I understand and share your concerns. Simple ACLs (Access Control Lists) are not enough to handle traffic from an untrusted network, in my opinion. Make sure they are at least using stateful packet filtering, such as that available in the firewall feature set for IOS. Also, given that the networks are untrusted, I'd enhance the detection capabilities beyond the router's function by deploying network-based intrusion detection capabilities on the border network. Use a solid commercial IDS or even the free Snort tool to monitor for attacks. Using the firewall feature set, and a low-cost or free IDS can significantly help improve the security of your proposed set-up at minimal additional cost.
Dig deeper on Network Firewalls, Routers and Switches
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.