Cisco Access Control Lists – Recommended default template?

10 pts.
Tags:
Access Control List
Access List
ACL
Cisco
Hey guys! I was hoping to find a default access control list template that you may use to block off, reserved addresses, known worms, viruses, vulnerabilities when you are setting up a new router?

Trying to think of every possible threat is impossible but a good recommended starting point for securing down a router that you may use at your work or home.

Post those ACLS!

ASKED: August 20, 2009  5:07 PM
UPDATED: August 25, 2009  7:45 AM

Answer Wiki

Thanks. We'll let you know when a new response is added.

First you must realise that an access-list will not protect you from worms or viruses. These are active at the application layer, and a router only works to the network/tranport layer, so it does not have any visability of these threats. You need to use a firewall with the added hardware or software to check for these, or more likely, run anti-virus and anti-malware software on your PCs.

To prevent more network based attacks you should at least run firewall versions of the IOS on the router. Then use the ‘inspect’ commands to allow back in the replies to any packets you send out, and it blocks anything else comming in.

If you don’t have that, then you are taking a risk.

Use NAT (network address translation) for your connection to the Internet, that helps to protect your PCs on the inside, because it removes them from being directly accessed by anyone on the Internet. Also harden up the router, at least put an access-list and access class commands on the vty ports, to prevent anyone outside logging into the router.

Have a look at this page on the Cisco website, regarding the hardening of IOS routers. You don’t need to do all these things, but doing at least some of them will make your installation more secure.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml

My advice would still be to get the firewall version of the IOS, and also make sure all your machines have up to date virus and anti-malware software running. And remember, you are a small fish in a big pond, so a major attack at the network level is unlikely, so the virus check and anti-malware is your best defence.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following