06-12-2003 10:43 AM - edited 03-09-2019 03:39 AM
Hi,
What are the security technologies/products for SOHO? Are there best practices available for
reference?
Thanks,
Mirabelle Paige
06-12-2003 11:22 AM
Take a look at this link,
http://www.ccnaprep.com/securityciscorouters.htm
It has many good stuff. You don't have to do them all, but at least do what's suit you, and have an idea of other concerns.
06-12-2003 11:38 AM
thanks, I am looking at more general recommendations at the high level.
For example, what kind of AV products, firewalls, secure wireless access should I be looking into.
thanks,
MP
06-12-2003 12:20 PM
As for PIXes, I would say go for PIX 501, it would be more than enough for a SOHO.
Check more info here, http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/
As for routers, I would suggest SOHO 70 or SOHO 90. The SOHO 90 supports VPN functionality.
http://www.cisco.com/en/US/products/hw/routers/ps2167/index.html
and
http://www.cisco.com/en/US/products/hw/routers/ps4866/index.html
Here is another link for Wireless devices,
06-13-2003 01:23 PM
i have installed various routers and firewalls for remote soho sites and i would have to say that for soho's with dsl links i would stick with the 806 and pix501
i always try to use cbac and ios ids
for vpn'd remote soho sites connecting to a central vpn hub site, i log the syslog msgs via ipsec to a workstation at that CO
there is a very good guide: NSA router security, that may also help out
http://www.nsa.gov/snac/cisco/download.htm
good luck
also
when defining your inbound access-lists for dsl links, it is a always good idea to have the 'deny any any log-input' after permitted traffic but the first line in all of my acls for perimter routers is always :
access-list XXX deny udp any any netbios-ns
explicitly enter WITHOUT the logging keyword. if you log this or you do not define this as a seperate acl entry causing udp 137 traffic to be caught up in your last 'deny any any log' acl statement you have so many log entries in your logs that it will make up at least 95% your logs (from pc's attached to the Internet announcing themselves -- believe it is more than 30 seconds) and you may miss other exploit attempts and scans.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: