Eric,
I don't do the router management, but I do the firewall configuration
and the like. One good answer off the top of my head, is that an ACL is an
IP layer protection. It can stop packets on specific ports to some or all
of your servers. A firewall proxy can run at layer 7 (Application layer)
and ensure that there are no improperly formed requests that don't meet the
protocol standard. A good example is a pipe character in an email address.
Your mail server should not allow this. However, a proxy can stop this
cold and not allow it in your protected net, where an ACL can only look
at what protocol, what port, what address, and some control over the flags.
-Don
> -----Original Message-----
> From: Eric S. Hines [mailto:[EMAIL PROTECTED]]
> Sent: Friday, June 02, 2000 4:13 PM
> To: [EMAIL PROTECTED]
> Subject: Cisco ACL v/s Firewall
>
>
> I have an associate who works for a company that uses Cisco
> ACL's in all of
> their routers instead of a real firewall solution. Is there
> anyone out there
> that can provide me with a valid rebute to the use of ACL's
> over a real
> hardware-based or software-based firewall like FW-1 or even Raptor..
> possibly even a hardware-based box like Sonicwall.
>
> The company does VoIP/VoVPN solution, managed call centers
> and I already
> have stated the issue of load problems when the ACL's span
> 10-20 pages in
> length. Does anyone know of any current ACL circumventions or
> even security
> issues with using such a method for firewalling/filtering.
>
> Your advice would be appreciated.
>
> ESH
>
> ==============================================================
> Eric S. Hines [EMAIL PROTECTED]
> Information Security Group (ISG) Pgr: (888) 887-2553
> NUASIS Corporation Cell: (408) 807-4428
> Email Pager: [EMAIL PROTECTED] Dir: (408) 350-4997
> --------------------------------------------------------------
> NUASIS Corporation Ph: (408) 350-4900
> 260 Gish Rd. Fx: (408) 350-4999
> San Jose, Ca TF: (877) 9NUASIS
> 95112 CS: (877) NUCUSTOMER
> ==============================================================
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Delmer Harris
> Sent: Friday, June 02, 2000 12:21 PM
> To: Eric S. Hines
> Cc: [EMAIL PROTECTED]
> Subject: Re: Ok, this may be off topic..
>
>
>
>
> Look for documentation on syslog. This is available in many
> versions of
> Un*x.
>
>
>
>
> "Eric S. Hines" <[EMAIL PROTECTED]> on 06/02/2000 01:22:14 PM
>
>
>
> To: [EMAIL PROTECTED]
>
> cc:
>
>
>
> Subject: Ok, this may be off topic..
>
>
>
>
>
>
> Hello fellow industry execs,
>
> This might be off topic, so I apologize. But, I need to setup
> a remote log
> server. Does anyone know of a HOW-TO or whitepaper describing how to
> configure servers to remotely log their log files to a remote system?
> Your help would be appreciated.
>
> ESH
>
> ==============================================================
> Eric S. Hines [EMAIL PROTECTED]
> Information Security Group (ISG) Pgr: (888) 887-2553
> NUASIS Corporation Cell: (408) 807-4428
> Email Pager: [EMAIL PROTECTED] Dir: (408) 350-4997
> --------------------------------------------------------------
> NUASIS Corporation Ph: (408) 350-4900
> 260 Gish Rd. Fx: (408) 350-4999
> San Jose, Ca TF: (877) 9NUASIS
> 95112 CS: (877) NUCUSTOMER
> ==============================================================
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Eric S. Hines
> Sent: Friday, June 02, 2000 10:43 AM
> To: Rohit Gupta; [EMAIL PROTECTED]
> Subject: RE: ping of death
>
>
> Just my 2 cents, but turn off ICMP ping packets at the
> firewall or router.
>
> ESH
>
> ===========================================================
> Eric S. Hines [EMAIL PROTECTED]
> Information Security Group NUASIS Corporation
> Page: [EMAIL PROTECTED]
> -----------------------------------------------------------
> NUASIS Corporation Ph: (408) 350-4900
> 260 Gish Rd. Fx: (408) 350-4999
> San Jose, Ca TF: (877) 9NUASIS
> 95112 CS: (877) NUCUSTOMER
> ===========================================================
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Rohit Gupta
> Sent: Friday, June 02, 2000 10:10 AM
> To: [EMAIL PROTECTED]
> Subject: ping of death
>
>
> Can somebody tell me if there is any tool to secure my server
> from ping of
> death...
> please Help urgently reqd
> Rohit
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
