Re: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites?

From: Dave Bush (hockeystatman_at_gmail.com)
Date: 11/10/05

  • Next message: Raoul Armfield: "Re: Are there any pocketable Hardware Password Vaults"
    Date: Thu, 10 Nov 2005 12:16:18 -0500
    To: security-basics@securityfocus.com
    
    

    On 11/9/05, Christopher Carpenter <ccarpenter@dswa.net> wrote:
    > Look at it the other way. You want to DENY ALL, then ALLOW SOME. Block
    > all ports and IPs, and then grant access to the ones you need.
    >
    > If you ALLOW ALL, DENY SOME you will end up fighting a losing battle
    > creating ACL after ACL.

    I concur with Chris. Cisco best practices are to always deny all and
    only allow what you absolutely need in. Won't replace a firewall, but
    will at least help.

    I'd think if you're already blocking all and only letting in what you
    need via your ACL rule set that you might need a network based IDS/IPS
    as your next step behind the router to catch / block worm / virus
    traffic.

    --
    Dave Bush <hockeystatman@gmail.com>
    There are two seasons in my world - Hockey and Construction
    

  • Next message: Raoul Armfield: "Re: Are there any pocketable Hardware Password Vaults"

    Relevant Pages

    • Re: [Full-disclosure] RE: Example firewall script
      ... > of every ACL. ... > DENY ANY ANY at the end of their ACL's ... > should have a deny statement at the end, ... situations where large numbers of disparate hosts ...
      (Full-Disclosure)
    • Squid with Dansguardian problem.
      ... I am sorry for asking question to debian list about dansguardian. ... acl yerel src 192.168.0.0/24 ... acl Safe_ports port 1025-65535 # unregistered ports ... http_access deny manager ...
      (Debian-User)
    • RE: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites?
      ... You want to DENY ALL, ... all ports and IPs, and then grant access to the ones you need. ... creating ACL after ACL. ... known bad IPs ...
      (Security-Basics)
    • Transparent Proxy using Squid and PF
      ... I need a little help on setting up transparent proxy with Squid and PF in FreeBSD 5.4-RELEASE. ... rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port 3128 ... acl QUERY urlpath_regex cgi-bin \? ... no_cache deny QUERY ...
      (freebsd-questions)
    • Re: deny access
      ... > is the correct syntax, but the information he didn't get was: ... > line ACL to block one host would effectively block all hosts. ... > If there are no ACLs now, make it a two liner, the deny line, and: ...
      (Security-Basics)