CCNA3 Module 2
no ip access-group interface configuration command
removes ACL from an interface
no access-list global configuration command
removes ACL from router
no ip access-list standard access-list-name
removes a named standard IPv4 ACL.
Password Crackers
repeatedly make guesses in order to crack the password.
Where are ACL remarks displayed?
running configuration
To facilitate the troubleshooting process, which inbound ICMP message should be permitted on an outside interface?
echo reply
Denial of Service Attack
prevents normal use of a computer or network by valid users. A DoS attack can flood a computer or the entire network with traffic until a shutdown occurs because of the overload. A DoS attack can also block traffic, which results in a loss of access to network resources by authorized users.
When creating an ACL, which keyword should be used to document and interpret the purpose of the ACL statement on a Cisco device?
remark
A college student is studying for the Cisco CCENT certification and is visualizing extended access lists. Which three keywords could immediately follow the keywords permit or deny as part of an extended access list? (Choose three.) udp tcp telnet icmp ftp www
udp, tcp, icmp
Black Hat Hackers
unethical criminals who compromise computer and network security for personal gain, or for malicious reasons, such as attacking networks.
Encryption Tools
use algorithm schemes to encode the data to prevent unauthorized access to the encrypted data
White-hat hackers (ethical hackers)
use their programming skills for good, ethical, and legal purposes. White hat hackers may perform network penetration tests in an attempt to compromise networks and systems by using their knowledge of computer security systems to discover network vulnerabilities.
Forensic Tools
used by white hat hackers to sniff out any trace of evidence existing in a computer
established keyword
used to permit only the return HTTP traffic from requested websites, while denying all other traffic.
Packet Crafting Tools
used to probe and test a firewall's robustness using specially crafted forged packets.
Network Scanning and Hacking Tools
used to probe network devices, servers, and hosts for open TCP or UDP ports.
What must be done after a standard IPv4 ACL is configured?
it must be linked to an interface or a feature
ACL names
- alphanumeric -case sensitive -Unique best practice is to capitalize all letters.
ACL Best Practices
-Base ACLs on the organizational security policies. -Write out what you want the ACL to do. -Use a text editor to create, edit, and save your ACLs -Document the ACLs using the remark command. -Test the ACLs on a development network
Consequences of Data Loss
-Brand damage and loss of reputation -Loss of competitive advantage -Loss of customers -Loss of revenue -Litigation/legal action resulting in fines and civil penalties -Significant cost and effort to notify affected parties and recover from the breach
Steps to secure remote administrative access to the vty lines
-Create ACL to identify administrative hosts allowed remote access -Apply the ACL to incoming traffic on the vty lines
Internal Attack
-Steal and copy confidential data to removable media, email, messaging software, and other media. -Compromise internal servers or network infrastructure devices. -Disconnect a critical network connection and cause a network outage. -Connect an infected USB drive into a corporate computer system.
Factors Influencing ACL Placement
-extent of organizational control -Bandwidth of the networks involved -Ease of configuration
Debuggers
-tools are used by black hats to reverse engineer binary files when writing exploits. -used by white hats when analyzing malware
Data Loss from Removable Media
-unauthorized transfer of data to a USB drive. -USB drive containing corporate data could be lost.
Which wildcard mask would permit only host 10.10.10.1?
0.0.0.0
Which wildcard mask would permit all hosts from the 192.168.10.0/24 network?
0.0.0.255
Which wildcard mask would permit only hosts from the 10.10.0.0/16 network?
0.0.255.255
ACL Operational Steps (inbound Standard IPv4)
1. The router extracts the source IPv4 address from the packet header. 2. The router starts at the top of the ACL and compares the source IPv4 address to each ACE in sequential order. 3. When a match is made, the router carries out the instruction, either permitting or denying the packet and the remaining ACEs in the ACL, if any, are not analyzed. 4. If the source IPv4 address does not match any ACEs in the ACL, the packet is discarded because there is an implicit deny ACE automatically applied to all ACLs.
Which range represents all the IP addresses that are affected when network 10.120.160.0 with a wildcard mask of 0.0.7.255 is used in an ACE? 10.120.160.0 to 10.120.167.255 10.120.160.0 to 10.127.255.255 10.120.160.0 to 10.120.168.0 10.120.160.0 to 10.120.191.255
10.120.160.0 to 10.120.167.255
A network administrator configures an ACL with the command R1(config)# access-list 1 permit 172.16.0.0 0.0.15.255. Which two IP addresses will match this ACL statement? (Choose two.) 172.16.0.255 172.16.15.36 172.16.31.24 172.16.16.12 172.16.65.21
172.16.0.255 172.16.15.36
Which wildcard mask would permit all hosts?
255.255.255.255
How many total ACLs (both IPv4 and IPv6) can be configured on an interface?
4
Compromised-Key Attack
A compromised key can be used to gain access to a secured communication without the sender or receiver being aware of the attack.
Which three statements describe ACL processing of packets? Each packet is compared to the conditions of every ACE in the ACL before a forwarding decision is made. A packet that does not match the conditions of any ACE will be forwarded by default. A packet can either be rejected or forwarded as directed by the ACE that is matched. An implicit deny any rejects any packet that does not match any ACE. Each statement is checked only until a match is detected or until the end of the ACE list. A packet that has been denied by one ACE can be permitted by a subsequent ACE.
A packet can either be rejected or forwarded as directed by the ACE that is matched. An implicit deny any rejects any packet that does not match any ACE. Each statement is checked only until a match is detected or until the end of the ACE list.
Access Control Entries (ACEs)
A specific entry in a file or folder's ACL that uniquely identifies a user or group by its security identifier and the action it is allowed or denied to take on that file or folder.
Examples of Rootkit Detectors
AIDE, Netfilter, and PF: OpenBSD Packet Filter.
What are the permit or deny statements in an ACL called?
Access Control Entries
Examples of Wireless Hacking Tools
Aircrack-ng, Kismet, InSSIDer, KisMAC, Firesheep, and NetStumbler.
Consider the configured access list. R1# show access-listsextended IP access list 100deny tcp host 10.1.1.2 host 10.1.1.1 eq telnetdeny tcp host 10.1.2.2 host 10.1.2.1 eq telnetpermit ip any any (15 matches) What are two characteristics of this access list? (Choose two.) Any device can telnet to the 10.1.2.1 device. The 10.1.2.1 device is not allowed to telnet to the 10.1.2.2 device Only the 10.1.1.2 device can telnet to the router that has the 10.1.1.1 IP address assigned. The 10.1.2.1 device is not allowed to telnet to the 10.1.2.2 device. A network administrator would not be able to tell if the access list has been applied to an interface or not. The access list has been applied to an interface.
Any device on the 10.1.1.0/24 network (except the 10.1.1.2 device) can telnet to the router that has the IP address 10.1.1.1 assigned. The access list has been applied to an interface.
Which scenario would cause an ACL misconfiguration and deny all traffic? Apply an ACL that has all deny ACE statements. Apply a standard ACL using the ip access-group outcommand. Apply a named ACL to a VTY line. Apply a standard ACL in the inbound direction.
Apply an ACL that has all deny ACE statements.
Which security term is used to describe anything of value to the organization? It includes people, equipment, resources, and data.
Asset
Sniffer Attack
Attack used either to steal the content of the communication itself or gain information that will be used to gain network access later
Which type of hacker is described in the scenario: From my laptop, I transferred $10 million to my bank account using victim account numbers and PINs after viewing recordings of victims entering the numbers.
Black Hat
Which type of hacker is described in the scenario: I used malware to compromise several corporate systems to steal credit card information. I then sold that information to the highest bidder.
Black Hat
Data Loss from Hard Copy
Confidential data not properly shredded or disposed of.
ip access-list extended access-list-name
Create a named extended ACL
Which penetration testing tool is used by black hats to reverse engineer binary files when writing exploits? They are also used by white hats when analyzing malware.
Debuggers
Common data loss vectors
Email/Social Networking Unencrypted Devices Cloud Storage Devices Removable Media Hard Copy Improper Access Control
Which penetration testing tool uses algorithm schemes to encode the data, which then prevents access to the data?
Encryption Tools
Which security term is used to describe a mechanism that takes advantage of a vulnerability?
Exploit
Where should an extended ACL be placed? Extended ACL location is not important. Extended ACLs should be located as close to the destination as possible. Extended ACLs should be located as close to the source as possible. Extended ACLs should be located on serial interfaces.
Extended ACLs should be located as close to the source as possible.
Standard ACLs
Filter on source IP address only (only filter at Layer 3) Use ACL numbers from 1-99 and 1300-1999
Extended ACLs
Filter on source IP, destination IP and all protocols (ICMP, UDP, TCP) (filter at Layer3 and/or 4) Use ACL numbers 100-199, and 2000-2699.
Which penetration testing tool is used by white hat hackers to sniff out any trace of evidence existing in a computer?
Forensic Tools
Which type of hacker is described in the scenario: After hacking into ATM machines remotely using a laptop, I worked with ATM manufacturers to resolve the security vulnerabilities that I discovered.
Gray Hat
Examples of Packet Crafting Tools
Hping, Scapy, Socat, Yersinia, Netcat, Nping, and Nemesis.
Which two statements describe appropriate general guidelines for configuring and applying ACLs? (Choose two.) Standard ACLs are placed closest to the source, whereas extended ACLs are placed closest to the destination. If an ACL contains no permit statements, all traffic is denied by default. Multiple ACLs per protocol and per direction can be applied to an interface. If a single ACL is to be applied to multiple interfaces, it must be configured with a unique number for each interface. The most specific ACL statements should be entered first because of the top-down sequential nature of ACLs.
If an ACL contains no permit statements, all traffic is denied by default. The most specific ACL statements should be entered first because of the top-down sequential nature of ACLs.
Data Loss from Unencrypted Devices
If the data is not stored using an encryption algorithm, then the thief can retrieve valuable confidential data.
Which statement about the operation of a standard ACL is incorrect? The router extracts the source IPv4 address from the packet header. The router starts at the top of the ACL and compares the address to each ACE in sequential order. When a match is made, the ACE either permits or denies the packet, and any remaining ACEs are not analyzed. If there are no matching ACEs in the ACL, the packet is forwarded because there is an implicit permit ACE automatically applied to all ACLs.
If there are no matching ACEs in the ACL, the packet is forwarded because there is an implicit permit ACE automatically applied to all ACLs.
Data Loss from Email/Social Networking
Intercepted email or IM messages could be captured and reveal confidential information.
Examples of Password Crackers
John the Ripper, Ophcrack, L0phtCrack, THC Hydra, RainbowCrack, and Medusa.
Examples of Hacking Operating Systems
Kali Linux, SELinux, Knoppix, BackBox Linux.
ACL Functions
Limit network traffic to increase network performance Provide traffic flow control Provide a basic level of security for network access Filter traffic based on traffic type Screen hosts to permit/deny access to network services Provide priority to certain classes of network traffic
Wildcard Mask to Match an IPv4 Address Range
Mask permits a range of IPv4 subnets
Examples of Vulnerability Exploitation Tools
Metasploit, Core Impact, Sqlmap, Social Engineer Toolkit, and Netsparker.
Which security term is used to describe the counter-measure for a potential threat or risk?
Mitigation
Which statement about ACLs is true? Extended ACLs are numbered 1300 - 2699. Named ACLs can be standard or extended. Numbered ACLs is the preferred method to use when configuring ACLs. Standard ACLs are numbered 1 - 199.
Named ACLs can be standard or extended.
Examples of Vulnerability Scanners
Nipper, Secunia PSI, Core Impact, Nessus v6, SAINT, and Open VAS.
Examples of Network Scanning and Hacking Tools
Nmap, SuperScan, Angry IP Scanner, and NetScanTools.
Which penetration testing tool is used to probe and test a firewall's robustness?
Packet Crafting tools
Data Loss from Improper Access Control
Passwords or weak passwords which have been compromised can provide a threat actor with easy access to corporate data.
Which security term is used to describe the likelihood of a threat to exploit the vulnerability of an asset, with the aim of negatively affecting an organization?
Risk
Which two commands will configure a standard ACL? (Choose two.) Router(config)# access-list 10 permit 10.20.5.0 0.255.255.255 any Router(config)# access-list 90 permit 192.168.10.5 0.0.0.0 Router(config)# access-list 45 permit 192.168.200.4 host Router(config)# access-list 20 permit host 192.168.5.5 any any Router(config)# access-list 35 permit host 172.31.22.7
Router(config)# access-list 35 permit host 172.31.22.7 Router(config)# access-list 90 permit 192.168.10.5 0.0.0.0
What packets would match the access control list statement that is shown below?
SSH traffic from the 172.16.0.0 network to any destination network
Data Loss from Cloud Storage Devices
Sensitive data can be lost if access to the cloud is compromised due to weak security settings.
