Re: The best place to put the access lists

Wed, 07 Feb 2001 09:02:36 -0800 

I agree that access lists should be placed at the access layer.  However, 
I'd argue that a firewall is a minimum component of security, not a best 
solution for security.  Those companies that depend solely on a firewall 
for security could be in for a rude awakening.  Additionally, if security 
is mission critical, a PIX wouldn't be my recommendation.  It's decent at 
what it does, but lacks the ability to truly interrogate the network traffic.

Craig

At 10:16 AM 2/7/2001 -0600, you wrote:
>The best place for ACL's is at the access layer.  You want to deny or permit
>packets the outer-most level you have control of.  If you wait for their
>packets to get into the core of your network, then you have already
>compromised your network's security.  If you do it at the router that your
>customer connects to, you can deny things like routing protocols and subnets
>that need not penetrate your network.
>
>The best solution for security is a firewall.  If security is a mission
>critical application, a PIX should be used instead of ACL's.
>
>Kelly D Griffin, CCNA, CCDA
>Network Engineer
>Kg2 Network Design
>http://www.kg2.com
>
>
>----- Original Message -----
>From: "Piatnitchi Cristian" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Wednesday, February 07, 2001 9:59 AM
>Subject: The best place to put the access lists
>
>
> > Hi all
> >
> > I need an advice. I have to choose between the set up
> > ACLs on the router and to set up ACLs on the servers's
> > swtich.
> >
> > Which one is the best solution and why ?
> >
> > Thanks in advance
> > Cristian Piatnitchi
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > ____________________________________________
> > http://1cis.com
> > Free E-mail Servers with unlimited mailboxes
> > 1st Class Internet Solutions
>
>____________________________________________
>http://1cis.com
>Free E-mail Servers with unlimited mailboxes
>1st Class Internet Solutions
>
>_________________________________
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to