Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
312
Views
0
Helpful
2
Replies

is it a security risk to plug internet router management port into the LAN?

tbitner01
Level 1
Level 1

‎03-14-2014 12:08 PM - edited ‎02-21-2020 05:07 AM

I have to install an ASR1001 on the internet for my company.  I noticed the ASR1001 has a dedicated managment port and I was wondering if it's a security risk to have this mangment port directly connected to my LAN, so I can mange it from my desk.

I only want to manage the ASR from this port and I won't be doing any management through its public IP address.  Is it possible for an attacker to compromise the router then have access to the network though this managment port?

0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-14-2014 03:26 PM

It is a non-zero risk and you have to evaluate that in the context of the network (and assets on it) that you are protecting.

If you harden the router and lock down your in-band access tightly it is a very small risk.

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni

‎03-20-2014 10:43 AM

As Marvin stated it is pretty low risk. That particular port belongs to a Management VRF and cannot be removed/changed from it. If you properly secure the global VRF (disable telnet,ssh, http, etc) it's darn near impossible.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card