Cisco Support Community
Community Member

SOHO security considerations


What are the security technologies/products for SOHO? Are there best practices available for



Mirabelle Paige

Community Member

Re: SOHO security considerations

Take a look at this link,

It has many good stuff. You don't have to do them all, but at least do what's suit you, and have an idea of other concerns.

Community Member

Re: SOHO security considerations

thanks, I am looking at more general recommendations at the high level.

For example, what kind of AV products, firewalls, secure wireless access should I be looking into.



Community Member

Re: SOHO security considerations

As for PIXes, I would say go for PIX 501, it would be more than enough for a SOHO.

Check more info here,

As for routers, I would suggest SOHO 70 or SOHO 90. The SOHO 90 supports VPN functionality.


Here is another link for Wireless devices,

Community Member

Re: SOHO security considerations

i have installed various routers and firewalls for remote soho sites and i would have to say that for soho's with dsl links i would stick with the 806 and pix501

i always try to use cbac and ios ids

for vpn'd remote soho sites connecting to a central vpn hub site, i log the syslog msgs via ipsec to a workstation at that CO

there is a very good guide: NSA router security, that may also help out

good luck


when defining your inbound access-lists for dsl links, it is a always good idea to have the 'deny any any log-input' after permitted traffic but the first line in all of my acls for perimter routers is always :

access-list XXX deny udp any any netbios-ns

explicitly enter WITHOUT the logging keyword. if you log this or you do not define this as a seperate acl entry causing udp 137 traffic to be caught up in your last 'deny any any log' acl statement you have so many log entries in your logs that it will make up at least 95% your logs (from pc's attached to the Internet announcing themselves -- believe it is more than 30 seconds) and you may miss other exploit attempts and scans.

CreatePlease to create content