ACL's on the Internet Edge Routers

Unanswered Question
Feb 4th, 2007

I have one query on ACL's on the internet edge routers. If we configure the ACL's as per the below weblink on the edge routers, we may not get all the logs on the firewall as the traffic is filtered at the router level and we donot enable logging on the router.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801afc76.shtml

Unless we enable IDS on this segment there is no way of knowing any attacks towards the firewall or the router itself. I need some comments from security experts on this kind of implementation.

Thank You very much,

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sachinraja Sun, 02/04/2007 - 17:00

Hello Avil,

You need to necessarily need to have an IPS on your segment to know all the attacks hitting your network !!!!! with the anti-spoof ACL applied, as given above, you are only blocking standard protocols or ports coming inside your network.. there can still be attacks on known ports that you are allowing.. if i had to capture that, i would either put an IPS on my network (or SSM card with ASA) or enable logging on devices and put a CS-MARS on my network.. MARS is an extremely useful device, focussed on increasing LAN security with real-time maps on attacks and it also will say how to stop the attack !!!! so, i guess only a couple of options here for you.... not sure if anyone else have any other options...

Hope this helps.. all the best..

Raj

Actions

This Discussion