Ing. Andr�s E. Gallo wrote: >Hi people, > >Pls, if someone can share an ACL to put in a border router ( facing to >internet ) and/or have any comments on this one below -got it somewhere-, >let me know. >
Also see: http://www.cymru.com/Documents/secure-ios-template.html for information on the bogon ACLs which are regularly updated at that site, as well as additional good information on securing the router itself. The NSA guide that was posted is also useful, although not all of the advice applies to civilian applications. For a general router security guide, I think the cymru.com document is better. If you apply the bogon ACL, be sure to get yourself onto a list where you will receive notifications that it has been updated (perhaps NANOG), or write a script to wget the bogon ACL + diff it regularly and mail you the results.
