> -----Original Message-----
> From: Jarmon, Don R [mailto:[EMAIL PROTECTED]]
[...]
> Here's a good starting point:
>
> Cisco Router basic Firewall
> How to set up a Cisco router with standard IOS as a basic Firewall.
>
> http://itresources.brainbuzz.com/tutorials/tutorial.asp?t=S4TU
> 314&tn=Cisco+R
> outer+basic+Firewall&pi=S1C47&pn=Routers
I agree - that's a very good starting point. It gives people a perfect
opportunity to look at a really BAD BAD BAD set of ACLs to use on a
screening router before starting to construct a good set.
Frankly, I'd rather have no ACLs at all than that set - at least it would be
slightly faster (and pretty much as secure). I won't waste time with a
detailed critique, but suffice to say that there's not one, not two, but
SEVERAL permit statements that I'd never use without forcing the customer to
sign a waiver.
Cheers,
--
Ben Nagy
Network Security Specialist
Marconi Services Australia Pty Ltd
Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
