Curious what the various policies are for folks when it comes to filtering individual ip addresses at the border rather than at the firewall?
I oversee three AS's and control all the internet routing between them. For years we've avoided putting filters to block ip's that might be doing bad things. (spam, phishing etc) I feel our job is moving packets as efficiently and as fast as possible. Always felt the job for that type of security should be the firewall folks at each site.
That being said- hardware is faster and better - the ability to script block lists is a lot easier and can be somewhat automated. (Although the thought of another group being allowed to upload lists freaks me out.. they mess up I'm the one getting yelled at.) Yep we could oversee it but we are a small team and time is better spent running the WAN not dealing with what we have always felt is a layer 7 issue. Maybe this isn't a layer 7 issue?
Also- this is not DDOS related at all , we have stuff in place for that and is a different problem. This is more policy between LAN vs WAN.
Thanks in advance!
No comments:
Post a Comment