Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Cisco 836 Firewall

from [Kidder, Roy] Network Security [Permanent Link]
Subject: RE: Cisco 836 Firewall
Date: Thu, 26 Aug 2004 08:31:54 -0400 
I'm not familiar with the 836, but I have used the 800 series routers and
IOS. If you're permitting traffic out on a single IP (PAT) and nothing
inbound, your internal network is reasonably secure. The other thing you'll
want to do is secure the router itself. The easiest way to do this is to
apply an access list to the outside interface which denies telnet (tcp/23)
and ssh (tcp/22) to all inbound traffic. In addition to that, I would
suggest turning off any small-servers which are running on the router as
well as the web configuration interface (assuming you're using command
line). Also, if you're not using SNMP, I'd also turn that off. If you are
using the web interface and/or SNMP, then I'd include those in your access
list for telnet and ssh.

 

Another good idea is to throw away any RFC1918 IP addresses which appear on
your outside interface. This protects your inside network (assuming you're
using RFC1918 there) from being spoofed from the outside world.

 

Basically the idea you're trying to accomplish is to drop any packets from
the outside world that could potentially be those coming from an intruder.
And by doing this on your outside interface, you're dropping the packets
before they could even reach the service for which they're destined.

 

Hope that helps,

Roy

 

 

 

 

  _____  

From: Daniel Benden [mailto:DanielBenden@dbedvtkserver.de] 
Sent: Tuesday, August 24, 2004 4:03 PM
To: firewalls@securityfocus.com
Subject: Cisco 836 Firewall

 

Hello,

 

does anybody know a good and secure Setup for a CISCO 836 integrated
firewall? As of my knowledge, I dont need a firewall, when using dynamic
nat. All PCs use one ip to the internet, and no global to local IP mappings
were added, so the network should not be attackable from the outside. AM I
right with this?

 

Thans in Advance

 

Mit freundlichen Grüßen

Daniel Benden

 

-- 

Daniel Benden EDV- und TK-Consulting

Hahnenkamp 6

52445 Titz

Deutschland

Tel: +49 (0) 2164 7027-0

Fax: +49 (0) 2164 7027-10

24h Service: +49 (0) 2164 7027-19

 

 

 

*************************************************************
This message, including any attachments, may contain
confidential information intended for a specific individual
and purpose, and may be protected by law.  If you are not
the intended recipient, please notify the sender by e-mail
or telephone immediately, and then immediately delete this
message.  Any disclosure, copying or distribution of this
message, or the taking of any action based on it, by any
unintended recipient is strictly prohibited.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Better way to do VLAN in Linux, Kidder, Roy
Next by Date:  RE: x.25 link running HDLC does not need firewall?, Fetch, Brandon
Previous by Thread:  RE: Cisco 836 Firewall, Phil Waller
Next by Thread:  RE: Cisco 836 Firewall, loloinfo
Indexes:  [Date] [Thread] [Top] [All Lists]