Re: using router's ACL to substitute firewall

From: Khamis Jalal (HB135@HOTMAIL.COM)
Date: 04/23/03

• Next message: bloob: "Re: How to detect if port scanning software is running on our machine?"
• Previous message: phn@icke-reklam.ipsec.nu: "Re: using router's ACL to substitute firewall"
• In reply to: phn@icke-reklam.ipsec.nu: "Re: using router's ACL to substitute firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: HB135@HOTMAIL.COM (Khamis Jalal)
Date: 23 Apr 2003 05:37:33 -0700

First generation firewalls were basically Router's ACLs. Firewalls
evolved into very complicated and specialized hardware (and software)
that can do much more than simply permitting/denying protocols and
ports. Modern firewalls now run at higher OSI layer. Application layer
(OSI Layer 7) firewalls are the most sophisticated firewalls that can
filter application protocols, which is not possible by Router ACLs. If
you are using Microsoft Windows 2000 or XP, you can create your own
ACLs at machine level which can filter certain protocols and ports.
Remember that firewalls are indispensable nowadays if you are exposed
to the Internet. You cannot do with simply Router ACLs.

Regards
Khamis Jalal
CISSP, MCSE, MCDBA, A+
http://khamis-jalal.netfirms.com
   
Router's ACL CANNOT replace a firewall, (Sorry guys). Routers ACLs are
permit/deny rules. You need much more than that if you want

phn@icke-reklam.ipsec.nu wrote in message news:<b85c7t$vnp$3@nyheter.crt.se>...
> Doug Fox <dfox168@hotmail.com> wrote:
> > Due to financial constrains, a network guy proposes to use Cisco router's
> > ACL to secure the network, instead of using a firewall. He commented that
> > the ACL can restrict IP addresses and (service) ports. Not being familiar
> > with functionality of a router, any comments/suggestions are appreciated.
>
> > Many thanks and have a nice holiday.
>
> To some respects it's true that a cisco might substitute a firewall. You
> will miss various stuff however.
>
> But, if you are on finacial constraints, why do you use a cisco
> when a OpenBSD firewall is available for free ? ( or a linux
> ditto if you prefer that brand) ?

• Next message: bloob: "Re: How to detect if port scanning software is running on our machine?"
• Previous message: phn@icke-reklam.ipsec.nu: "Re: using router's ACL to substitute firewall"
• In reply to: phn@icke-reklam.ipsec.nu: "Re: using router's ACL to substitute firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: using routers ACL to substitute firewall ... First generation firewalls were basically Router's ACLs. ... filter application protocols, which is not possible by Router ACLs. ... (comp.security.misc) [fw-wiz] Screening Router as a firewall ... Having a request for at least 2 firewalls protecting internet connectivity, ... would you consider a border router with ACLs as the first firewall, ... or would you demand "stateful" ACLs? ... (Firewall-Wizards) RE: [fw-wiz] Screening Router as a firewall ... Personally, I would go with the two "traditional" firewalls, in addition to ... would you consider a border router with ACLs as the first firewall, ... or would you demand "stateful" ACLs? ... (Firewall-Wizards) Re: [fw-wiz] Screening Router as a firewall ... > Having a request for at least 2 firewalls protecting internet ... > would you consider a border router with ACLs as the first ... (Firewall-Wizards) Re: 99.9 % of Software/Hardware Firewalls DO-NOT..... ... >>If you want to lookup those PROTOCOLS, IP ADDRESSES and the like, ... >>PROPERLY BLOCK THESE THINGS, THEN ASK FOR PERMISSION. ... That's two out of the top 5 firewalls. ... (comp.security.firewalls)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint