I have an application server that I need to make available to the Internet. For simplicity's sake, let's say it's a web server.
I understand how to use a basic access list to allow only tcp port 80 to this server from the Internet. That's all I want. I want to make the http server available to anyone, but nothing else should be allowed in.
However, I thought it might be a good idea to use some sort of beefed-up level of security, so I bought the firewall feature set IOS for my router.
Now that I'm reading up on it, it appears that CBAC is the main security feature of the firewall feature set, but everything about CBAC seems to be geared towards traffic going from inside out, not outside in.
Is setting up CBAC inspection useful in my situation? Are there any other features besides a basic access list should I consider using on this router?
Thank you