Security Basics mailing list archives

Re: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites?

From: Dave Bush <hockeystatman () gmail com>
Date: Thu, 10 Nov 2005 12:16:18 -0500

On 11/9/05, Christopher Carpenter <ccarpenter () dswa net> wrote:

Look at it the other way.  You want to DENY ALL, then ALLOW SOME.  Block
all ports and IPs, and then grant access to the ones you need.

If you ALLOW ALL, DENY SOME you will end up fighting a losing battle
creating ACL after ACL.


I concur with Chris. Cisco best practices are to always deny all and
only allow what you absolutely need in. Won't replace a firewall, but
will at least help.

I'd think if you're already blocking all and only letting in what you
need via your ACL rule set that you might need a network based IDS/IPS
as your next step behind the router to catch / block worm / virus
traffic.

--
Dave Bush <hockeystatman () gmail com>

There are two seasons in my world - Hockey and Construction

Current thread:

CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites? Pigeon (Nov 09)
- RE: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites? Jacob (Nov 10)
- RE: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites? dave kleiman (Nov 10)
- Re: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites? Austin Murkland (Nov 10)
- <Possible follow-ups>
- RE: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites? Christopher Carpenter (Nov 10)
  - Re: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites? Dave Bush (Nov 15)
    - Re: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites? Chris Davis (Nov 16)