whisperwind Wed, 09/19/2007 - 07:27

I am unaware of a document like that I cna however give you some pointers from my experience.


1. Remember the implicit deny all

2. Be as granular in permitting traffic as you can be

3. Sometimes the best engineered solution has to bend to business needs

4. Use object groups to group subnets / hosts

5. Use the remark feature so 2 months from now you can recall why something is there


Thats my .05 hope it helps.

lowen Wed, 09/19/2007 - 11:29

SANS offers a course called "Working with Firewall Rule Bases". If you've been working with firewalls a long time, you may or may not find it useful, but it deals with just this sort of thing, and I think it would be very good for someone relatively inexperienced with working with firewalls. Here's a url:


http://www.sans.org/training/description.php?mid=130&portal=6239c11a87ccaa2cc1cc4e1010fe7065


Larry Owen

srue Wed, 09/19/2007 - 11:33

read rfc 2827.

and block everything from china, unless that's where you live.

google 'bogon filtering'

dgalati000 Thu, 09/20/2007 - 06:10

thanks, srue. I need to go there to read up on my BGP rfc's anyway, I'll check this one as well. I'm new to mid to PIX so if I have questions, I'll post em here.

Actions

This Discussion