every now and then the question of unicast reverse path forward comes up at work, and I kind of question how useful it really is as a security tool.
I can see carefully placed strict mode rules being useful, particularly at network trust edges like the internet or hand offs to 3rd parties so that say some one couldnt spoof an internal network inbound (though, we wouldn't let that through our ACLs any ways at an internet edge).
internally, facing networks maybe to prevent an owned host from spoofing when you dont have an ACL in front of the network (most of our networks have a firewall interface infront of them and the rules are written that only traffic from that network or individual hosts are allowed for the source)
loose seems largely defeated once the default route comes into play.
i guess im just curious where the use really is if you have a well segmented network to begin with. and even in a network with out alot of segmentation, you either have to make sure traffic will work with strict mode, or use loose mode, which circles back to the default route defeating it in most cases (yes i know you have to explicitly allow the default route with loose mode, but i would imagine you would any ways to allow for internet traffic to function)
is there something im missing here? how do others use it in there network that they feel it adds to security. i totally get that security is an onion with layers, but it just seems to me this doesn't have alot of applications that dont just induce bigger headaches.
No comments:
Post a Comment