Re: ACLs / Filter Lists - Best Practices

[Nicolas FISCHBACH <nicolist () securite org>]

John McBrayne wrote:
> Is anyone aware of any current "best practices" related to the
> recommended set of filtering rules (Cisco ACL lists or Juniper filter
> sets) for reasons of Security, statistics collection, DoS attack
> analysis/prevention, etc.?  I'm curious to see if there are any such
> recommendations for Tier 1/Tier 2 backbone routers, peering points,
> etc., as opposed to CPE terminations or Enterprise/LAN equipment
> recommendations.
>
> Actual config file examples would be great, if they exist.

Protecting your IP network infrastructure (talk @BlackHat Briefings)
(how to secure Cisco routers and (multi-layer) switches running IOS,
CatOS, CatIOS and the networks they interconnect) :
http://www.securite.org/presentations/secip/

Any feedback, comments, fixes, ideas are welcome :-)

Nico.
--
Nicolas FISCHBACH (nico () securite org) <http://www.securite.org/nico/>
Senior IP&Security Engineer - Professional Services - COLT Telecom AG
Securite.Org Team <http://www.securite.org/>