John McBrayne wrote:
Is anyone aware of any current "best practices" related to the recommended set of filtering rules (Cisco ACL lists or Juniper filter sets) for reasons of Security, statistics collection, DoS attack analysis/prevention, etc.? I'm curious to see if there are any such recommendations for Tier 1/Tier 2 backbone routers, peering points, etc., as opposed to CPE terminations or Enterprise/LAN equipment recommendations.
Actual config file examples would be great, if they exist.
Protecting your IP network infrastructure (talk @BlackHat Briefings) (how to secure Cisco routers and (multi-layer) switches running IOS, CatOS, CatIOS and the networks they interconnect) : http://www.securite.org/presentations/secip/ Any feedback, comments, fixes, ideas are welcome :-) Nico. -- Nicolas FISCHBACH (nico@securite.org) <http://www.securite.org/nico/> Senior IP&Security Engineer - Professional Services - COLT Telecom AG Securite.Org Team <http://www.securite.org/>