cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
413
Views
0
Helpful
7
Replies

testing secirity of a router

saidfrh
Level 1
Level 1

I have installed a Cisco 2821 perimeter router and ASA firewall for a business. How can I test the security of the router? The router has firewall features. Would it be redundant to configure the firewall features in the router, since there is a ASA firewall protecting the LAN and DMZ?

2 Accepted Solutions

Accepted Solutions

Jon Marshall
Hall of Fame
Hall of Fame

Said

Have a look at the following link for information on hardening a Cisco router

http://www.sans.org/reading_room/whitepapers/firewalls/794.php

Also have a look at this recent thread for an idea of the sort of filtering you should do on an Internet facing router

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=General&topicID=.ee6e1f8&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc23923

In answer to your question, yes i think it would be redundant to use the firewalling capabilities of the router if you have a firewall like the ASA protecting the LAN and your DMZ.

Jon

View solution in original post

Additionally to Jon's post and links-

I try and keep the following link current. It's an ACL for internet routers. This ACL is for DoD/NIST compliance.

http://www.packetpros.com/wiki/index.php/What%27s_the_current_DITSCAP/DIACAP_ACL_for_a_public_interface%3F

(hyperlink doesn't always work, so try copy-n-paste)

Hope that helps.

View solution in original post

7 Replies 7

Jon Marshall
Hall of Fame
Hall of Fame

Said

Have a look at the following link for information on hardening a Cisco router

http://www.sans.org/reading_room/whitepapers/firewalls/794.php

Also have a look at this recent thread for an idea of the sort of filtering you should do on an Internet facing router

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=General&topicID=.ee6e1f8&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc23923

In answer to your question, yes i think it would be redundant to use the firewalling capabilities of the router if you have a firewall like the ASA protecting the LAN and your DMZ.

Jon

Additionally to Jon's post and links-

I try and keep the following link current. It's an ACL for internet routers. This ACL is for DoD/NIST compliance.

http://www.packetpros.com/wiki/index.php/What%27s_the_current_DITSCAP/DIACAP_ACL_for_a_public_interface%3F

(hyperlink doesn't always work, so try copy-n-paste)

Hope that helps.

Collin, Thanks. Said

Jon,

Thanks. You are awesome.

Jon,

http://www.sans.org/reading_room/whitepapers/firewalls/794.php

States of vulnerabilities in the IOS. How do you patch the IOS, is it like Windows patching system?

Said

no the IOS is not patched like windows

cisco releases updates of the ios

so its a new .bin file

you would have to get the new IOS release and depending on your router erase the old ios and copy the new to the router

IOS's have multiple releases within a version

Also note, unlike Windows, most updates to IOS are not free. However, for some security issues, Cisco does provide free updates.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: