10-30-2008 08:44 AM - edited 03-04-2019 12:07 AM
I have installed a Cisco 2821 perimeter router and ASA firewall for a business. How can I test the security of the router? The router has firewall features. Would it be redundant to configure the firewall features in the router, since there is a ASA firewall protecting the LAN and DMZ?
Solved! Go to Solution.
10-30-2008 10:03 AM
Said
Have a look at the following link for information on hardening a Cisco router
http://www.sans.org/reading_room/whitepapers/firewalls/794.php
Also have a look at this recent thread for an idea of the sort of filtering you should do on an Internet facing router
In answer to your question, yes i think it would be redundant to use the firewalling capabilities of the router if you have a firewall like the ASA protecting the LAN and your DMZ.
Jon
10-30-2008 10:15 AM
Additionally to Jon's post and links-
I try and keep the following link current. It's an ACL for internet routers. This ACL is for DoD/NIST compliance.
(hyperlink doesn't always work, so try copy-n-paste)
Hope that helps.
10-30-2008 10:03 AM
Said
Have a look at the following link for information on hardening a Cisco router
http://www.sans.org/reading_room/whitepapers/firewalls/794.php
Also have a look at this recent thread for an idea of the sort of filtering you should do on an Internet facing router
In answer to your question, yes i think it would be redundant to use the firewalling capabilities of the router if you have a firewall like the ASA protecting the LAN and your DMZ.
Jon
10-30-2008 10:15 AM
Additionally to Jon's post and links-
I try and keep the following link current. It's an ACL for internet routers. This ACL is for DoD/NIST compliance.
(hyperlink doesn't always work, so try copy-n-paste)
Hope that helps.
10-30-2008 11:54 AM
Collin, Thanks. Said
10-30-2008 11:44 AM
Jon,
Thanks. You are awesome.
10-30-2008 12:12 PM
Jon,
http://www.sans.org/reading_room/whitepapers/firewalls/794.php
States of vulnerabilities in the IOS. How do you patch the IOS, is it like Windows patching system?
Said
10-30-2008 02:20 PM
no the IOS is not patched like windows
cisco releases updates of the ios
so its a new .bin file
you would have to get the new IOS release and depending on your router erase the old ios and copy the new to the router
IOS's have multiple releases within a version
10-30-2008 04:28 PM
Also note, unlike Windows, most updates to IOS are not free. However, for some security issues, Cisco does provide free updates.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: