORER Cisco Systems VPN Client

Basics of Internet Security

C H A P T E R Management Cisco SAFE Reference Guide OL

SECURE FTP CONFIGURATION SETUP GUIDE

Where can I install GFI EventsManager on my network?

Output Interpreter. SHOW RUNNING-CONFIG SECURITY Analysis SHOW RUNNING-CONFIG - FW Analysis. Back to top

Implementation of Business Linux Routers

Volume SYSLOG JUNCTION. User s Guide. User s Guide

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

HP ProCurve Identity Driven Manager 3.0

Magnum Network Software DX

TIBCO LogLogic. SOX and COBIT Compliance Suite Quick Start Guide. Software Release: December Two-Second Advantage

Implementing Cisco IOS Network Security

CiscoWorks Resource Manager Essentials 4.1

Cisco Change Management: Best Practices White Paper

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2

How To Protect A Web Application From Attack From A Trusted Environment

NetScaler VPX FAQ. Table of Contents

Technology Consultant Security Specialist High Profile Organisations Overview and Core Competencies

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

Symantec Event Collector 4.3 for Cisco PIX Quick Reference

Running custom scripts which allow you to remotely and securely run a script you wrote on Windows, Mac, Linux, and Unix devices.

IINS Implementing Cisco Network Security 3.0 (IINS)

mbits Network Operations Centrec

(d-5273) CCIE Security v3.0 Written Exam Topics

Firewall Rulebase Analysis Tool

Troubleshooting the Firewall Services Module

Product Summary RADIUS Servers

Firewall and Router Policy

Vyatta Network OS for Network Virtualization

Achieving PCI-Compliance through Cyberoam

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

Central Agency for Information Technology

CDS and Clearing Limited Thapathali, Kathmandu 7 th Level (Technical) Syllabus

Transcription:

Abstract Cyber Operations, Inc., Cyber Operations, Inc. Copyright 2008 Cyber Operations, Inc. This document contains frequently asked questions about ACL Compliance Director with answers. Table of Contents... 1 What is an Access Control List (ACL)?... 1 Why would I need an Access Control List (ACL)?... 1 What separates ACL Compliance Director from other network policy products?... 2 What types of devices does ACL Compliance Director support?... 2 Does ACL Compliance Director encrypt the traffic that it sends to the devices?... 2 How many ACL entries can ACL Compliance Director handle?... 2 Can I import my existing access lists?... 3 Will there be support for a certain feature in the future?... 3 Do I have to have a TACACS+ server?... 3 How does synchronization (aka deployment) work or how does it communicate with the device?... 3 Does ACL Compliance Director support logging to syslog and/or external syslog servers?... 3 Does ACL Compliance Director support IPv6 access lists?... 3 Is ACL Compliance Director a server appliance or a software product?... 4 What operating system does ACL Compliance Director run on?... 4 What are the system requirements for ACL Compliance Director in terms of hardware?... 4 Do you support 64-bit Linux?... 4 Will comments I enter for ACL entries in ACL Compliance Director be put into the device?... 4 What happens if I change an ACL on the device manually?... 4 What is an Access Control List (ACL)? An access control list which is also sometimes called a filter, policy, or filter list is a list kept by network devices to control access to or from a number of network services and addresses. ACL's provide a straightforward way of granting or denying access to a particular network resource, controlling both inbound and outbound network traffic. Access-lists or equivalent policies can be implemented on routers and switches as well as firewalls. Why would I need an Access Control List (ACL)? Access control lists (ACL,s) allow system administrators to granularly control access to network services and sensitive information. This helps to protect businesses from malicious activity. Access control lists also allow companies to control access to their internal infrastructure from within the organization. For example, ACL's allow you to keep the sales department from accessing HR data and vice versa. An ACL can also be used as a response to an ongoing security threat. When malicious activity is detected from an address or group of addresses, traffic from those addresses can be temporarily or permanently blocked. 1

