Network Security Fundamentals

Questions and Answers

Which of the following is the MOST accurate definition of a 'threat' in network security?

• A potential danger that can exploit a vulnerability. (correct)
• A weakness in a system that can be exploited.
• The mitigation strategy employed to reduce risk.
• The calculated probability of an event occurring.

Which of the following is NOT a typical vector for data loss?

• Removable Media.
• Cloud Storage Devices.
• Encrypted devices. (correct)
• Email/Webmail.

A network consisting of interconnected LANs within a limited geographical area, such as a university campus or business park, is best described as a:

• Personal Area Network (PAN).
• Small Office/Home Office Network (SOHO).
• Wide Area Network (WAN).
• Campus Area Network (CAN). (correct)

Which of the following is a key characteristic that differentiates a worm from a virus?

A worm can self-replicate and spread without human intervention. (C)

Which of the following attack types involves an attacker intercepting communications between two parties without their knowledge?

Man-in-the-Middle (MitM). (C)

Which of the following professional roles is primarily responsible for overseeing an organization's security policies and procedures?

Security Manager. (C)

Which of the CIA triad components is best addressed by implementing network hardening mechanisms and backup systems?

Availability. (C)

What is the primary goal of 'Control Plane Policing' (CoPP)?

To protect the control plane from being overwhelmed by traffic. (A)

Which security measure is MOST effective in preventing eavesdropping attacks?

Data Encryption. (D)

What is the function of a 'fuzzer' in the context of security tools?

To search for vulnerabilities by inputting random data. (B)

An attacker is using social engineering to convince a user to provide their password over the phone. What type of social engineering attack is this?

Pretexting. (C)

Which security domain includes security breach alarms, fences, and gates?

Physical and environmental security. (D)

An organization discovers it has been infected with a 'zero-day' exploit. Which course of action is the MOST appropriate?

Isolate affected systems and seek immediate patching information from the vendor or develop a workaround. (B)

An organization implements a new security protocol that mandates multi-factor authentication for all employees, regardless of their role or access level. This decision MOST directly supports which security principle?

Defense in depth. (A)

A network administrator observes unusually high UDP traffic originating from a single internal host destined for random ports on multiple external servers. Further investigation reveals that the host is also attempting to resolve numerous nonexistent domain names. Which of the following is the MOST likely cause?

The host is participating in a distributed denial-of-service (DDoS) attack as a bot. (B)

The primary goal of a network security vulnerability scan is to identify potential weaknesses before they can be exploited.

True (A)

A worm requires a host program to execute and replicate.

False (B)

A modern method to secure data in transit is to utilize the FTPS protocol.

False (B)

Social Engineering attacks target the technical infrastructure of a network to gain unauthorized access.

False (B)

The primary goal of a DDoS attack is to disrupt the availability of a service.

True (A)

In the context of network security, the term 'integrity' refers to ensuring that data is only accessible to authorized individuals.

False (B)

A 'script kiddie' is a highly skilled hacker who develops sophisticated exploits.

False (B)

Implementing a DMZ (Demilitarized Zone) is unnecessary for a campus area network as internal threats are negligible.

False (B)

'Grey hat' hackers exclusively use their skills for malicious purposes.

False (B)

A keylogger is a type of malware that specifically targets web servers to steal sensitive data.

False (B)

In network security, rate limiting on a firewall is an effective method to prevent brute-force attacks.

True (A)

State-sponsored hackers only target military and governmental infrastructure.

False (B)

The Common Vulnerability Scoring System (CVSS) is a proprietary framework exclusively used by Cisco for rating IT vulnerabilities.

False (B)

Increasing the salt size to at least 256-bits is computationally guaranteed to prevent rainbow table attacks.

False (B)

In the context of mitigating network attacks, perfect forward secrecy (PFS) makes past session keys invulnerable even if the private key of the server is compromised years later.

True (A)

Which of the following is NOT a recommended guideline for creating strong passwords?

Include personal identifiable information such as name or birthday. (B)

What is the primary purpose of the 'Cisco IOS Resilient Configuration' feature?

To secure the Cisco IOS image and configuration files. (D)

What is a key benefit of using 'Role-Based CLI Access'?

It allows administrators to grant specific permissions based on job roles. (C)

Which of the following best describes the use of banners in network device security?

Banners present legal notifications to users before login. (B)

What is the purpose of the login block-for command?

To implement delays after successive failed login attempts. (C)

Which of the following is a potential consequence of routing protocol spoofing?

Redirected traffic creating routing loops. (B)

Which of the following describes the function of a 'Syslog' server in network security?

It centrally collects and stores system log messages. (A)

What is the recommendation regarding the configuration of secret passwords on network devices?

Configure all secret passwords using type 8 or type 9 passwords. (C)

Which protocol is preferred for secure remote management of Cisco routers?

SSH (C)

Which of the following describes the 'Defense in Depth' approach to securing a network perimeter?

Uses a combination of security measures like firewalls and intrusion detection systems. (A)

What is the purpose of configuring NTP (Network Time Protocol) on network devices?

To enable accurate timestamping between all devices. (A)

In the context of privilege levels on Cisco devices, what is the significance of level 15?

It's reserved for the enable mode privileges. (D)

How is 'AutoSecure' best described regarding the topic of router hardening?

An automated tool to quickly enhance the security posture of a router. (B)

What is the most secure method for authenticating OSPF routing protocol updates, considering both computational overhead and resistance to collision attacks?

HMAC-SHA-256 authentication using key chain with lifetime configuration. (D)

An organization is implementing role-based access control (RBAC) on their Cisco routers using CLI views. A junior network engineer requires access to only monitor interface status and check basic network connectivity. Which of the following view configurations is least appropriate, considering the principle of least privilege and minimizing potential for unintended configuration changes?

A view that includes show running-config, show ip route, ping, and traceroute commands. (A)

In a defense in depth approach to edge router security, only one router is used to protect the internal network.

False (B)

Enabling service password-encryption is sufficient to protect against sophisticated password cracking techniques.

False (B)

A strong password should be based on easily identifiable information such as names or birthdays.

False (B)

The command login block-for 30 attempts 3 within 10 will block login attempts for 30 seconds if there are 3 failed login attempts within 10 seconds.

True (A)

Configuring transport input ssh on the vty lines allows only SSH connections, enhancing the security of remote access.

True (A)

Privilege levels on a Cisco router range from 1 to 32, allowing for fine-grained control over command availability.

False (B)

Commands available at lower privilege levels are not executable at higher privilege levels.

False (B)

The Cisco IOS Resilient Configuration feature can be disabled through any type of session, including Telnet or SSH.

False (B)

In Syslog messages, a severity level of 0 indicates debugging messages.

False (B)

The crypto key zeroize rsa command, when executed, will remove all RSA keys, including router certificates issued using those keys after prompting for confirmation.

True (A)

In the context of AAA, what is the primary function of 'Authorization'?

Granting or denying specific access rights and privileges to a user after authentication. (C)

Which of the following is the correct order of the primary AAA elements when a user attempts network access?

Authentication, Authorization, Accounting (D)

What is the purpose of 'Accounting' in the AAA framework?

To track user activities and resource consumption for auditing and billing. (D)

When AAA is not implemented, what vulnerability commonly affects Telnet?

Brute-force Attacks (B)

What is the initial step to enable local AAA on a Cisco router?

Enable the AAA new-model command. (C)

Which command configures local AAA authentication for console login?

aaa authentication login default local (C)

What is the maximum number of authentication methods that can be defined in a single AAA authentication list?

4 (D)

Which command is used to set the maximum number of failed login attempts before a user account is locked locally?

aaa local authentication attempts max-fail (D)

What is the primary benefit of using server-based AAA compared to local AAA?

Centralized user management and scalability. (B)

Which protocol is preferred for AAA because it encrypts the entire packet, providing greater security?

TACACS+ (D)

What is a key difference between TACACS+ and RADIUS protocols, in terms of authentication and authorization?

RADIUS combines authentication and authorization, while TACACS+ separates them. (B)

Which of the following protocols is commonly used to integrate AAA with Microsoft's Active Directory?

RADIUS (B)

After configuring a router to use a RADIUS server for authentication, users are still being authenticated locally. What is the most likely cause?

All of the above (D)

A network administrator configures AAA with TACACS+ for device administration. However, they notice that command authorization is not functioning as expected; users are able to execute commands they should not have access to. What is the most probable cause?

The TACACS+ server's configuration is missing the authorization policy for command sets. (D)

An organization wants to implement the most secure method for verifying the integrity of their AAA accounting logs sent to a central server. They are particularly concerned about non-repudiation. Which of the of the following would provide the strongest guarantees, assuming all systems are properly configured?

Digitally signing each log entry with the router's private key, and verifying the signature with the corresponding public key on the server, using a PKI infrastructure. (B)

AAA is a framework used to control user access to network resources.

True (A)

Identification involves proving that you are that identity.

False (B)

Authorization defines what a user can and cannot do on the network.

True (A)

Accounting involves reviewing log files to check for compliance and hold subjects accountable for their actions.

True (A)

When using local AAA authentication, the router uses a remote server to authenticate users.

False (B)

TACACS+ encrypts only the password within its packets, providing limited security.

False (B)

RADIUS combines authentication and authorization into a single process.

True (A)

To configure server-based AAA, you must first enable AAA, specify the ACS server's IP address, configure the secret key and configure authentication to use either RADIUS or TACACS+.

True (A)

In the context of AAA authorization with CLI, the command aaa authorization exec default group tacacs+ configures authorization to use the TACACS+ server group for network access.

False (B)

AAA accounting with the stop-only parameter initiates the logging of user activities exclusively upon session inception.

False (B)

Which of the following is the most accurate statement regarding the implicit deny?

It prevents all traffic if no permit statements are configured in the ACL. (B)

What is the result of configuring an ACL with only deny statements and no permit statements?

All traffic is denied due to the implicit deny. (B)

What is the key differentiator between standard and extended IPv4 ACLs?

Standard ACLs can filter traffic based only on source IP addresses, while extended ACLs can filter based on source and destination IP addresses, protocols, and port numbers. (D)

Which of the following ACL number ranges represents extended access lists?

100 to 199 and 2000 to 2699 (B)

What is the primary function of a wildcard mask in an ACL?

To designate which portions of an IP address should be ignored or matched. (D)

When configuring an ACL, what does a wildcard mask bit of '0' indicate?

The corresponding bit in the address must match. (D)

Which keyword can be used in an ACL statement to match any IP address?

any (D)

Which of the following is a best practice regarding ACL placement?

Place standard ACLs as close as possible to the destination and extended ACLs as close as possible to the source. (D)

Which command is used to apply a named ACL to a router interface?

ip access-group <ACL_name> out (D)

Considering the complexities of network security, which of these scenarios represents the most secure and efficient application of ACLs on a router with multiple interfaces?

Implementing a combination of standard and extended ACLs, with standard ACLs placed closest to the destination and extended ACLs closest to the source, adhering to the principle of 'one ACL per protocol, per direction, per interface'. (A)

By default, a router automatically filters all traffic.

False (B)

The last statement of an ACL is an explicit permit statement.

False (B)

Standard ACLs filter IP packets based on both the source and destination address.

False (B)

Using a wildcard mask bit of 1 means 'match the corresponding bit value in the address'.

False (B)

Extended ACLs should be located as close as reasonably possible to the destination of the traffic.

False (B)

A single ACL can control traffic in both inbound and outbound directions simultaneously on an interface.

False (B)

If an ACL does not have at least one permit statement, it will block all traffic due to the implicit deny.

True (A)

When configuring numbered ACLs, numbers 1 to 99 and 2000 to 2699 are for standard IP ACLs and numbers from 100 to 199 and 1300 to 1999 are for extended IP ACLs.

False (B)

The command access-list 101 deny tcp any eq telnet any will deny packets with a destination port of 23, from anywhere to anywhere.

False (B)

What is the effect of the following configuration commands:

R1(config)# access-list 5 remark Block all traffic from 192.168.10.0/24 R1(config)# access-list 5 deny 192.168.10.0 0.0.0.255 R1(config)# access-list 5 permit any R1(config)# interface GigabitEthernet0/1 R1(config-if)# ip access-group 5 in

Subsequently, hosts on the 192.168.10.0/24 network attempting to communicate outbound via GigabitEthernet0/1 will intermittently succeed due to the permit any statement.

False (B)

Flashcards

What is a virus?

A malicious software that executes specific unwanted functions on a computer.

What is a worm?

Malware that replicates and spreads across a network from system to system.

What is a Trojan horse?

A non-replicating malware disguised as legitimate software to deceive users.

Who are script kiddies?

Attackers who use existing tools to exploit vulnerabilities without deep technical knowledge.

What are vulnerability brokers?

Buying and selling information about software vulnerabilities.

What is eavesdropping?

The act of secretly listening to private communications on a network.

What is data modification?

Altering data during transmission, compromising its integrity.

What is a Denial-of-Service attack?

An attack that overwhelms a system, making it unavailable to legitimate users.

What is a Man-in-the-Middle attack?

An attack where the attacker intercepts and alters communication between two parties.

What is a Buffer Overflow?

Malicious code is inserted into an application due to insufficient boundary checking.

What are Reconnaissance Attacks?

Initial probing to gather info about target systems and networks.

What are Access Attacks used for?

Attacks aimed at gaining unauthorized access to system resources.

What are Social Engineering Attacks?

Deceptive techniques to trick individuals into divulging confidential information.

What is Availability?

Principle ensuring data is accessible when needed by authorized users.

What is Confidentiality?

Using encryption to keep data confidential.

Malware

General term for malicious software.

Hackers

Individuals or groups who use computer expertise for malicious purposes like data theft or system disruption.

White Hat Hackers

Individuals who expose vulnerabilities for the common good; security researchers.

Black Hat Hackers

Individuals who exploit vulnerabilities for personal gain or malicious purposes.

Hacktivists

Cyber attackers motivated by political or social causes.

Cyber Criminals

Criminals using computers to commit financially motivated crimes.

State-Sponsored Hackers

Attackers working on behalf of a nation-state.

Penetration Testing Tools

Tools used to assess the security of a network by simulating attacks.

Forensic Tools

Tools to recover data after a security incident.

IP Address Spoofing

Act of concealing the source IP address to obscure the origin of an attack.

Identity Validation

Employing logic to verify identities over the phone, email, or in person.

DDoS Attack

An attack where multiple compromised systems are used to target a single system, causing a DoS.

Integrity

Uses hashing algorithms to ensure that data is unaltered during operation

Security Policy

A set of rules detailing how an organization will protect its information and systems.

Single Router Approach

An approach to edge router security where a single router connects directly to the internet.

Defense in Depth Approach

Security approach using multiple layers of security devices, like firewalls and routers, to protect the network.

DMZ Approach

Router security approach that uses a firewall to protect internal network resources from outside and vice versa.

Physical Security (Router)

The physical protection of the router device itself from theft or damage.

Router OS & Config Security

Protecting the router's operating system and configuration files from unauthorized modification or access.

Router Hardening

Strengthening a router's security posture by disabling unnecessary services, changing default settings, and applying security best practices.

Secure Admin Access

Ensuring that only authorized individuals are able to access the router's configuration and operational features.

Strong Passwords

The use of strong, complex passwords to protect access to network devices.

Service Password Encryption

A feature on Cisco devices that encrypts passwords stored in the configuration file.

Login Block-For

Mechanism to restrict login attempts, blocking users submitting too many successive login attempts.

Login Syslog Messages

Logging system events to enable syslogs to monitor abnormal and intrusion attempts to router.

SSH

A protocol that provides secure remote access to network devices.

Privilege Levels

Configuring access levels to control the commands available to different administrative roles.

Role-Based CLI Access

Access to the router is limted by the user role, with more restrictions for certain command availability.

Cisco IOS Resilient Config

Feature of Cisco IOS to secure the IOS image and configurations.

Syslog

A protocol used to monitor network devices. Syslogs can send alerts to network admins.

NTP

A protocol to ensure that all devices have timestamping between all devices.

AutoSecure

Automated tool to improve the security of Cisco devices.

Route Protocol Auth

Verifying the source of routing protocol updates to prevent spoofing.

Control Plane Policing

Used to filter traffic to the route processor, which improve network functionality.

Single Router Security

A security approach using a single router connecting directly to the Internet, providing basic network perimeter defense.

Router Security Areas

The practice of using diverse security measures. This includes physical, OS, and config protection to protect against vulnerabilities.

Administrative Access Tasks

Restricting access to a device, logging all access attempts, using authentication, authorizing actions, and ensuring data confidentiality.

Password Creation

Using a minimum length of 10 characters, mixing uppercase and lowercase letters, numbers, symbols, and avoiding identifiable information.

IOS Resilient Configuration

A Cisco IOS feature that secures the IOS image and configuration files by detecting version mismatches and using local storage.

What is Syslog?

A protocol for collecting and managing log messages from network devices.

What is NTP?

A protocol used to synchronize the clocks of computer systems over a network.

What is Route Protocol Authentication

A feature to verify the source of routing protocol updates, preventing spoofing and unauthorized network changes.

What is Authentication?

The process of verifying the identity of a user or device.

What is Authorization?

The process of granting or denying access to resources based on identity and permissions.

What is Accounting?

The process of tracking user activity and resource usage for auditing and billing purposes.

What is Identification?

Claiming an identity when trying to get into a secured area.

