6.4. Describe security recommended practices, including initial steps to secure network devices
Here's a list of the many security threats you can mitigate with ACLs:
IP address spoofing, inbound
IP address spoofing, outbound
Denial of service (DoS) TCP SYN attacks, blocking external attacks
DoS TCP SYN attacks, using TCP Intercept
DoS smurf attacks
Filtering ICMP messages, inbound
Filtering ICMP messages, outbound
Filtering traceroute
It's generally wise not to allow into a private network any IP packets that contain the source address of any internal hosts or networks—just don't do it!
Here's a list of rules to live by when configuring ACLs from the Internet to your production network to mitigate security problems:
Deny any addresses from your internal ...
Get CCNA®: Cisco® Certified Network Associate: Fast Pass, Third Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.