Security Basics mailing list archives
Re: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites?
From: Dave Bush <hockeystatman () gmail com>
Date: Thu, 10 Nov 2005 12:16:18 -0500
On 11/9/05, Christopher Carpenter <ccarpenter () dswa net> wrote:
Look at it the other way. You want to DENY ALL, then ALLOW SOME. Block all ports and IPs, and then grant access to the ones you need. If you ALLOW ALL, DENY SOME you will end up fighting a losing battle creating ACL after ACL.
I concur with Chris. Cisco best practices are to always deny all and only allow what you absolutely need in. Won't replace a firewall, but will at least help. I'd think if you're already blocking all and only letting in what you need via your ACL rule set that you might need a network based IDS/IPS as your next step behind the router to catch / block worm / virus traffic. -- Dave Bush <hockeystatman () gmail com> There are two seasons in my world - Hockey and Construction
Current thread:
- CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites? Pigeon (Nov 09)
- RE: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites? Jacob (Nov 10)
- RE: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites? dave kleiman (Nov 10)
- Re: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites? Austin Murkland (Nov 10)
- <Possible follow-ups>
- RE: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites? Christopher Carpenter (Nov 10)
- Re: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites? Dave Bush (Nov 15)