Examples of Fuzzers
Skipfish, Wapiti, and W3af
Examples of Forensic Tools
Sleuth Kit, Helix, Maltego, and Encase.
Which packet filtering statement is true? Extended ACLs filter at Layer 3 only. Extended ACLs filter at Layer 4 only. Standard ACLs filter at Layer 3 only. Standard ACLs filter at Layer 4 only.
Standard ACLs filter at Layer 3 only.
Where should a standard ACL be placed? Standard ACL location is not important. Standard ACLs should be placed as close to the destination as possible. Standard ACLs should be placed as close to the source as possible. Standard ACLs should be placed on serial interfaces.
Standard ACLs should be placed as close to the destination as possible.
How should ACLs with multiple ACEs be created?
Text Editor
A network administrator is configuring an ACL to restrict access to certain servers in the data center. The intent is to apply the ACL to the interface connected to the data center LAN. What happens if the ACL is incorrectly applied to an interface in the inbound direction instead of the outbound direction?
The ACL does not perform as designed
When configuring router security, which statement describes the most effective way to use ACLs to control Telnet traffic that is destined to the router itself?
The ACL should be applied to all vty lines in the in direction to prevent an unwanted user from connecting to an unsecured port.
Wildcard Mask
The mask used in Cisco IOS ACL commands and OSPF and EIGRP network commands.
Which two conditions would cause a router to drop a packet? No outbound ACL exists on the interface where the packet exits the router. The packet source address does not match the source as permitted in a standard inbound ACE. The ACL that is affecting the packet does not contain at least one deny ACE. No inbound ACL exists on the interface where the packet enters the router. No routing table entry exists for the packet destination, but the packet matches a permitted address in an outbound ACL.
The packet source address does not match the source as permitted in a standard inbound ACE. No routing table entry exists for the packet destination, but the packet matches a permitted address in an outbound ACL.
Hacking Operating Systems
These are specially designed operating systems preloaded with tools and technologies optimized for hacking.
Which security term is used to describe a potential danger to a company's assets, data, or network functionality?
Threat
Consider the following output for an ACL that has been applied to a router via the access-class in command. What can a network administrator determine from the output that is shown? R1# <output omitted>Standard IP access list 210 permit 192.168.10.0, wildcard bits 0.0.0.255 (2 matches)20 deny any (1 match) Two devices were able to use SSH or Telnet to gain access to the router. Traffic from two devices was allowed to enter one router port and be routed outbound to a different router port. Two devices connected to the router have IP addresses of 192.168.10.x. Traffic from one device was not allowed to come into one router port and be routed outbound a different router port.
Two devices were able to use SSH or Telnet to gain access to the router.
Wireless Hacking Tools
Used to intentionally hack into a wireless network to detect security vulnerabilities.
Examples of Encryption Tools
VeraCrypt, CipherShed, OpenSSH, OpenSSL, Tor, OpenVPN, and Stunnel.
Which security term is used to describe a weakness in a system, or its design, that could be exploited by a threat?
Vulnerability
Which penetration testing tool identifies whether a remote host is susceptible to a security attack?
Vulnerability Exploitation Tools
Which type of hacker is described in the scenario: During my research for security exploits, I stumbled across a security vulnerability on a corporate network that I am authorized to access.
White Hat
Which type of hacker is described in the scenario: My job is to identify weaknesses in my company's network .
White Hat
Which type of hacker is described in the scenario It is my job to work with technology companies to fix a flaw with DNS.
White Hat.
Examples of Packet Sniffers
Wireshark, Tcpdump, Ettercap, Dsniff, EtherApe, Paros, Fiddler, Ratproxy, and SSLstrip.
Which of the following is an ACL best practice? Always test ACLs on a production network. Create your ACLs on a production router. Document the ACLs using the description ACL command. Write the ACL before configuring it on a router.
Write the ACL before configuring it on a router.
Rootkit Detectors
a directory and file integrity checker used by white hats to detect installed root kits.
Which location is recommended for extended numbered or extended named ACLs?
a location as close to the source of traffic as possible
Exploit
a mechanism that takes advantage of a vulnerability.
Attack Vector
a path by which a threat actor can gain access to a server, host, or network
Threat
a potential danger to a company's assets, data, or network functionality.
Access Control List (ACL)
a series of IOS commands that are used to filter packets based on information found in the packet header
Vulnerability
a weakness in a system, or its design, that could be exploited by a threat.
