Security Basics: Re: ACL design.

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Basics mailing list archives

Re: ACL design.

From: "Alex Nedelcu" <alexpheno () gmail com>
Date: Wed, 9 May 2007 08:58:12 +0300

It's also important where you place your ACLS.

If you have an advanced ACL that takes into consideration the source,
destination, ports, TOS etc you should place it as close to the source
of traffic as possible.

If the ACL is based solely on source addresses they should be placed
as close as possible to the destination.

Another thing that you should take into consideration is to never
apply ACLs in the core area of your network, in a hierarchical model
network the traffic policies should be applied at the distribution
layer. You should analyze carefully the design of your network and
find the ideal places where you should implement filtering, if you
choose badly you may get decreased perfomance.

By Date By Thread

Current thread:

ACL design. Nick Vaernhoej (May 03)
- RE: ACL design. David Gillett (May 04)
  - Re: ACL design. Michael Painter (May 08)
    - Re: ACL design. Alex Nedelcu (May 09)
  - RE: ACL design. Nick Vaernhoej (May 09)
  - Message not available
    - Re: ACL design. WALI (May 14)
    - RE: ACL design. David Gillett (May 15)
    - RE: ACL design. ragdelaed (May 16)