I'd like to stand up some ACLs between my internal users and the datacenter. Right now most everything is accessible to the users because we do not have a firewall between the DC and the WAN traffic. I'd like to protect us against an internal attack and plan to use ACLs as a firewall is unfortunately out of our budget.
I figure it's much easier to configure and less likely to accidentally "lock myself out" of 25 sites if I made the ACLs on the data center routers but if possible I'd like to save WAN bandwidth by blocking chatter that's unnecessary at the same time. For instance, lots of BYOD devices send DNS queries to random devices and just seem to spew unnecessary traffic.
I know from a management standpoint, changes made across 25 downstream routers will be a bit of a headache but I'm willing to dive into some sort of home-baked SDN solution to make that easier. I can get by with python and I've only never looked into an SDN solution because my network is so simple. This is the first use-case I can think of for it. I guess what I'm asking is do any of you use ACLS between the DC and the users and if so, do you do it down near the users or in the DC?
No comments:
Post a Comment