An administrator has configured an access list on R1 to allow SSH administrative access from host 172.16.1.100. Which command correctly applies the ACL?
access-class 1 in
What single access list statement matches all of the following networks? 192.168.16.0 192.168.17.0 192.168.18.0 192.168.19.0 access-list 10 permit 192.168.16.0 0.0.0.255 access-list 10 permit 192.168.16.0 0.0.15.255 access-list 10 permit 192.168.0.0 0.0.15.255 access-list 10 permit 192.168.16.0 0.0.3.255
access-list 10 permit 192.168.16.0 0.0.3.255
What two ACEs could be used to deny IP traffic from a single source host 10.1.1.1 to the 192.168.0.0/16 network? (Choose two.) access-list 100 deny ip 10.1.1.1 0.0.0.0 192.168.0.0 0.0.255.255 access-list 100 deny ip 192.168.0.0 0.0.255.255 host 10.1.1.1 access-list 100 deny ip 192.168.0.0 0.0.255.255 10.1.1.1 0.0.0.0 access-list 100 deny ip 10.1.1.1 255.255.255.255 192.168.0.0 0.0.255.255 access-list 100 deny ip host 10.1.1.1 192.168.0.0 0.0.255.255 access-list 100 deny ip 192.168.0.0 0.0.255.255 10.1.1.1 255.255.255.255
access-list 100 deny ip 10.1.1.1 0.0.0.0 192.168.0.0 0.0.255.255 access-list 100 deny ip host 10.1.1.1 192.168.0.0 0.0.255.255
Which access list statement permits HTTP traffic that is sourced from host 10.1.129.100 port 4300 and destined to host 192.168.30.10? access-list 101 permit tcp 10.1.129.0 0.0.0.255 eq www 192.168.30.10 0.0.0.0 eq www access-list 101 permit tcp any eq 4300 access-list 101 permit tcp host 192.168.30.10 eq 80 10.1.0.0 0.0.255.255 eq 4300 access-list 101 permit tcp 192.168.30.10 0.0.0.0 eq 80 10.1.0.0 0.0.255.255 access-list 101 permit tcp 10.1.128.0 0.0.1.255 eq 4300 192.168.30.0 0.0.0.15 eq www
access-list 101 permit tcp 10.1.128.0 0.0.1.255 eq 4300 192.168.30.0 0.0.0.15 eq www
The computers used by the network administrators for a school are on the 10.7.0.0/27 network. Which two commands are needed at a minimum to apply an ACL that will ensure that only devices that are used by the network administrators will be allowed Telnet access to the routers? (Choose two.) access-list 5 deny any ip access-group 5 out access-list standard VTY permit 10.7.0.0 0.0.0.127 access-list 5 permit 10.7.0.0 0.0.0.31 ip access-group 5 in access-class 5 in
access-list 5 permit 10.7.0.0 0.0.0.31 access-class 5 in
access-list access-list-number {deny | permit | remark text} source [source-wildcard] [log]
access-list-number- decimal number of ACL deny- denies access if condition is matched permit- permits access if condition is matched remark- adds text for documentation purposes source- source network or host address to filter source-wildcard wildcard mask applied to source log- sends message whenever ACE is matched
access-list access-list-number {deny | permit | remark text} protocol source source-wildcard [operator {port}] destination destination-wildcard [operator {port}] [established] [log]
access-list-number- decimal number of ACL 100-199, 2000-2699 deny- denies access if the condition is matched permit- permits access if the condition is matched remark- Adds text for documentation purposes protocol- name or number of IP protocol( ip, tcp, udp, icmp) source- source network or host address to filter source-wildcard- wildcard mask applied to source destination-destination network or host address to filter destination-wildcard-wildcard mask applied to dest. operator- compares source or destination ports (lt, gt, eq, neq) port- the decimal number or name of TCP or UDP port established- For the TCP protocol only log- message whenever the ACE is matched.
Assets
anything of value to the organization. It includes people, equipment, resources, and data.
Placement of Extended ACL
as close as possible to the source of the traffic to be filtered
Placement of Standard ACL
as close to the destination as possible.
Cyber criminals
black hat hackers who are either self-employed or working for large cybercrime organizations.
