Hi, all.
I need some info on how different Cisco technologies fare in real-world scenarios in implementing
security for the network. For instance, I always come across this advice that access-lists should not be
used as a replacement for other security products. Has anyone used Unicast Reverse Path Forwarding?
What about TCP SYN intercept? Do you use the same existing access-list when you add this command
to the running config? Will this substantially impact throughput, say on a T1 line? Anyone used
Committed Access Rate feature?
I'm considering building my own intrusion detection system with a Linux box hooked up to the main
segment by way of a Fiber Optic tap, say between the Router and the internal-private-ip-assigned
Catalyst. I'm already using SessionWall, but I feel it's not adequate to ward off those pesky
DDOS attacks. Anyone with comments on securing a network tight? Thanks in advance.
BTW - I'm still researching all the info on security in CCO.
Elmer Deloso
