republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsJob BoardISP NewsFAQsForumsToolsMapsAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Equipment Support » Hardware By Brand » Cisco » [Config] Quick check of my security settings?
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Submit a new forum topic ·Forum FAQ ·Submit a FAQ ·Docs Guidelines and Advisories ·EOS/EOL thread
Cisco 7921 stuck in "headset mode" »
« Errors after IOS upgrade  
AuthorAll Replies

Euphrates

join:2007-04-30
Bellingham, WA

reply to Toma
Re: [Config] Quick check of my security settings?

It seems to be a matter of preference. I know if you run Cisco's SDM on a router and you don't have the inspection outbound on the Outside interface, it tells you you don't have a firewall configured.

I inspect inbound on the inside interface. It's something I've read on these forums actually. If you are going to manipulate traffic, you want to do so as close to the source of the traffic as possible. With that said you would inspect inbound on the inside interface.

Also, you do want to have an access-list on the outside interface denying all inbound traffic (again, manipulating the data at the source interface). I don't remember off the top of my head if you have to allow anything in the access-list first for PPPoE/DHCP client to work correctly but if so, make sure you have that configured as well.

When I configure an access-list inbound on the outside interface, I go by the "allow what's needed and deny everything else" rule of thumb. The fact is, you are probably only going to be required to allow a few things into the router and a "deny ip any any" statement should take care of everything else. I'm not sure if others would agree with me on this type of configuration. Again, my take on it is that if you put a whole bunch of deny statements on your inbound access-list then the router has to parse through each and every rule before it finally matches a rule that's just going to deny that traffic anyway. This can cause performance issues. Everyone will have their preference, you will find out over time which one works for you.

For general security settings, there are a lot of things you can do but may be limited to the IOS version on this router.

Here is a Cisco document on the subject of securing your router:

»www.cisco.com/en/US/tech/tk648/t···48.shtml
to forum · permalink · · 2008-05-17 21:09:40 · Reply to this
-
Forums » Equipment Support » Hardware By Brand » CiscoCisco 7921 stuck in "headset mode" »
« Errors after IOS upgrade  

Saturday, 30-Aug 07:14:26 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 9 years online! © 1999-2008 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [333] Comcast 250GB Cap Goes Live October 1
· [223] FBI To Allow Warrantless Investigations
· [159] Industry Reacts To Comcast Cap Plans
· [130] AT&T Thanks Democrats For Telecom Immunity
· [123] Time Warner Cable Cripples TiVO, Gets FCC Fine
· [120] Why Run FTTH When You Can Pretend You Do?
· [73] Friday Open Thread
· [67] Telus CAPS 'Unlimited' EVDO Data Plans
· [65] Game Publishers Follow The RIAA's Lead
· [60] Qwest Defends Not Running FTTH
Most people now reading
· Bandwidth Monitor for Computers-Suggestions? [Comcast HSI]
· If anyone wants to see pictures [Home Repair & Improvement]
· [iPhone] Did I Buy A Fake iPhone? [All things Macintosh]
· Comcast has new Acceptable Use Policy besides the 250GB cap [Comcast HSI]
· Going to Wire My House for CAT5e [Home Repair & Improvement]
· [POLL] Do you agree with Comcast's new AUP ? [Comcast HSI]
· These Ducks Quack !!! [Wireless Networking]
· Battlegrounds Auto-queue, Auto-Join Add-ons [World of Warcraft]
· Convince me on which Anti-Virus [Security]