Hosting Provided By

RE: about access-list location?

From: DeGennaro, Gregory <Gregory_DeGennaro(at)csaa.com>
Date: Tue Jun 24 2003 - 18:49:50 EDT

Ports and protocols as well.

Filtering specifics instead of broad filtering.

-----Original Message-----
From: David Gillett [mailto:gillettdavid@fhda.edu] Sent: Monday, June 23, 2003 11:40 AM
To: 'SB CH'; security-basics@securityfocus.com Subject: RE: about access-list location?

> I have a question about the "access-list" of the cisco.

So, consider what is the difference between a standard and an extended access list. An extended access list lets you specify the source as a filtering criteria!

[I prefer to do all of my filtering on the inbound side of the interface, which I would guess is "located near source". It's probably true that standard access lists require less CPU, but filtering "near destination" means I've already spent CPU to route packets that I'm now going to consider throwing away....]

David Gillett

Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance.

Do you need help?

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm

Received on Wed Jun 25 11:20:20 2003

This message: [ Message body ]
Next message: Tim Greer: "Re: perl scrambling"
Previous message: ATD: "Re: Firewall configuration statistics"
Maybe in reply to: SB CH: "about access-list location?"
In reply to David Gillett: "RE: about access-list location?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:05:07 EDT