Security Basics mailing list archives
RE: Cisco Router security basics and ASA firewall rules
From: "Scott Ramsdell" <Scott.Ramsdell () cellnet com>
Date: Tue, 12 Dec 2006 10:14:12 -0500
Hello, Perhaps they want to capture all inbound attempts in the firewall logs. If they believe their firewall can handle this load, then that is a good way to have only one log. Dropping traffic at the router would prevent some of the load on the firewall, but would require a syslog server if this traffic wanted to be logged. This would mean two logs for traffic analysis, instead of just one if all the traffic was allowed to hit the firewall. It would also mean a hole through the firewall to the syslog server would be required. Best Regards, Scott Ramsdell -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of pelesmk () gmail com Sent: Monday, December 11, 2006 3:51 PM To: security-basics () securityfocus com Subject: Cisco Router security basics and ASA firewall rules What types of ACls if any or other security rules should be used on an edge router or internal router which stands in front of an ASA firewall. I over recently overheard a conversation where they didn't want any ACLs on the router and have all ACLs happening at the firewall. I have a problem with this thought because of ip spoofing, DoS attacks, etc that would target the router. Am I thinking correctly or is there a way to defend against this at the firewall? I understand some ACLs can be made at the firewall and implementing long ACLs on the router can cause adverse network speeds, but some of the most basic ACLs must be at the edge router. Please fill me in as I'm fairly new to ACLs and firewall implementations. ------------------------------------------------------------------------ --- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetec t ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect ---------------------------------------------------------------------------
Current thread:
- Cisco Router security basics and ASA firewall rules pelesmk (Dec 12)
- Re: Cisco Router security basics and ASA firewall rules Roman Shirokov (Dec 12)
- <Possible follow-ups>
- RE: Cisco Router security basics and ASA firewall rules Scott Ramsdell (Dec 12)