Packet Sniffers
capture and analyze packets within traditional Ethernet LANs or WLANs
ip access-list standard access-list-name
command to create a named standard ACL
ip access-group {access-list-number | access-list-name} {in | out}
command used to bind a numbered or named standard IPv4 ACL to an interface
Packet filtering
controls access to a network by analyzing the incoming and/or outgoing packets and forwarding them or discarding them based on given criteria.
Which operator is used in an ACL statement to match packets of a specific application?
eq
Which ACL is capable of filtering based on TCP port number?
extended ACL
Hacktivists
gray hat hackers who publicly protest organizations or governments by posting articles, videos, leaking sensitive information, and performing network attacks.
Wildcard Mask Keywords
host- substitutes for the 0.0.0.0 mask (1 IPv4 address) any- substitutes for the 255.255.255.255 (any address)
Vulnerability Exploitation Tools
identify whether a remote host is vulnerable to a security attack.
Gray Hat Hackers
individuals who commit crimes and do arguably unethical things, but not for personal gain or to cause damage.
Script Kiddies
inexperienced hackers running existing scripts, tools, and exploits, to cause harm, but typically not for profit.
ACL implicit deny
last ACE statement of an ACL is always an implicit deny that blocks all traffic.
Consider the access list command applied outbound on a router serial interface.
no traffic will be allowed to be sent out the serial interface.
Man-in-the-Middle Attack
occurs when threat actors have positioned themselves between a source and destination. They can now actively monitor, capture, and control the communication transparently.
Router interface can have the following ACLs
one outbound IPv4 ACL one inbound IPv4 ACL one inbound IPv6 ACL one outbound IPv6 ACL
Wildcard Mask to Match an IPv4 Subnet
permits all hosts on a particular IPv4 subnet
If the provided ACEs are in the same ACL, which ACE should be listed first in the ACL according to best practice? permit udp 172.16.0.0 0.0.255.255 host 172.16.1.5 eq snmptrap permit ip any any permit udp any any range 10000 20000 permit tcp 172.16.0.0 0.0.3.255 any established deny udp any host 172.16.1.5 eq snmptrap deny tcp any any eq telnet
permit udp 172.16.0.0 0.0.255.255 host 172.16.1.5 eq snmptrap
Which command will verify the number of packets that are permitted or denied by an ACL that restricts SSH access?
show-access lists
What filters can be used by an extended ACL?
source address destination address protocol port number
Wildcard Mask Calculation
subtract the subnet mask from 255.255.255.255.
Mitigation
the counter-measure that reduces the likelihood or severity of a potential threat or risk. Network security involves multiple mitigation techniques.
Risk
the likelihood of a threat to exploit the vulnerability of an asset, with the aim of negatively affecting an organization.
IP Address Spoofing Attack
threat actor constructs an IP packet that appears to originate from a valid address inside the corporate intranet.
Password-Based Attacks
threat actors discover a valid user account, the threat actors have the same rights as the real user. Threat actors could use that valid account to obtain lists of other users, network information, change server and network configurations, and modify, reroute, or delete data.
Data Modification Attack
threat actors have captured enterprise traffic, they can alter the data in the packet without the knowledge of the sender or receiver.
Vulnerability Scanners
tools scan a network or system to identify open ports. They can also be used to scan for known vulnerabilities and scan VMs, BYOD devices, and client databases.
Fuzzers to Search Vulnerabilities
tools used by threat actors to discover a computer's security vulnerabilities.
In applying an ACL to a router interface, which traffic is designated as outbound? traffic for which the router can find no routing table entry traffic that is leaving the router and going toward the destination host traffic that is coming from the source IP address into the router traffic that is going from the destination IP address into the router
traffic that is leaving the router and going toward the destination host
Vulnerability Broker
usually gray hat hackers who attempt to discover exploits and report them to vendors, sometimes for prizes or rewards.
show ip interface command
verify if an interface has an ACL applied to it
Eavesdropping Attack
when a threat actor captures and "listens" to network traffic.
data loss
when data is intentionally or unintentionally lost, stolen, or leaked to the outside world.
State-Sponsored Hackers
white hat or black hat hackers who steal government secrets, gather intelligence, and sabotage networks. Their targets are foreign governments, terrorist groups, and corporations. Most countries in the world participate to some degree in state-sponsored hacking.
Wildcard to Match a Host
wildcard mask is used to match a specific host IPv4 address. To match a specific host IPv4 address, a wildcard mask consisting of all zeroes (i.e., 0.0.0.0) is required