Additional Guidelines for Basic Security Policy of Cisco firewall

Navigation: Main page » Technology

 Print this page Submit articleComment article

Penny Stock Egghead as your secret weapo
Wall Street “Insiders” and brokers have a vested interest in you thinking that trading penny stocks is difficult and complicated. But in truth, it’s not. As Nathan Gold will show you, it’s actually as easy as clicking your mouse a few times… or making a quick phone call. Join the Penny Stock Egghead’s One-Trade-A-Week team today, and in addition to receiving first-word on soon-to-explode penny stocks… …you’ll get an instantly downloadable quick-start guide that will walk you through how to trade these ridiculously affordable stocks step-by-step. Even if you’ve never traded a stock in your life, now you can buy and sell these wealth-creating stocks just like the “big shot” investing pros.

Author: endeavor

The following is the additional guidelines for basic security policy of Cisco firewall. a: Protect the DMZ in several directions. This is a small network on a firewall interface that has a medium level of security. Users on the outside or public network are allowed to reach the servers on the DMZ using specific protocols and ports.Be careful how you configure the ccie security policies on the DMZ interface. Make sure that outside ccie users are allowed access only to the specific protocols needed. Then make sure that machines on the DMZ interface are allowed access to other inside (secured) hosts using only the protocols needed for data transfer. For example, suppose you have a public web server that offers information using HTTP. That web server populates its web pages by sending SQL requests to other data center servers on the inside network. For the DMZ, you should configure the firewall to allow outside access to the web server using only TCP port 80 (HTTP). In addition, the DMZ server should be allowed to send only SQL packets toward the inside data center, and nothing else. If you leave open access (any protocol or port number) between the DMZ server and the inside, the DMZ can become a "springboard" so that malicious CCIE users on the outside can compromise the DMZ server and use it to compromise others on the inside. b: Be overly cautious about ICMP traffic. ICMP packets are very useful when you need to troubleshoot access or network response time to a host. Ping (ICMP echo) packets are well known for this. However, configuring a firewall to allow open access for the ICMP protocol usually is not wise. Malicious users on the outside can use ICMP to detect or attack live hosts on a DMZ or inside network. Typically, best practice is to use a Cisco CCIEfirewall to hide as much information as possible about the internal secured network. Outbound pings might be allowed so that your internal ccieusers can test to see if a service is alive on the public Internet. Inbound pings (echo requests) should be denied altogether, because you don't want outside users to know if your internal services are alive. The only exception might be to allow pings to reach your hosts that offer public services, but nothing else.