Extended Access-List example on Cisco Router

Hello AZM

It’s a good start and you cover most of the issues that can affect the edge. You will also need to examine your network and see what additional traffic you can deny, that is, traffic that you know is invalid for your network. For example, if you will never have an FTP session initiated from the Internet to an internal host, you can block that particular port as well.

Take a look at this Cisco documentation that describes best practices for ACLs at the edge, as they are the first line of defense of your network:

I hope this has been helpful!

Laz

1 Like