Carefully Audit Rules Containing “Any”

If you create a rule that does not restrict access to a particular user or destination resource, the word “any” appears in the access control list.

Carefully consider the impact of “any” in your policy rules. For a “permit” rule, too many criteria that apply to “any” could expose a security hole. On the other hand, too many “deny” rules for “any” could unnecessarily restrict network access.