Security Basics mailing list archives
Re: Cisco ASA interface security levels and the state table
From: aaa () bbbb com
Date: Mon, 1 Jun 2009 19:11:55 -0600
tell us about the "best practices" you mentioned so we know what arguments you've already used. They are still in "taco defense" mode, hard shell (at edge of network) and soft inside. Well, if they can absolutely guarantee that ONLY stub networks connect to the backbone maybe they are "not wrong" (not necessarily right, just not completely wrong). But the chances of that being "written guarantee, send me to jail" true are slim these days. Just one laptop with wireless active could open up the whole backbone and therefore the whole company. One of the points I would make is that no matter how good the perimeter is, these days it is a good idea to separate segments of the internal network, treating them the same as external perimeters. Here are some links that you might find relevant: 10 (+1) ways your network is like your front door - http://blogs.techrepublic.com.com/security/?p=274 http://downloads.techrepublic.com.com/abstract.aspx?kw=10+ways+to+secure+borderless+networks&docid=321355 - 10 ways to secure borderless networks http://www.clearswift.com/knowledge-and-insight/resources/white-papers/15-common-mistakes-in-email-security - you might find 1 or 2 points here http://www.webbuyersguide.com/resource/resourceDetails.aspx?id=1864&sitename=webbuyersguide&kc=contmod&src=contmod - Best practices for Enterprise network security, Vernier Networks. I think you will find some useful points in here. http://cc.realtimepublishers.com/DGSIP.php - Definitive guide to security inside the perimeter. 213 pages. Bound to be something in here you can use. Check out other offerings on the site, LOTS of great content. http://searchsecurity.techtarget.com/generic/0,295582,sid14_gci1093527,00.html - Firewall Learning Guide. Lots of links for you to investigate there. Check out the rest of the site too. http://searchsecurity.techtarget.com/loginMembersOnly/1,289498,sid14_gci1193570,00.html - Information Security Learning guides. You have to register here, but there is also lots of content you would find useful www.opengroup.org/jericho/presentations/fall2007/blum.pdf - rethinking security architecture in light of de-perimeterization http://www.opengroup.org/jericho/presentations.htm - Jericho Forum - their discussions of "de-perimeterization" should have useful points for you HTH Ron ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
Current thread:
- Cisco ASA interface security levels and the state table swim_or_die (Jun 01)
- Re: Cisco ASA interface security levels and the state table Laurens Vets (Jun 01)
- Re: Cisco ASA interface security levels and the state table Soumen Paul (Jun 02)
- <Possible follow-ups>
- Re: Re: Cisco ASA interface security levels and the state table swim_or_die (Jun 02)
- Re: Cisco ASA interface security levels and the state table aaa (Jun 02)
- Re: Cisco ASA interface security levels and the state table Laurens Vets (Jun 01)