Re: Router ACL question

Author	All Replies
carp Rejected join:2002-10-30	reply to tomkb Re: Router ACL question Change last ACL statement to permit tcp any any established.
	to forum · permalink · 2010-01-26 15:26:10 ·
Bink Villains... knock off all that evil join:2006-05-14 Denver, CO kudos:4	This is bad advice—and a VERY poor substitute for a modern firewall.
	to forum · permalink · 2010-01-26 15:55:39 ·
carp Rejected join:2002-10-30 Reviews: ·RoadRunner Cable	said by Bink: This is bad advice—and a VERY poor substitute for a modern firewall. Not if he only wanted to allow traffic back in that is in response to traffic initiated inside. Inspect makes sure those allowed back in, were not messed with. Depends on the level of protection desired and the risks you've accepted. Sometimes advanced protection will break things. So it's not as black and white as it's often portrayed.
	to forum · permalink · 2010-01-27 14:11:01 ·
Bink Villains... knock off all that evil join:2006-05-14 Denver, CO kudos:4 Reviews: ·VOIPo 1 edit	It is black and white. This is akin to using firewall technology from the 1980s—and there are significant security flaws with this as all it does is look for an ACK or RST bits on a packet. For example, while telnet and FTP work fine—it is well known they use clear text passwords. As such, I would never suggest they get used where security is a concern—and, in this case, you are suggesting someone use a known insecure method to secure his FIREWALL/network. Since a modern method of security and traffic inspection is readily available to him/built into his device, again, this is bad advice.
	to forum · permalink · 2010-01-27 14:27:57 ·

Equipment Support > Hardware By Brand > Cisco > Router ACL question