Firewall Wizards mailing list archives
How secure are (cisco) ACL's?
From: "Chris Hughes" <chughes () rpm com>
Date: Wed, 30 Sep 1998 09:29:24 -0400
In a discussion I had with a co-worker, I expressed my opinion that Firewall1 bounded by two routers (choke/gate/choke) was probably a better solution than a PIX front-ended by a single router (choke/gate). His response was that ACL's on the front-ended PIX would be sufficient security. In fact, he stated, a single router with comprehensive ACL's would be sufficient for low-bandwidth internet connections. On the surface, it does seem that NAT in conjunction with comprehensive ACL's is secure. However, I have read about stateful inspection(not well implemented on cisco) and know that this can be a problem when depending on ACL's to do the job. With my limited knowledge I was not able to argue my point. Can someone explain and/or point me to material I can digest and come back swinging in my next encounter like this? Also, I need to read up on choke/gate/choke and other security architectures. Any guiding shove in the right direction will be deeply appreciated. Commentary is welcome...
Current thread:
- How secure are (cisco) ACL's? Chris Hughes (Oct 01)
- Re: How secure are (cisco) ACL's? Stu Allen (Oct 01)
- <Possible follow-ups>
- Re: How secure are (cisco) ACL's? Dave O'Shea (Oct 02)