CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

by Darril Gibson

Permission Protocol Source Destination Port • Permission. You’ll typically see this as PERMIT or ALLOW allowing the traffic. Most systems use DENY to block the traffic. • Protocol. Typically, you’ll see TCP or UDP here, especially when blocking specific TCP or UDP ports. If you want to block both TCP and UDP traffic using the same port, you can use IP instead. Using ICMP here blocks ICMP traffic, effectively blocking ping and some other diagnostics that use ICMP. • Source. Traffic comes from a source IP address. You identify an IP address to allow or block traffic from a single computer, or from a range of IP addresses, such as from a single subnet. Wildcards such as any or all include all IP addresses. • Destination. Traffic is addressed to a destination IP address. You identify an IP address to allow or block traffic to a single computer, or to a range of IP addresses, such as to an entire subnet. Wildcards such as any or all include all IP addresses. • Port or protocol. Typically, you’ll see the well-known port such as port 80 for HTTP. However, some devices support codes such as www for HTTP traffic. Some systems support the use of keywords such as eq for equal, lt for less than, and gt for greater than. For example, instead of just using port