Re: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites?
From: Dave Bush (hockeystatman_at_gmail.com)
Date: Thu, 10 Nov 2005 12:16:18 -0500 To: firstname.lastname@example.org
On 11/9/05, Christopher Carpenter <email@example.com> wrote:
> Look at it the other way. You want to DENY ALL, then ALLOW SOME. Block
> all ports and IPs, and then grant access to the ones you need.
> If you ALLOW ALL, DENY SOME you will end up fighting a losing battle
> creating ACL after ACL.
I concur with Chris. Cisco best practices are to always deny all and
only allow what you absolutely need in. Won't replace a firewall, but
will at least help.
I'd think if you're already blocking all and only letting in what you
need via your ACL rule set that you might need a network based IDS/IPS
as your next step behind the router to catch / block worm / virus
-- Dave Bush <firstname.lastname@example.org> There are two seasons in my world - Hockey and Construction