03-12-2009 10:04 AM - edited 03-10-2019 04:23 PM
I understand that this should be dictated by a security policy/risk assessment, but I was hoping to get some opinions on this.
The ACS is behind the Internet firewall. We are going to place it on a LAN so that it can be accessible throughout all the WAN by any LAN. Should it go behind a Firewall Services Module? To me, putting the ACS behind a FWSM is excessive and unnecessary and just adds to overhead. The box is already hardened and has CSA running on it. Would you agree?
03-12-2009 12:58 PM
Aaron
It does depend on what information is stored locally on the ACS server and also what the ACS server is responsible for giving access to.
It also depends on how well you could lock down the firewall rule for the ACS server ie. how many IP addresses need to access it etc..
It can add to overhead but bear in mind that your ACS server can actually hold the "keys" to the estate. Putting it behind a firewall may well protect it from the casual observer and also protect it against things like denial of service.
I have worked in environments where it as behind a firewall and environments where it wasn't. If the access the ACS grants is important enough put it behind a firewall in my opinion.
Jon
03-13-2009 10:06 AM
I would suggest to keep it behind firewall as acs plays a important role in security. As Jon said that it is imp to protect acs from network attacks.
Regards,
~JG
Do rate helpful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide