Security Basics mailing list archives
Re: Cisco Router security basics and ASA firewall rules
From: Roman Shirokov <insecure () yandex ru>
Date: Tue, 12 Dec 2006 18:17:55 +0000
Hello pelesmk, Monday, December 11, 2006, 9:51:18 PM, you wrote:
What types of ACls if any or other security rules should be used on an edge router or internal router which stands in front of an ASA firewall.
I over recently overheard a conversation where they didn't want any ACLs on the router and have all ACLs happening at the firewall. I have a problem with this thought because of ip spoofing, DoS attacks, etc that would target the router. Am I thinking correctly or is there a way to defend against this at the firewall? I understand some ACLs can be made at the firewall and implementing long ACLs on the router can cause adverse network speeds, but some of the most basic ACLs must be at the edge router.
Please fill me in as I'm fairly new to ACLs and firewall implementations.
--------------------------------------------------------------------------- This list is sponsored by: ByteCrusher
Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer.
http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect ---------------------------------------------------------------------------
__________ NOD32 1917 (20061212) Information __________
This message was checked by NOD32 antivirus system. http://www.eset.com
Once again we return to the question that security must be implemented on all possible levels. Attacker may sit behind the firewall (i.e."insider"). But everything depends on the network design, do they have DMZ, any inside servers with restricted access (except in DMZ)? Provide more info. Remember, that every piece of network can be compromised, bugs exist even in expensive, well known firewalls. -- Best regards, Roman Shirokov e-mail:insecure () yandex ru http://securitybox.org.ru --------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect ---------------------------------------------------------------------------
Current thread:
- Cisco Router security basics and ASA firewall rules pelesmk (Dec 12)
- Re: Cisco Router security basics and ASA firewall rules Roman Shirokov (Dec 12)
- <Possible follow-ups>
- RE: Cisco Router security basics and ASA firewall rules Scott Ramsdell (Dec 12)