1
00:00:01,500 --> 00:00:06,930
So let us begin with the first security filtering technique that is access control list.

2
00:00:07,590 --> 00:00:12,380
It's rare to find a network around these days that aren't connected to the Internet.

3
00:00:12,990 --> 00:00:18,330
The Internet is clearly a public Internet tool that anyone can connect to.

4
00:00:18,570 --> 00:00:24,240
But your companies or postal network is and should be definitely a private one.

5
00:00:24,930 --> 00:00:30,840
The catch is that every time you connect to the Internet from a public network, they're instantly vulnerable

6
00:00:30,840 --> 00:00:32,250
to security beacons.

7
00:00:32,880 --> 00:00:36,540
Now, this is where something we call a firewall comes into play.

8
00:00:37,110 --> 00:00:43,650
Firewalls are basically tools that you can implement to prevent any unauthorized access around on public

9
00:00:43,650 --> 00:00:44,220
networks.

10
00:00:44,430 --> 00:00:52,470
And gaining access to a network of the firewalls can either be standalone devices or combined with another

11
00:00:52,470 --> 00:00:55,080
hardware device like servers or routers.

12
00:00:55,950 --> 00:01:02,340
Now, access control list is the primary weapon of the firewalls which help us to, you know, discard

13
00:01:02,340 --> 00:01:03,480
unused packets.

14
00:01:04,830 --> 00:01:10,200
Now, access control list, that is ECL is typically the list.

15
00:01:10,620 --> 00:01:17,250
It's not kind of a list, but it kind of a program that resides on the routers to determine which packets

16
00:01:17,250 --> 00:01:24,030
are allowed to run through them based on the requesting devices, source or destination Internet protocol

17
00:01:24,030 --> 00:01:24,630
address.

18
00:01:24,930 --> 00:01:26,340
That is the IP address.

19
00:01:26,940 --> 00:01:34,200
Oh, and just so you know, issues have been around for many decades and have other uses apart from

20
00:01:34,200 --> 00:01:35,700
firewalls as well.

21
00:01:36,660 --> 00:01:42,240
Now there's an image on the screen which demonstrates an ACL enabled router.

22
00:01:42,990 --> 00:01:46,280
OK, so what we can see here is I like my pen.

23
00:01:46,860 --> 00:01:54,420
What we can see here is that users in the network e that they can access Network B, right.

24
00:01:56,120 --> 00:02:02,830
Also, the package that can pass through the router are from this week from network to Network B.

25
00:02:03,500 --> 00:02:10,560
Now, this means that an IP spoofing attack, when someone pretends to have a network address on the

26
00:02:10,560 --> 00:02:18,720
inside of the firewall to gain the network, access can still happen if a user in the Network B pretends

27
00:02:18,720 --> 00:02:20,550
to be located in the network.

28
00:02:21,090 --> 00:02:28,770
So, for example, someone who is here but it is pretending to be here can also access the Internet

29
00:02:28,770 --> 00:02:37,050
network because it is pretending that it's actually residing here now will see things like IP spoofing

30
00:02:37,050 --> 00:02:41,590
more thoroughly in other sections of network threat and mitigation.

31
00:02:41,880 --> 00:02:44,670
But for now, let's go back to Israel.

32
00:02:45,600 --> 00:02:54,090
So which means B can access E if a secure authentication connection is so, B, can actually access

33
00:02:54,090 --> 00:02:54,510
A.

34
00:02:55,450 --> 00:03:00,820
Only if a secure authentication connection is used, for example.

35
00:03:02,950 --> 00:03:05,710
But it can access the public network.

36
00:03:07,430 --> 00:03:13,850
Now you can create a wide array of access control lists from the very simple to the highly complex,

37
00:03:14,270 --> 00:03:19,190
depending on the exact what do you exactly want to have them to do for you?

38
00:03:20,000 --> 00:03:27,590
One example is placing separate inbound and outbound access control on in order to ensure that the data

39
00:03:27,830 --> 00:03:34,030
that is leading your network comes from a different source than the data that's coming into it.

40
00:03:34,880 --> 00:03:41,240
Now, when configuring access control lists between the Internet and your private network to mitigate

41
00:03:41,240 --> 00:03:49,550
security problems, it is a good idea to deny any address from your internal networks, then deny any

42
00:03:49,550 --> 00:03:50,990
localhost addresses.

43
00:03:51,000 --> 00:03:59,180
That is 127 DOT zero zero eight and deny any reserved private addresses.

44
00:04:00,110 --> 00:04:07,190
Deny any addresses in the IP multicast address range that is to twenty four point zero point zero slash.

45
00:04:07,520 --> 00:04:12,710
For now, none of these addresses should ever be allowed to your Internet.

46
00:04:13,700 --> 00:04:20,690
Interestingly enough, because of the way in which in public IP addresses are issued with some research,

47
00:04:20,690 --> 00:04:29,600
you can even create a filter that blocks a country, a state or even a local area based on the IP addresses.

48
00:04:30,170 --> 00:04:35,720
If you want to know more about access control list, I guess I have already attached some resources

49
00:04:35,720 --> 00:04:37,040
at the beginning of the section.

50
00:04:37,040 --> 00:04:40,550
If I have not, please post a question and answer in the question.

51
00:04:40,550 --> 00:04:41,270
Answer section.

52
00:04:41,570 --> 00:04:43,770
I will immediately upload the book.

53
00:04:45,770 --> 00:04:47,460
Well, that is it for this lecture.

54
00:04:47,630 --> 00:04:54,140
I hope you have understand the function of access control list and why access control lists are important.