Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Is the Internet Router safe in the Public?

Status
Not open for further replies.
SagaLore

SagaLore

IS-IT--Management
May 1, 2003
17
US
I am relatively new to cisco routing so please bare with me.

Scenario:

The Internet T1 connects to the Internet Router, which then plugs into a swithc called Public. The PIX then plugs into the Public and then connects to the internal network.

My quesiton is, wouldn't it be safer to plug the Internet T1 into the PIX? Isn't the Internet Router at risk?
 
Sort by date Sort by votes
Depends what your using the router for. If it is just strictly an "internet router" that is merely acting as a CPE forwarding packets from the WAN to the PIX, then I wouldnt lose any sleep. I would just throw an access list on it.
 
Upvote 0 Downvote
But if I have a PIX, would it be more appropriate to connect the Internet T1 to the PIX instead? Or is the PIX not as efficient to handle an Internet T1 directly?
 
Upvote 0 Downvote
It can't...only ethernet can terminate in a pix.

But you should enable ingress/egress filters on the router.

Jan

Network Systems Engineer
CCNA/CQS/CCSP
 
Upvote 0 Downvote
The only concerns you really have are denial of service attacks on you router or someone hacking into your router. Make sure you have vty connections disabled and an up to date IOS image and you have no worries.
 
Upvote 0 Downvote
Do you manage the router or does the ISP. If the ISP manages the router then thiers nothing you have to do. It's the ISP responsibilty to safe guard it.

NetEng
 
Upvote 0 Downvote
DoS and Hacking are THE concerns I have.

It is our own Internet Router. I always thought that the PIX was a beefy router with more features added. I thought maybe the PIX would accept a CSU/DSU module so the T1 could terminate into it. But that is just speculation...
 
Upvote 0 Downvote
Ive personally never tried it, but using an external CSU/DSU device to terminate into the PIX's outside ethernet interface sounds logical.


Just as a previous poster mentioned - having the vty connections disabled, and access list, and an up to date IOS image should put your concerns to rest. If for some reason a DOS attack occurs or a hacker somehow gets in the router, it can be easily detected and any damage that can be done would be minimal....
 
Upvote 0 Downvote
Well, if a hacker somehow assumes control over your edge router, you have a big problem. Ip spoofing and mitm attacks come to mind. Also sniffing packets with the use of the router could be a serious issue all sorts og nasty things, Cisco have some nice guidelines for securing edge routers on their site.
You could also try the new 12.3 autosecure feature.

Jan

Network Systems Engineer
CCNA/CQS/CCSP
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

woza
  • Locked
  • Question
GNS3: Delete the lines "transport preferred none"
Replies
1
Views
538
DrB0b
DrB0b
jobsp90
  • Question
I have a issue in my office hospital network regarding using IPPBX software.
Replies
2
Views
273
DavetheChef
DavetheChef
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat 1
Replies
1
Views
692
BIS
BIS
CPM86
  • Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
372
CPM86
CPM86
quazimotto
  • Locked
  • Question
Cisco ASA_5505 VPN to Juniper_SRX210 VPN IS UP_ No Traffic!!!!!!
Replies
0
Views
257
quazimotto
quazimotto

Part and Inventory Search

Sponsor

Back
Top