Although not completely directed at what you wanna know, this document as some
general security information about blocking some common attacks, including
access list templates to paste into your router/pix
http://www.cisco.com/public/cons/isp/documents/IOSEssentialsPDF.zip.
Rich
On Feb 1, 8:28pm, Jim Deane chatted about:
> Subject:Re: What should I block???
> SANS (www.sans.org) usually has some good resources. Here is the direct
> link to their sample security policies:
>
> http://www.sans.org/newlook/resources/policies/policies.htm
>
> Jim
>
>
> ""Tom"" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I've heard many things about a "security policy" and I understand what I
> > would specify on one, but could someone point me in a direction to check
> out
> > a "sample" security policy. At least I could look at what questions
> should
> > be answered by my policy. Just looking for some general guidelines. Even
> a
> > reference to a book or website would be welcome.
> >
> > Thanks,
> >
> >
> >
> >
> > Tom McNamara, MCSE, CCNA
> > McNamara Professional Services
> > (407)822-5199 Phone
> >
> >
> > --------------------------------------------
> > A bus station is where a bus stops.
> > A train station is where a train stops.
> > On my desk, I have a work station...
> >
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > Jim Deane
> > Sent: Thursday, February 01, 2001 1:28 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: What should I block???
> >
> >
> > Well, that depends.
> >
> > My first recommendation would be to review your company security policy
> > which was signed off on by executive management. That policy should list
> > what types of traffic, ports, etc. your company has deemed necessary and
> > will allow into their environment. It should also dictate what types of
> > traffic will be allowed *out* of your network.
> >
> > My first recommendation isn't probably terribly useful since I have found
> > that most companies don't have a well defined security policy blessed by
> the
> > CEO. This is, IMHO, a recipe for disaster. I would strongly recommend
> > either having them come up with a security policy (which will then dictate
> > what your ACL and FW rulebase look like), or you come up with one, but
> have
> > them "bless" it.
> >
> > You should definitely set up access lists to protect the router itself
> (i.e.
> > deny telnet, SNMP, etc.) Some people also "mirror" the security policy
> > (i.e. rule base) on their firewall on the border router. This lets the
> > router receive the brunt of most port scans, etc. I would also recommend
> > blocking the receipt of any packet with a source address of any of the RFC
> > 1918 addresses, any packet with a source address with a first octet of
> 255,
> > etc. You can either block the RFC 1918 addresses with an ACL, or route
> them
> > to Null0. I've seen both approaches used.
> >
> > Pick long, complex passwords for your border router and use "service
> > password encryption" to encrypt them.
> >
> > Check your logs regularly.
> >
> > Be a good internet neighbor and set up outbound ACLs that only allow
> traffic
> > that originated on your network out. This cuts down on spoofing.
> >
> > If your management won't sign off on whatever security policy you come up
> > with, make sure you figure out in advance who is responsible/culpable when
> > you get hacked.
> >
> > If you are new to Checkpoint Firewalls and Information Security, subscribe
> > to the FW-1 mailing list on the Checkpoint web site. There are some
> great,
> > knowledgeable guys and gals on that list. It is focused mainly on FW-1,
> but
> > they also cover many general security concepts from time to time. Also,
> > check out www.phoneboy.com/fw1 for FW-1 related "stuff."
> >
> > Marcus Ranum runs a good, vendor agnostic firewall mailing list at
> > http://www.nfr.com/mailman/listinfo/firewall-wizards
> >
> >
> > HTH,
> > Jim
> >
> >
> > <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Hi Group,
> > > I know that this is going to be very broad but just bare with me on
> > this one. We are switching over our firewall router from a bay to a cisco.
> > The cisco one that I am going to work on is already pre-configured except
> > for access-lists and filters. What they basically told me is that the
> > checkpoint device behind it will take care of all of the intense blocking
> > and forwarding, but on this FW-router we just want to block the basic
> things
> > that are usually not allowed through.
> > > Here's what I was hoping for. Just a basic list of things that are
> > normally blocked on the router above the FW. For example, I know that I'm
> > gonna set an inbound access-list denying telnet so that the checkpoint
> > doesn't even have to worry about that. I am just looking for a list of
> > services/ports/etc., that as a rule of thumb to you FW guru's, are usually
> > denied. I know this is broad and I'll understand if I don't get much
> > feedback. Gotta also find that whitepaper on FW's. Concidering this will
> be
> > my first time coming anywhere near a FW (FW Virgin) I'm a little nervous
> and
> > hope you guys can help out. Thanks all, =o)
> > >
> > > Mark Z...
> > >
> > > _________________________________
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > >
> >
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>-- End of waffle from Jim Deane
--
*** Please copy your emails to [EMAIL PROTECTED] ***
#-----------------------------------------------------------------------#
# .. .. | Richard Gallagher | Office:+32 2 704 5000 #
# || || | Euro-CATS | Direct:+32 2 704 5421 #
# || || | Cisco Systems Belgium | Fax: +32 2 704 6000 #
# |||| |||| | Pegasus Park | email: [EMAIL PROTECTED] #
#.:||||||:.:||||||:.| De Kleetlaan, 6A | #
# Cisco Systems | BE 1831 Diegem | http://www.cisco.com/tac #
#-----------------------------------------------------------------------#
"Normal people believe that if it ain't broke, don't fix it. Engineers
believe that if it ain't broke, it doesn't have enough features yet."
Check out this link: http://www.cisco.com/warp/customer/63/
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
