Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Full-disclosure] RE: Example firewall script
Date: Tue Aug 30 2005 - 19:15:49 CDT
On Tue, 30 Aug 2005, Rachael Treu Gomes wrote:
> > There are also issues of what KIND of ACL to
> > use and where to place them; Inbound or Outbound.
> > In terms of the original question, the only
> > difference between a "good" line item or a
> > "bad" line item is whether or not the syntax
> > is correct.
> Nicely put.
> > The only difference between a "good" ACL
> > and a "bad" ACL is whether or not it's
> > structure is properly designed and whether
> > or not it's placed in the proper location.
> Again, nicely put. I might also suggest adding the
> idea that ACL logic and format follow with the same
> requirements for placement, and that overarching
> rules/guidelines regarding their structure and flow be
> evaluated on a case-by-case basis. It is incomplete
> and rife with exception, unfortunately, to decree that
> all ACLs and firewall feature sets be constructed in a
> particular manner without taking into account the
> particulars surrounding their respective deployments.
Can anyone suggest a book which discusses ACL theories in different points
of view and practical (?existing) applications? I would love to see
documentation which addresses security and manageability as it relating to
things like minimal ACL-line duplication and ingress+egress filtering
techniques. Even in Cisco and 5xx-level networking courses, these issues
are barely touched on. For traffic policies, much has been learned from
this list and from practical experience.
National Security Concepts, Inc.
PO Box 3567
Tualatin, OR 97062
Voice: (503) 293-7656
Fax: (503) 885-0770
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/