O'Reilly logo

CCIE Security Practice Labs by Fahim Hussain Yusuf Bhaiji

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Section 8.0: Advanced Security

8.1. Perimeter Security

  1. Configure HTTP inspection on R4 to block all Java applets. See Example 4-42.

  2. Use the java-list option to specify an access list from sites to permit/deny downloading Java applets.

  3. Configure TCP inspection to test if CBAC is working; see Example 4-43.

Example 4-42. HTTP Inspection with Java Filtering on R4
ip inspect name lab4 http java-list 1
!
access-list 1 deny   any
!

r4#show ip inspect all Session audit trail is disabled Session alert is enabled one-minute (sampling period) thresholds are [400:500] connections max-incomplete sessions thresholds are [400:500] max-incomplete tcp connections per host is 50. Block-time 0 minute. tcp synwait-time is 30 sec -- tcp finwait-time is 5 sec tcp idle-time ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required