Once you have designed the remote monitoring rules and described them in the remote monitoring rule worksheet, you have to implement them on the screening router or firewall (if it allows remote monitoring rules to be specified).
The standard access lists have a single address for matching operations, and the extended access lists have two addresses with optional protocol-type information for matching operations. For many practical filtering operations, you need both the standard and extended access lists. The source and the source-mask are 32-bit values and are written using the dotted-decimal notation. These are used to identify the source IP address. The source-mask should not be confused with subnet masks that are used to subdivide an IP network number assignment.
Each type of remote monitoring device has its own set of rules and syntax on how to program the remote monitoring rules. Therefore, one must read the remote monitoring device documentation and learn the peculiarities of the remote monitoring rules syntax for that device. If you change the vendor of the remote monitoring device, you will have to learn a different set of syntax rules.
One of the goals of this article is to give you practical advice on building Internet firewalls and improving network security. Because of this, the author believes that it is important to show some practical examples of how remote monitoring rules can be specified. This will be done in relationship to the screening routers from the router vendor.
A word or two about the selection of the vendor is perhaps in order. Selection of routers in the remote monitoring examples is by no means an endorsement of the product. Remote monitoring specialists would be equally happy discussing another router vendor’s product. On the other hand, they dominate the router market and implements many of the remote monitoring capabilities discussed in this book. The remote monitoring rules for other vendors’ routers are similar in principle to the ones used by Cisco routers, but are syntactically different.
Defining Access Lists
Routers define access lists as a sequential collection of permit-and-deny conditions that apply to Internet addresses. These access-list conditions are used to implement the remote monitoring rules. When the screening router is programmed with access lists, it tests the packets against the conditions in the access list one by one. The first match determines if the router accepts or rejects the packet. Because the screening router stops testing conditions in the access lists after the first match, the order of the conditions is critical. If no conditions are matched, the packet is rejected
The remote monitoring routers have two types of access lists:
A word or two about the selection of the vendor is perhaps in order. Selection of routers in the remote monitoring examples is by no means an endorsement of the product. Remote monitoring specialists would be equally happy discussing another router vendor’s product. On the other hand, they dominate the router market and implements many of the remote monitoring capabilities discussed in this book. The remote monitoring rules for other vendors’ routers are similar in principle to the ones used by Cisco routers, but are syntactically different.
Defining Access Lists
Routers define access lists as a sequential collection of permit-and-deny conditions that apply to Internet addresses. These access-list conditions are used to implement the remote monitoring rules. When the screening router is programmed with access lists, it tests the packets against the conditions in the access list one by one. The first match determines if the router accepts or rejects the packet. Because the screening router stops testing conditions in the access lists after the first match, the order of the conditions is critical. If no conditions are matched, the packet is rejected
The remote monitoring routers have two types of access lists:
- Standard Access Lists
- Extended access lists
The standard access lists have a single address for matching operations, and the extended access lists have two addresses with optional protocol-type information for matching operations. For many practical filtering operations, you need both the standard and extended access lists. The source and the source-mask are 32-bit values and are written using the dotted-decimal notation. These are used to identify the source IP address. The source-mask should not be confused with subnet masks that are used to subdivide an IP network number assignment.
Source: Free Articles from ArticlesFactory.com