Ask the Expert

Securing external connections via internal Cisco Routers

My company would like to connect two external "untrusted" third parties to our internal network via Cisco routers. Although there are plans to restrict the ports, the protocols and use ACLs (Access Control Lists) to limit traffic to the minimal number of IP addresses, I am not comfortable with this setup. Do you think this is a bad idea? Or am I being overly cautious?

    Requires Free Membership to View

I understand and share your concerns. Simple ACLs (Access Control Lists) are not enough to handle traffic from an untrusted network, in my opinion. Make sure they are at least using stateful packet filtering, such as that available in the firewall feature set for IOS. Also, given that the networks are untrusted, I'd enhance the detection capabilities beyond the router's function by deploying network-based intrusion detection capabilities on the border network. Use a solid commercial IDS or even the free Snort tool to monitor for attacks. Using the firewall feature set, and a low-cost or free IDS can significantly help improve the security of your proposed set-up at minimal additional cost.
  • Best Web Links: Infrastructure and network security
  • On-demand webcast: IDS vs. IPS: Which is better?
  • Hacking through the firewall myth

    This was first published in November 2003

  • There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: