504 Chapter 7: Understanding Access List Security
The filtering criteria for Scenario 7-1 is as follows:
1
Grigory can use the hosts on Nova's Ethernet.
2
All other hosts in Gorno (besides Grigory) cannot use the hosts on Nova's Ethernet.
3
All other communications are allowed.
Scenario 7-2: IP Filtering Sample 2
Again using the network diagram in Figure 7-13, create and enable access lists for a totally
different set of requirements. Place the access list in the routers to filter the unneeded packets
as quickly as possible--that is, before the packets have been sent far away from the originator.
The filtering criteria for Scenario 7-2 is as follows:
1
Hosts on the Barnaul Ethernet cannot communicate with hosts in the Gorno Ethernet.
2
Grigory and Melissa cannot communicate with hosts on the Nova Ethernet.
3
Other communications between Nova Ethernet and Gorno Ethernet are allowed.
4
Sergei (in Barnaul) can communicate only with other hosts in Barnaul.
5
Any communication paths not specified are allowed.
Scenario 7-3: IP Filtering Sample 3
Again using the network diagram in Figure 7-13, create and enable access lists for a totally
different set of requirements. Place the access list in the router that filters the unneeded packets
as quickly as possible--that is, before the packets have been sent far away from the originator.
The filtering criteria for Scenario 7-3 is as follows:
1
Grigory and Melissa can access any Web server in Nova.
2
Grigory and Melissa cannot access any other servers in Nova using TCP.
3
Sergei (Barnaul) can use only the Web services--and no other services--in Nova.
4
Hosts in Gorno can communicate with hosts in Nova, unless otherwise stated.
5
Web clients in Barnaul are not allowed to connect to the Web server in Nova unless
specifically mentioned elsewhere in these criteria.
6
Any unspecified communication should be disallowed.
ch07.fm Page 504 Monday, March 20, 2000 5:14 PM