Page 515 - StudyBook.pdf
P. 515
Infrastructure Security: System Hardening • Chapter 8 499
For example:
■ To deny the use of ICMP on interface <eth0>, a line can be created in
the ACL that reads int <eth0> ICMP deny. This would deny ICMP on
interface <eth0>.
■ To deny a specific communication protocol, an ACL entry can be created
that reads: int <eth0> IPX deny.This would block use of Internetwork
Package Exchange (IPX) on the interface.
■ To deny all protocols on an interface, a line can be added to the ACL that
reads int <eth0> ANY deny.This would effectively eliminate the use of all
protocols on the interface.
■ An ACL can become complex, and may need to be centrally stored to be
deployed to multiple devices.
EXAM WARNING
When working with ACLs, remember that you will be utilizing some of
the concepts discussed in Chapter 1. However, you will also use some
different procedures to accomplish access control. For example, you may
use static access control list (SACL) configurations to maintain the set-
tings on hardware devices in a network. Along with the SACL configura-
tion, you may use other technologies to centralize the deployment of
the rule sets defining the level of access. Additionally, as you will see
later in this chapter, you may use a Directory Enabled Network (DEN)
method system to manage overall ACL development and deployment.
Application Hardening
The Security+ exam covers a very large area of the concepts of application hard-
ening.This section looks at procedures and best practices in a couple of different
arenas to provide security.This section not only looks at end-user applications such
as browsers, office suites, and e-mail client software applications, but also evaluates
the problems that exist in applications provided through servers and services run-
ning on networks.These include Web servers, e-mail servers, FTP servers, DNS
servers, and DHCP servers.This section also looks at Network News Transfer
www.syngress.com
