I am not sure that I fully understand your question. If someone gains access to privilege mode in your router (or switch) they could hack access lists (as well as other things). So to protect your access lists it is important to protect access to your router. Some of the things that you can do to protect your router include:
- restrict remote access to the device by using standard access lists applied to the vty lines by access-class.
- restrict remote access to the device to use SSH and disable telnet access by using the command transport input ssh under line vty.
- have strong authentication. The best is to configure AAA authentication to use an external authentication server like ACS and use local authentication only as a backup if the authentication server is not available.
- use the AAA accounting feature to log the privilege level 15 commands (including configuration commands) to the AAA server so you can track what changes have been made.
I do have strong access lists but wanted to add deep inspection, then i thought the deep inspection would be pointless because the ACL's are doing the security. I was just trying to research if there was something in addition to ACLS, but i guess as long as the ACLs are strong there is nothing else to do.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...