- Posts: 27
- Thank you received: 0
Router Security
18 years 2 weeks ago #18659
by Benny
Router Security was created by Benny
Hey Everyone,
I was just reading through the ACL configuration document. In that i came to know that router can also allow/block packets based on application layer protocols( such as ftp,snmp etc).
All i heard from most of the people is that router supports only Layer3 security but if it can block/allow packets based on protocols
then it also secure the packets till Layer 7.
Comments on this topic is much appreciated.
Kindly bear with me if my thought on this is incorrect.
Thanks
I was just reading through the ACL configuration document. In that i came to know that router can also allow/block packets based on application layer protocols( such as ftp,snmp etc).
All i heard from most of the people is that router supports only Layer3 security but if it can block/allow packets based on protocols
then it also secure the packets till Layer 7.
Comments on this topic is much appreciated.
Kindly bear with me if my thought on this is incorrect.
Thanks
18 years 2 weeks ago #18664
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: Router Security
Hi there Benny,
Its sort of not quite correct. We are talking about extended access lists to block access using ports. This is talking about Layer 4 of the OSI Model not upto layer 7.
I beleive that Cisco can now do stuff with the application layer and i know that the Pix Firewall can do scanning of the payload of things like http, ftp, smtp, etc... but this is different to normal TCP/UDP port numbers.
Cheers
Wayne
Its sort of not quite correct. We are talking about extended access lists to block access using ports. This is talking about Layer 4 of the OSI Model not upto layer 7.
I beleive that Cisco can now do stuff with the application layer and i know that the Pix Firewall can do scanning of the payload of things like http, ftp, smtp, etc... but this is different to normal TCP/UDP port numbers.
Cheers
Wayne
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
18 years 2 weeks ago #18679
by buulam
Replied by buulam on topic Re: Router Security
To add to that, it'd be an administrative nightmare to maintain many ACL's :shock:
Time to create page: 0.120 seconds