What separates ACL Compliance Director from other network policy products? ACL Compliance Director is a cross platform product, meaning it works with a variety of different vendors' devices so your company will not have to buy a management tool for each type of network device that you use. Your IT group will be able to use one tool to manage access control lists on all network devices support by ACL Compliance Director. ACL Compliance Director stores access lists in one central database accessed via web interface and tracks all changes device deployments with support for rolling back to any previous point in the modification history of an access list to quickly correct any problems from changes. ACL Compliance Director provides powerful tools for managing and troubleshooting large lists including hierarchal lists, searching list entries, testing against sample packet values, and tracking which devices need to by synchronized when changes are made to ACLs. What types of devices does ACL Compliance Director support? Currently ACL Compliance Director supports the following types of devices: 1. Cisco IOS routers and switches 2. Cisco ASA devices 3. Cisco PIX firewalls 4. Juniper JunOS routers 5. Juniper Netscreen Firewalls 6. Force10 routers 7. Aruba Mobility Controllers Support for specific devices can be added on request, or as a condition of a sale so please inquire if you need support for other network device types. Does ACL Compliance Director encrypt the traffic that it sends to the devices? If the devices that you are trying to connect to support SSH and SCP, then choosing the SSH option when you select the type of device in ACL Compliance Director will encrypt all network traffic. If you select to communicate with devices via Telnet or TFTP then the traffic will not be encrypted. How many ACL entries can ACL Compliance Director handle? ACL Compliance Director supports a virtually unlimited number of ACL entries. The number of entries a particular network device can support varies depending on the device and the amount of memory that the 2

device contains. If you find you are limited in the number of ACL entries than you can deploy, consider upgrading to a different model router or adding more memory to the router. Can I import my existing access lists? Direct import of ACL's from Cisco IOS, Cisco PIX, Cisco ASA, Juniper, Aruba, and Force10 FTOS configurations is supported. You can import either directly from a configured device or from a saved device configuration file. Will there be support for a certain feature in the future? New features are constantly being added to ACL Compliance Director. If there is a particular feature that you desire, contact us because there already may be support for that feature in the newest version. Customization for your organization is also an option, so please let us know what your needs are. Do I have to have a TACACS+ server? No, we support TACACS+, Radius, and LDAP for authorization as well as the option to authenticate based on local accounts on the server. How does synchronization (aka deployment) work or how does it communicate with the device? It depends on what the specific device supports. For Juniper JunOS routers, the updated portion of the configuration is sent to the device using Secure Copy(SCP), then an SSH connection is used to load the configuration changes. For Cisco routers and PIX firewalls, there are two basic options which can be used over either SSH or telnet. The preferred method uses TFTP via our own special server that only allows access during a deployment and only allows access to temporary paths which are based on a secure hash to make TFTP as secure as is possible; the TFTP connection is used to retrieve or update the configuration, while SSH or telnet is used to control the device and load the new configuration. Another option is to send all configuration changes over an SSH or telnet connection; this option is slower, but can be used workaround problems caused by firewalls and IP masquerading between the server and the device being controlled. Secure Copy (SCP) is also supported for versions of Cisco IOS that have that capability. Does ACL Compliance Director support logging to syslog and/or external syslog servers? Yes, ACL Compliance Director can log all of its system activity via syslog including to external syslog servers. Does ACL Compliance Director support IPv6 access lists? Yes, IPv6 access lists are supported for Cisco IOS as well as Juniper JunOS. 3

Is ACL Compliance Director a server appliance or a software product? Either, really, we can provide you with a preconfigured system to make installation and support simpler, or we can help you install the system on your server. What operating system does ACL Compliance Director run on? ACL Compliance Director runs on Linux, and our preconfigured systems use the RedHat Fedora 8 distribution, however the system is very portable and we can accommodate other types of Linux and Unix on request. Currently the officially supported Linux distributions are: 1. Fedora 2. RedHat Enterprise Linux 3. SuSE Linux What are the system requirements for ACL Compliance Director in terms of hardware? This depends somewhat on the number of network devices you are going to manage with ACL Compliance Director. For small to medium installations, meaning less than 100 devices, we recommend a minimum of 256 megabytes of RAM, and a Pentium 4 class or equivalent processor. Do you support 64-bit Linux? Yes, by request, our normal system is 32 bit for maximum compatibility. See the question "What operating system does ACL Compliance Director run on?" Will comments I enter for ACL entries in ACL Compliance Director be put into the device? The contents of the Description field in ACL Compliance Director will be added as a remark when working with Cisco IOS devices, but comments are not entered with other device types. What happens if I change an ACL on the device manually? If you bypass ACL Compliance Director to make the change then the system will not know about it, and the next time you synchronize the device from ACL Compliance Director the changes will be overridden. The idea is to enforce compliance with the system. If you want to automatically update access lists that are edited by hand or monitor changes to an accesslist on a device for any reason, then you can configure an 'Auto-List' which ACL compliance directory 4

will check for changes and import whenever it is modified. This gives you a revision history of the list and also allows you to monitor it for changes. 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information