Home > Others

Use the access control list to build a "copper wall"

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

I configured the ACL Access Control List on routers and switches to prevent viruses and hacker attacks. After the configuration, network devices effectively prevent the shock wave attacks when many hosts do not have the corresponding patches.

Because viruses, especially system vulnerability viruses, are transmitted and attacked using the corresponding ports, we can consider setting the corresponding ACL on the vro or vswitch for prevention.

Take Cisco as an example. The specific ACL Configuration is as follows:

Access-list 101 permit tcp any established

This command is used to create an ACL. It only allows the established connections to transmit data from the external server, and data transmission is denied for connections that are not established in advance. Finally, bind the ACL to the corresponding port to prevent viruses.

Now let's take a look at how to use this technology to combat the shock wave. Many Computers in the company do not have patches, so that hosts infected with external shock will spread viruses to internal hosts through ports 445, 5554, and 9996. Because we have configured an ACL, when external viruses actively transmit data to internal ports 445, 5554, and 9996, the data is filtered out by the router to implement real prevention. This setting has no impact on the use of the network by users in the intranet.

Prompt
1. because the established statement only supports the TCP protocol, if the company wants to transmit DNS and other information, it also needs to set the corresponding ACL statement to enable UDP transmission in the format of access-list 101 permit udp any.

2. after this setting, the user will complain that FTP cannot be used, because FTP password verification and data transmission are not using the same port. For password verification, port 21 is used, and data transmission uses Port 20, therefore, we also need to add the corresponding ACL in the format of access-list 101 permit tcp any eq ftp-data or access-list 101 permit tcp any eq 20.(

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
how to build remote control car fiber to copper transceiver convert fiber to copper copper to fiber transceiver how to use switch control how to use control panel how to use php to build website
Related Article
OpenGL Series Tutorial Eight: OpenGL vertex buffer Object (VBO)
Methods for generating various waveform files Vcd,vpd,shm,fsdb
Mac Ping:sendto:Host is down Ping does not pass other people'...
Solution to the problem that WordPress cannot be opened after...
(SOLR is successfully installed on the office machine accordi...
Webmaster resources (site creation required)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More