CCNA, CCENT, CCNP Tutorial on Routers and Routing

The router is a fundamental part of all the networks and can be both security aid and security vulnerabilities. A router basically has more network interfaces through which network traffic is transmitted. Or it could be blocked. The router decides when to forward packets between networks based on internal routing table.

The routing table may also be static. This means that where each path is explicitly defined or dynamic in which the router learns new routes with the use of routing protocols.

A router also supports access control lists that specify which packets to allow or blocked. Each packet traverses a router will be checked against the ACL to see if the packet is allowed to be transmitted. Many current routers offer security features along with their routing capabilities. Segmentation of the network by using routers limits the amount of data flowing through the segments. It also applies to the broadcast traffic.

The router also allow technicians to explicitly deny the possibility of some packets to be transmitted between the segments. Using only the functions of some internal security, the router can prevent users from across the internal network to use Telnet to access external systems. Telnet is always a risk to security such as passwords and all communications are sent in clear text. For this reason, it is better not to create Telnet sessions between the internal network and external network. Without a firewall, the rule can be implemented in the routers to drop packets that attempt to connect to port 23 on all external systems. After all this is done correctly with-imagining the ACL on the router. Spoofed packets are packets that contain the IP header and not the actual IP address of the source computer. Routers combat this, giving technicians the ability to drop packets that are coming through the interface from the wrong subnet.

If the packet comes from the external interface of the router using an IP address on the internal network from the router, the router can be instructed to drop the packet and not forward it. There are two types of access available lists to filter traffic on Cisco routers. One of them is a standard access list. It allows technicians to filter traffic from specific addresses or ranges of subnet. Cisco also provides extended access lists, which allow technicians to filter based on a variety of criteria. This access list allows engineers to use the source address, destination addresses, and network services as the basis of specific filtering rules .......