1
00:00:00,760 --> 00:00:07,120
So although we stored the passwords with a strong encryption algorithm, it's still not safe to let

2
00:00:07,120 --> 00:00:13,570
just anyone access the password hashes because they're still open to the offline password cracking attacks.

3
00:00:15,060 --> 00:00:21,450
So it's possible to identify access control list for the communications services, such as an MP, as

4
00:00:21,450 --> 00:00:29,580
I say in Telnet, with these access lists, we can decide who can and cannot connect to the services,

5
00:00:29,940 --> 00:00:33,230
then close the services for everybody else.

6
00:00:34,580 --> 00:00:38,840
So there are two types of access lists, standard and extended.

7
00:00:39,500 --> 00:00:40,120
Let's have a look.

8
00:00:40,820 --> 00:00:43,700
We can see how we can manage the access to the router.

9
00:00:45,260 --> 00:00:52,640
So once again, we are back in the network, had we created by using Ginés three, all the devices are

10
00:00:52,640 --> 00:00:53,630
still active and running.

11
00:00:53,640 --> 00:00:54,470
That's always a good time.

12
00:00:55,890 --> 00:00:57,270
Over the routers console.

13
00:00:58,630 --> 00:01:00,430
And enter the config terminal mode.

14
00:01:02,050 --> 00:01:09,220
Access list is the key word to create and configure access control list, so put a question mark to

15
00:01:09,220 --> 00:01:10,090
see the options.

16
00:01:11,410 --> 00:01:18,520
The number here decides the type of the access list will make an example of standard access.

17
00:01:18,550 --> 00:01:22,540
So just put a number between one and ninety nine to.

18
00:01:23,510 --> 00:01:28,850
A standard access control list either denies or permits source IP addresses.

19
00:01:30,450 --> 00:01:38,160
In addition, a source, IP addresses and extended access control list can also deny or permit based

20
00:01:38,160 --> 00:01:42,620
on destination IP addresses, ports and those services as well.

21
00:01:43,990 --> 00:01:51,550
Questionmark again, and these are the options we can either deny or permit a connection request.

22
00:01:52,750 --> 00:01:57,310
So let's decide who to permit first questionmark to see the options.

23
00:01:57,460 --> 00:01:57,870
OK.

24
00:01:59,710 --> 00:02:04,270
We can put a pattern here, so the computer's matching the pattern are allowed.

25
00:02:05,860 --> 00:02:13,270
If we use any here, that means we permit all computers except ones which are identified by the Dinni

26
00:02:13,570 --> 00:02:14,830
and the access list.

27
00:02:16,100 --> 00:02:21,410
Alternatively, we can permit directly to any specified computer.

28
00:02:22,550 --> 00:02:28,650
So here, I'll use host as the option and let my colleague access to it.

29
00:02:29,330 --> 00:02:33,170
So let me look at the IP address of Akali ten point three.

30
00:02:34,690 --> 00:02:40,570
I want to deny all others so access list to deny any.

31
00:02:41,940 --> 00:02:50,670
Now, the next thing we have to do is go to the line VTE y and apply this access list to the interface.

32
00:02:52,140 --> 00:02:56,490
Good, so type line y zero 04 to enter line config.

33
00:02:58,410 --> 00:03:01,620
In the line config will use access list command.

34
00:03:03,210 --> 00:03:10,320
Number of access lists first and now a question mark to see the options and look at that, there are

35
00:03:10,320 --> 00:03:12,480
two options in and out.

36
00:03:13,600 --> 00:03:18,580
Now, since we're going to be telnet into the router, we're going to use in.

37
00:03:19,710 --> 00:03:22,910
Exit or control, see the exit from the line config mode.

38
00:03:24,280 --> 00:03:28,630
Now, I want you to see the running config, so type show run.

39
00:03:30,110 --> 00:03:36,680
And here is the running config, so scrolling down show, showing the access list and make sure that

40
00:03:36,680 --> 00:03:37,490
everything's right.

41
00:03:42,540 --> 00:03:49,530
So here it is and yes, as you can see, we have our access list to to permit Colly and deny any other

42
00:03:49,530 --> 00:03:51,530
host attempting to make a telnet connection.

43
00:03:53,710 --> 00:03:57,640
Now, let's test whether the access list works as intended.

44
00:04:00,050 --> 00:04:06,560
So back in my network, I have other pvm machines like Colly, one of them is a WASP Bayway, as you

45
00:04:06,560 --> 00:04:09,200
know, and it's IP address is turned out for.

46
00:04:10,770 --> 00:04:17,910
First, I want to check if the network is OK and a WASP sees the router, so ping one nine two one six

47
00:04:17,910 --> 00:04:22,110
eight one zero one and sure enough, we have a reply's.

48
00:04:23,820 --> 00:04:30,720
Now I want to create a telnet connection to the router to type telnet and the router IP hit enter.

49
00:04:32,280 --> 00:04:33,660
Connection is refused.

50
00:04:34,750 --> 00:04:37,160
Well, that's what's supposed to be right.

51
00:04:37,630 --> 00:04:40,990
That means the Dinni part of the access list is working properly.

52
00:04:41,840 --> 00:04:49,910
What about the permit part to go to college in terminal screen telnet into the router and as you can

53
00:04:49,910 --> 00:04:57,410
see, we can telnet into the router, the request is not refused and we are allowed to telnet from Colly.

54
00:04:58,860 --> 00:05:05,280
So to double check, I'll run an end map query to check whether the telnet board of the router is open.

55
00:05:09,630 --> 00:05:11,340
And yes, of course it is.