I have just built a new gateway with one of our older routers an 1841. I currently have it connected to the outside world and would like to know of any further suggestions to secure it.
currently i have created an ACL so that http, https and dns only get through for now. implied deny all at the end of this acl i would expect ICMP to stop.
Also an ACL on the VTY interface to limit access only to physical console.
Below is my current config
ip name-server 70.70.80.#
ip address 203.203.#.# 255.255.255.252
ip nat outside
ip address 192.168.1.253 255.255.255.0
ip access-group AllowWeb in
ip nat inside
ip route 0.0.0.0 0.0.0.0 203.203.#.#
ip http server
ip nat inside source list 5 interface FastEthernet0/0 overload
ip access-list extended AllowWeb
permit tcp any any eq 443
permit tcp any any eq www
permit udp any any eq domain
access-list 5 permit 192.168.1.0 0.0.0.255
access-list 101 deny tcp any any eq telnet
line con 0
line aux 0
line vty 0 4
access-class 101 in