• PowerCrazy
    link
    fedilink
    arrow-up
    5
    arrow-down
    7
    ·
    1 year ago

    Right but if you want to start doing application level blocking, then the proper tool for the job is a stateful firewall and even better, a RADIUS/Kerberos system that authenticates every connection between servers.

    Basically I use ACLs to prevent spoofing attacks from originating out of my network, and also to lock down the management plane of my network devices to specific subnets. In all other cases a stateful firewall should be used exclusively.

    In any other case ACLs provide the illusion of security and create a huge amount of operational friction especially in a dynamic environment.