What is Local AAA Authentication?

AAA configured on the local router to validate users against the local database.

What is Server-Based AAA?

AAA implemented on a dedicated server for centralized authentication, authorization and accounting.

What is TACACS+?

A protocol that separates authentication and authorization, using TCP for transport.

What is RADIUS?

A protocol that combines authentication and authorization, using UDP for transport.

What does Authentication ensure?

Ensures a device or end-user is legitimate.

What does Authorization determine?

Allows or disallows authenticated users access to certain network resources.

What is the first step in AAA?

Adding usernames and passwords to the local router database.

What is the second step in Server-Based AAA?

Specifies the IP address of the ACS server used for server-based AAA.

AAA Authentication Attempts Max Fail

Number of unsuccessful authentication attempts before a connection is dropped.

AAA Accounting Messages

A start message to begin and a stop message to end the accounting process.

RADIUS and Active Directory Integration

Protocol used to communicate between clients and the Microsoft Windows Server NPS.

What is Accounting (AAA)?

The component of AAA that reviews log files to asses compliance, identify violations, and maintain subject accountability.

What is Authentication (AAA)?

The component of AAA that proves you are who you claim to be.

What is Authorization (AAA)?

The component of AAA that defines what a user can access and do on the network.

What is Local Authentication?

An authentication method using a local username database instead of an external server.

What is the first step in local AAA configuration?

Adding usernames and passwords to the local router database for administrative users.

What is group (AAA)?

Uses a subset of RADIUS or TACACS+ servers for authentication.

What is the second step in local AAA configuration?

Enables AAA globally on the router.

What transport protocols do TACACS+ and RADIUS use?

TACACS+ uses TCP, RADIUS uses UDP.

What is an ACL?

A list of rules that filter network traffic by permitting or denying packets.

What does an inbound ACL do?

Inspects packets coming into an interface, filtering them before routing.

What does an outbound ACL do?

Inspects packets after routing, filtering them as they exit the interface.

What is an Implicit Deny?

Applied automatically at the end of each ACL, blocking all traffic not explicitly permitted.

What do standard ACLs filter by?

Filters packets based only on the source IP address.

What do extended ACLs filter by?

Filters packets based on source and/or destination IP addresses, protocols, and ports.

What is a wildcard mask?

Used to match or ignore specific bits in an IP address.

Where are ACLs used?

Routers placed between the internal network and external networks.

What are the benefits of ACL best practices?

Ensures security policy implementation, avoid access issues, create reusable configurations, prevent errors.

What is the command to apply an ACL to an interface?

Command used to link a configured ACL to an interface.

Access Control List (ACL)

A sequential list of permit or deny statements, also known as ACEs, used to filter network traffic.

Implicit Deny

A statement automatically inserted at the end of each ACL that blocks all traffic not explicitly permitted.

Standard ACL

An ACL that filters IP packets based only on the source IP address.

Extended ACL

An ACL that filters IP packets based on source and destination IP addresses, protocols, and port numbers.

Wildcard Mask

A 32-bit number used to specify which bits of an IP address should be matched or ignored in an ACL.

ACL Deployment

Apply ACLs to firewall routers positioned between the internal and external networks.

ip access-group

Command used to associate a configured ACL to a specific network interface.

One ACL per protocol

Control traffic flow, one ACL must be defined for each protocol enabled on the interface.

One ACL per direction

ACLs can only control traffic in one direction at a time on an interface.

Extended ACL Placement

Locate extended ACLs as close as possible to the source of the traffic to be filtered.

Study Notes

• Chapter 4 covers implementing Firewall technologies (Access Control Lists) part 1.
• Topics include IP ACL operation, standard IPv4 ACLs, extended IPv4 ACLs, and troubleshooting ACLs.
• Objectives are to explain how ACLs filter traffic, compare standard and extended IPv4 ACLs, explain wildcard masks, and explain the guidelines for creating and placing ACLs.
• Objectives continue with configuring standard IPv4 ACLs, modifying a standard IPv4 ACL using sequence numbers, and configuring a standard ACL to secure vty access.
• More objectives are to explain the ACE structure, configure extended IPv4 ACLs, configure an ACL to limit debug output, explain how a router processes packets when an ACL is applied, and troubleshoot common ACL errors.
• An ACL's final statement is an implicit deny, automatically inserted at the end.
• This implicit deny will block all traffic if there is no permit statement.
• Cisco IPv4 ACLs come in Standard and Extended Types.
• Standard ACLs can filter IP packets based on the source address only.

