Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

testing secirity of a router

I have installed a Cisco 2821 perimeter router and ASA firewall for a business. How can I test the security of the router? The router has firewall features. Would it be redundant to configure the firewall features in the router, since there is a ASA firewall protecting the LAN and DMZ?

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Blue

Re: testing secirity of a router

Said

Have a look at the following link for information on hardening a Cisco router

http://www.sans.org/reading_room/whitepapers/firewalls/794.php

Also have a look at this recent thread for an idea of the sort of filtering you should do on an Internet facing router

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=General&topicID=.ee6e1f8&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc23923

In answer to your question, yes i think it would be redundant to use the firewalling capabilities of the router if you have a firewall like the ASA protecting the LAN and your DMZ.

Jon

Re: testing secirity of a router

Additionally to Jon's post and links-

I try and keep the following link current. It's an ACL for internet routers. This ACL is for DoD/NIST compliance.

http://www.packetpros.com/wiki/index.php/What%27s_the_current_DITSCAP/DIACAP_ACL_for_a_public_interface%3F

(hyperlink doesn't always work, so try copy-n-paste)

Hope that helps.

7 REPLIES
Hall of Fame Super Blue

Re: testing secirity of a router

Said

Have a look at the following link for information on hardening a Cisco router

http://www.sans.org/reading_room/whitepapers/firewalls/794.php

Also have a look at this recent thread for an idea of the sort of filtering you should do on an Internet facing router

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=General&topicID=.ee6e1f8&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc23923

In answer to your question, yes i think it would be redundant to use the firewalling capabilities of the router if you have a firewall like the ASA protecting the LAN and your DMZ.

Jon

Re: testing secirity of a router

Additionally to Jon's post and links-

I try and keep the following link current. It's an ACL for internet routers. This ACL is for DoD/NIST compliance.

http://www.packetpros.com/wiki/index.php/What%27s_the_current_DITSCAP/DIACAP_ACL_for_a_public_interface%3F

(hyperlink doesn't always work, so try copy-n-paste)

Hope that helps.

New Member

Re: testing secirity of a router

Collin, Thanks. Said

New Member

Re: testing secirity of a router

Jon,

Thanks. You are awesome.

New Member

Re: testing secirity of a router

Jon,

http://www.sans.org/reading_room/whitepapers/firewalls/794.php

States of vulnerabilities in the IOS. How do you patch the IOS, is it like Windows patching system?

Said

Re: testing secirity of a router

no the IOS is not patched like windows

cisco releases updates of the ios

so its a new .bin file

you would have to get the new IOS release and depending on your router erase the old ios and copy the new to the router

IOS's have multiple releases within a version

Super Bronze

Re: testing secirity of a router

Also note, unlike Windows, most updates to IOS are not free. However, for some security issues, Cisco does provide free updates.

135
Views
0
Helpful
7
Replies
CreatePlease to create content