[nsp] Protecting border routers
Stephen J. Wilcox
steve at telecomplete.co.uk
Fri Nov 28 21:14:18 EST 2003
Theres not a lot you can do to a router (excluding the rare times when a major
exploit has been found out).. why dont you just leave it outside and make sure
that you disable all the usual stuff (small servers, http etc) and acl your
telnet/ssh login. To get back thro a fw to management systems you can poke a
hole on the fw..
On Fri, 28 Nov 2003, Matthew Crocker wrote:
> What is the current best practice for protecting border routers. We
> have a couple routers that are in front of our firewall. I would like
> to put them behind the firewall from a management, SNMP, logging point
> of view. There is not reason for the Internet to talk with my router.
> My upstreams need to talk for BGP sessions. Is it just done with ACLs
> or is there a way with MPLS to set the local management stuff on the
> router into a VPN?
> Matthew S. Crocker
> Crocker Communications, Inc.
> Vice President
> PO BOX 710
> Greenfield, MA 01302
> P: 413-746-2760
> F: 413-746-3704
> W: http://www.crocker.com
> E: matthew at crocker.com
More information about the cisco-nsp