[ale] Cisco ACL's vs. Linux firewall?

Dow Hurst dhurst at kennesaw.edu
Thu Nov 15 18:26:45 EST 2001


In your opinion, how good are Cisco router ACL's compared to a regular
firewall?  I understand the telnet access to the routers is a real
problem, but what if you are on a switched network?  Also, the OS of
Cisco routers has been hacked more than once so is that the real
danger?  I have a scenario where a friend can have multiple routers over
a campus network containing ACLs to protect his expensive SGI lab or
just one Linux firewall.  Using the firewall will bottleneck the lab to
a single 100Mbit switched pipe, while the Cisco ACLs would allow each
SGI to have it's own 100Mbit switched pipe.  I do understand that Linux
can have holes just like Cisco routers.  The Linux firewall or Cisco
routers would have ipchain rules or ACLs allowing only SSH and HTTP in
and out of the lab.  I guess that the lab would need to be on its own
subnet with no other machines allowed when using the Cisco router
scenario.  Just curious,
Dow
-- 
__________________________________________________________
Dow Hurst                   Office: 770-499-3428
Systems Support Specialist  Fax:    770-423-6744
1000 Chastain Rd.
Chemistry Department SC428  Email:dhurst at kennesaw.edu
Kennesaw State University         Dow.Hurst at mindspring.com
Kennesaw, GA 30144
*********************************
*Computational Chemistry is fun!*
*********************************

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list