Home page logo
/

basics logo Security Basics mailing list archives

RE: Protecting PIX Firewall at the Perimeter Router
From: "Gordon Brandt" <gbrandt () apwagner com>
Date: Tue, 5 Nov 2002 14:07:15 -0500

Cisco has some very good documents on their site regarding the basic
security configurations for routers.  I do not, unfortunately, have the URL.
That being said, there are a few things that you may want to place on your
router
1.  Block incoming traffic originating at RFC1918 private addresses.  There
is no reason why these should be coming into your network other than to
spoof.
2.  Block inbound traffic such as SNMP unless you actually want this coming
in from the internet

Those are the two things that I remember most clearly as the best
suggestions for gateway routers

Hope it helps

Gordon Brandt
Network Engineer
AP Wagner Inc.
2205 George Urban Blvd.
Depew, NY  14043
Work: (716) 961-7119
Fax:    (716) 856-4779
http://www.apwagner.com



-----Original Message-----
From: Naman Latif [mailto:naman.latif () inamed com]
Sent: Monday, November 04, 2002 8:47 PM
To: security-basics () security-focus com
Subject: Protecting PIX Firewall at the Perimeter Router


Hi All,

I wanted some suggestions\practical experiences for protecting a
Firewall wall at the Perimeter Router Level.

We have a PIX Firewall connected to our Cisco Router, which
is connected
to the Internet. Should there be any IOS Firewall Rules in the Router,
other than blocking Telnet,FTP etc to the Firewall itself ?

PIX will be doing NAT, protecting DMZ machines, and IPSec connections.

Regards \\ Naman



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]