Hi Reddit,
I was asked by a customer to block all traffic from outside of the US and all ports that aren't currently in use. I don't believe taking this request word for word is the solution, the users company recently got infected with randsomware so they are making knee-jerk request. What I think would be possible is to setup an ACL on the outside with a handful of subnets from the known bad countries. They only have an ASA 5505, no firepower, so that's the best solution to their request I can come up with. Other steps are being taken by our System guys with AV, but are their any other recommendations I should look at on the firewall?
No comments:
Post a Comment