Security Basics mailing list archives
RE: about access-list location?
From: "DeGennaro, Gregory" <Gregory_DeGennaro () csaa com>
Date: Tue, 24 Jun 2003 15:49:50 -0700
Ports and protocols as well. Filtering specifics instead of broad filtering. -----Original Message----- From: David Gillett [mailto:gillettdavid () fhda edu] Sent: Monday, June 23, 2003 11:40 AM To: 'SB CH'; security-basics () securityfocus com Subject: RE: about access-list location?
I have a question about the "access-list" of the cisco. some say, extended access list is located near source and standard access list is located near destination. I have no idea why I should like this.
So, consider what is the difference between a standard and an extended access list. An extended access list lets you specify the source as a filtering criteria! [I prefer to do all of my filtering on the inbound side of the interface, which I would guess is "located near source". It's probably true that standard access lists require less CPU, but filtering "near destination" means I've already spent CPU to route packets that I'm now going to consider throwing away....] David Gillett --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- about access-list location? SB CH (Jun 23)
- RE: about access-list location? Richard Kullmann (Jun 24)
- RE: about access-list location? David Gillett (Jun 24)
- <Possible follow-ups>
- RE: about access-list location? Naman Latif (Jun 24)
- Re: about access-list location? Mike Heitz (Jun 24)
- RE: about access-list location? DeGennaro, Gregory (Jun 25)