[nsp] Protecting border routers

Stephen J. Wilcox steve at telecomplete.co.uk
Fri Nov 28 21:14:18 EST 2003

Theres not a lot you can do to a router (excluding the rare times when a major
exploit has been found out).. why dont you just leave it outside and  make sure 
that you disable all the usual stuff (small servers, http etc) and acl your 
telnet/ssh login. To get back thro a fw to management systems you can poke a 
hole on the fw..


On Fri, 28 Nov 2003, Matthew Crocker wrote:

> What is the current best practice for protecting border routers.   We 
> have a couple routers that are in front of our firewall.  I would like 
> to put them behind the firewall from a management, SNMP, logging point 
> of view.  There is not reason for the Internet to talk with my router.  
> My upstreams need to talk for BGP sessions.  Is it just done with ACLs 
> or is there a way with MPLS to set the local management stuff on the 
> router into a VPN?
> -Matt
> --
> Matthew S. Crocker
> Crocker Communications, Inc.
> Vice President
> PO BOX 710
> Greenfield, MA 01302
> P: 413-746-2760
> F: 413-746-3704
> W: http://www.crocker.com
> E: matthew at crocker.com

More information about the cisco-nsp mailing list