Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: ACLs / Filter Lists - Best Practices

  • From: Barry Raveendran Greene
  • Date: Wed Nov 28 10:35:20 2001


Chris is talking about the ISP Workshop Archives which includes the ISP
Essentials whitepaper/presentations, security presentations, multihoming
presentations, and other materials we use to help new generations of ISP
Engineers get up to speed. It is all "Cisco" stuff, so keep that in mind. No
fancy web pages - just browse the directories:

	http://www.cisco.com/public/cons/

The security materials are at:

	http://www.cisco.com/public/cons/isp/security/

ISP Essentials is at:

	http://www.cisco.com/public/cons/isp/documents/



> -----Original Message-----
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of
> Christopher L. Morrow
> Sent: Tuesday, November 27, 2001 9:13 PM
> To: John McBrayne
> Cc: nanog@merit.edu
> Subject: Re: ACLs / Filter Lists - Best Practices
>
>
>
>
> On Tue, 27 Nov 2001, John McBrayne wrote:
>
> jm>
> jm> Is anyone aware of any current "best practices" related to the
> jm> recommended set of filtering rules (Cisco ACL lists or Juniper filter
> jm> sets) for reasons of Security, statistics collection, DoS attack
> jm> analysis/prevention, etc.?  I'm curious to see if there are any such
>
> John, the three areas you mention above really should be treated
> differently, is there something you are particularly interested in among
> these?
>
> On a 'generic' note there is are some recommendations offered by Cisco at
> thier website, I can't (of course) endorse them over anyone else, Barry
> Greene (who posts at times here and should respond to this note with the
> proper links from Cisco) is one of the better voices at Cisco for the
> Security (atleast) topic.
>
> Additionally, there were some 'recommended' or 'best practices' covered at
> the last NANOG: http://www.nanog.org/mtg-0110/greene.html
>
> That should atleast get you started on 'Security' and 'DoS' stuff... as to
> statistics could you clarify this some?
>
> jm> recommendations for Tier 1/Tier 2 backbone routers, peering points,
> jm> etc., as opposed to CPE terminations or Enterprise/LAN equipment
> jm> recommendations.
> jm>
>
> Hmm, I'm not going to recommend anything, since your network is likely
> MUCH different from any one I'm working on... BUT perhaps wecan discuss
> some likely scenarios?? (perhaps the other list members might have some
> statistics gathering ideas/examples??)
>
> jm> Actual config file examples would be great, if they exist.
>
>
>





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.