Steve,
This is *EXACTLY* what I was looking for. My thanks goes to you.
Eric
==============================================================
Eric S. Hines [EMAIL PROTECTED]
Information Security Group (ISG) Pgr: (888) 887-2553
NUASIS Corporation Cell: (408) 807-4428
Email Pager: [EMAIL PROTECTED] Dir: (408) 350-4997
--------------------------------------------------------------
NUASIS Corporation Ph: (408) 350-4900
260 Gish Rd. Fx: (408) 350-4999
San Jose, Ca TF: (877) 9NUASIS
95112 CS: (877) NUCUSTOMER
==============================================================
-----Original Message-----
From: Steve Kalman [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 02, 2000 2:17 PM
To: Eric S. Hines; [EMAIL PROTECTED]
Subject: RE: Cisco ACL v/s Firewall
Others will give detailed lists, but let me start off with the obvious.
ACL's can act on any field in the headers from Transport down. They do not
an cannot act on the contents of the packets. Also, with the exception of
monitoring syn/ack bits, they are not stateful. With a few exceptions based
on sequential packets to the same socket, every packet is treated as a new
case.
Firewalls change this behavior. They can notice when DoS or even DDoS
attacks are taking place. They can examine the contents of packets looking
for phrases such as the virus out last year with a woman's name, or the
recent "lovely" one (I avoided the common names because some firewalls would
have filtered this message had I used them.) They can do signature based and
heuristic virus scans. They can scan for ActiveX or other dangerous content
and remove it. They can log.
Steve
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Eric S. Hines
Sent: Friday, June 02, 2000 4:13 PM
To: [EMAIL PROTECTED]
Subject: Cisco ACL v/s Firewall
I have an associate who works for a company that uses Cisco ACL's in all of
their routers instead of a real firewall solution. Is there anyone out there
that can provide me with a valid rebute to the use of ACL's over a real
hardware-based or software-based firewall like FW-1 or even Raptor..
possibly even a hardware-based box like Sonicwall.
The company does VoIP/VoVPN solution, managed call centers and I already
have stated the issue of load problems when the ACL's span 10-20 pages in
length. Does anyone know of any current ACL circumventions or even security
issues with using such a method for firewalling/filtering.
Your advice would be appreciated.
ESH
==============================================================
Eric S. Hines [EMAIL PROTECTED]
Information Security Group (ISG) Pgr: (888) 887-2553
NUASIS Corporation Cell: (408) 807-4428
Email Pager: [EMAIL PROTECTED] Dir: (408) 350-4997
--------------------------------------------------------------
NUASIS Corporation Ph: (408) 350-4900
260 Gish Rd. Fx: (408) 350-4999
San Jose, Ca TF: (877) 9NUASIS
95112 CS: (877) NUCUSTOMER
==============================================================
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Delmer Harris
Sent: Friday, June 02, 2000 12:21 PM
To: Eric S. Hines
Cc: [EMAIL PROTECTED]
Subject: Re: Ok, this may be off topic..
Look for documentation on syslog. This is available in many versions of
Un*x.
"Eric S. Hines" <[EMAIL PROTECTED]> on 06/02/2000 01:22:14 PM
To: [EMAIL PROTECTED]
cc:
Subject: Ok, this may be off topic..
Hello fellow industry execs,
This might be off topic, so I apologize. But, I need to setup a remote log
server. Does anyone know of a HOW-TO or whitepaper describing how to
configure servers to remotely log their log files to a remote system?
Your help would be appreciated.
ESH
==============================================================
Eric S. Hines [EMAIL PROTECTED]
Information Security Group (ISG) Pgr: (888) 887-2553
NUASIS Corporation Cell: (408) 807-4428
Email Pager: [EMAIL PROTECTED] Dir: (408) 350-4997
--------------------------------------------------------------
NUASIS Corporation Ph: (408) 350-4900
260 Gish Rd. Fx: (408) 350-4999
San Jose, Ca TF: (877) 9NUASIS
95112 CS: (877) NUCUSTOMER
==============================================================
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Eric S. Hines
Sent: Friday, June 02, 2000 10:43 AM
To: Rohit Gupta; [EMAIL PROTECTED]
Subject: RE: ping of death
Just my 2 cents, but turn off ICMP ping packets at the firewall or router.
ESH
===========================================================
Eric S. Hines [EMAIL PROTECTED]
Information Security Group NUASIS Corporation
Page: [EMAIL PROTECTED]
-----------------------------------------------------------
NUASIS Corporation Ph: (408) 350-4900
260 Gish Rd. Fx: (408) 350-4999
San Jose, Ca TF: (877) 9NUASIS
95112 CS: (877) NUCUSTOMER
===========================================================
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Rohit Gupta
Sent: Friday, June 02, 2000 10:10 AM
To: [EMAIL PROTECTED]
Subject: ping of death
Can somebody tell me if there is any tool to secure my server from ping of
death...
please Help urgently reqd
Rohit
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