Numbering and Naming ACLs

• Assign a number based on the protocol filtered to a numbered ACL.
• Standard IP ACLs numbers can be (1 to 99) and (1300 and 1999).
• Extended IP ACL numbers can be (100 to 199) and (2000 to 2699).
• You assign a name when providing the name of the ACL within a Named ACL.
• Named ACL names can contain alphanumeric characters, be written in CAPITAL LETTERS (suggested), cannot contain spaces or punctuation, and you can add or delete entries.

Wildcard Masking

• Wildcard masks and subnet masks match binary 1s and 0s differently.
• Wildcard masks use the following rules to match binary 1s and 0s:
• Wildcard mask bit 0 matches the corresponding bit value in the address.
• Wildcard mask bit 1 ignores the corresponding bit value in the address.
• Wildcard masks are often inverse masks.
• Unlike a subnet mask (binary 1 equals a match, binary 0 is not a match), a wildcard mask has the reverse true.
• Calculating wildcard masks can be challenging, one shortcut method is to subtract the subnet mask from 255.255.255.255.
• access-list 1 permit 192.168.10.10 0.0.0.0 or access-list 1 permit host 192.168.10.10
• access-list 1 permit 0.0.0.0 255.255.255.255 or access-list 1 permit any

Guidelines for ACL Creation

• Use ACLs in firewall routers between internal and external networks (like the Internet).
• Use ACLs on a router between two parts of your network to control traffic entering or exiting a specific part.
• Configure ACLs on border routers (routers at the edges of your networks).
• Configure ACLs for each network protocol configured on the border router interfaces.

The Three Ps for ACL Creation:

• One ACL per protocol - An ACL must be defined for each protocol if you want to control traffic flow on an interface.
• One ACL per direction - ACLs control traffic in one direction, so create two separate ACLs to control inbound and outbound traffic.
• One ACL per interface - ACLs control traffic for an interface (e.g., Gigabit Ethernet 0/0).

ACL Best Practices:

• Guideline: Base your ACLs on your organization's security policy.
• Benefit: Enables organizational security guidelines.
• Guideline: Prepare a description of what you want your ACLs to do.
• Benefit: Helps avoid inadvertently creating potential access problems.
• Guideline: Use a text editor to create, edit, and save ACLs.
• Benefit: This helps you create a library of reusable ACLs.
• Guideline: Test your ACLs on a development network before implementing them on a production network.
• Benefit: Avoid costly errors.

ACL Placement Rules:

• It should be placed where it will have the greatest impact on efficiency.
• Extended ACLs should be located as close as possible to the traffic source.
• Standard ACLs should be placed as close to the destination as possible.
• Placement may depend on the network administrator's control, bandwidth, and ease of configuration.

Configuring Standard ACLs

• The command syntax is: Router(config)# access-list access-list-number deny | permit remark source [source-wildcard] [log]
• To remove the ACL, use the global configuration command no access-list.
• The remark keyword is used for documentation and eases understanding access lists.
• Cisco IOS applies an internal logic when accepting and processing Standard ACL statements. As discussed previously, access list statements are processed sequentially, so the order in which statements are entered is important.
• Link a standard ACL to an interface using the ip access-group command in interface configuration mode.
• Remove with commandno ip access-group
• Use the global no access-list command to remove the entire ACL,.
• Creating Named ACLs: Router(config)#ip access-list {standard | extended} name
• The syntax for the numbered ACL is Router(config-std-nacl)# {permit | deny | remark} {source [source-wildcard]} [log]. The named one is used to activate the IP ACL on an interface Router(config-if)#ip access-group name [in | out].

Extended ACLS

• Filtering options include source address, destination address, protocol, and port numbers.
• Extended ACLs are used more often than standard ACLs because they provide a greater degree of control and more precise traffic-filtering control, also referred to as "increased granular control".
• All extended ACLs filter on Source IP address AND Destination IP address.
• Characteristics are Upper layer protocols (e.g., IP, TCP, UDP, ICMP, EIGRP, ...), source port and the destination port.
• The procedural steps for configuring extended ACLs are the same as for standard ACLs: access-list access-list-number {deny | permit | remark} protocol {source [source-wildcard] [operator operand] [port port-number or name]} destination {destination-wildcard} [operator operand] [port port-number or name] [established]}.
• Editing standard ACLs involves using a Text editor or using sequence Number
• Editing can be accomplished using sequence numbers or a text editor.