From: Paul Cosgrove (paul.cosgrove@heanet.ie)
Date: Tue Jul 22 2008 - 15:53:43 ART
http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/intparam.html
To draw a comparison with another recent discussion, if someone has
clearance to be in a high security area, you will also trust them to go
into low security areas. The reverse is not the case.
This trust model is a good rule of thumb, but is quite simplistic. You
often wouldn't want to blindly trust everyone who happens to be walking
out of a high security area, so additional refinement (acls) may be
necessary depending on your environment.
Paul.
Christopher Copley wrote:
> I dont think that your understanding my question. My question was in
> respond to Brian saying the following...
> "It should be the higher security interface, the lower security interface,
> the lower, then the high again."
>
> In the terms Higher security interface and lower security interface. In my
> mind if you have an outside (public facing interface) the security level is
> 0. But that in my way of thinking is a Higher Security interface, because
> you need MORE security on that interface to keep people on the outsie
> comming in. And on the internal inside (LAN facing interface) with the
> security level being 100 that you need less security b/c you are not worried
> about what goes out of it. Is that a correct way of thinking of Higher and
> lower security interface or not?
>
> Chris
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
-- HEAnet Limited Ireland's Education & Research Network 5 George's Dock, IFSC, Dublin 1, Ireland Tel: +353.1.6609040 Web: http://www.heanet.ie Company registered in Ireland: 275301Please consider the environment before printing this e-mail.
This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:56 ART