Securing external connections via internal Cisco Routers

This Content Component encountered an error
My company would like to connect two external "untrusted" third parties to our internal network via Cisco routers. Although there are plans to restrict the ports, the protocols and use ACLs (Access Control Lists) to limit traffic to the minimal number of IP addresses, I am not comfortable with this setup. Do you think this is a bad idea? Or am I being overly cautious?
I understand and share your concerns. Simple ACLs (Access Control Lists) are not enough to handle traffic from an untrusted network, in my opinion. Make sure they are at least using stateful packet filtering, such as that available in the firewall feature set for IOS. Also, given that the networks are untrusted, I'd enhance the detection capabilities beyond the router's function by deploying network-based intrusion detection capabilities on the border network. Use a solid commercial IDS or even the free Snort tool to monitor for attacks. Using the firewall feature set, and a low-cost or free IDS can significantly help improve the security of your proposed set-up at minimal additional cost.
  • Best Web Links: Infrastructure and network security
  • On-demand webcast: IDS vs. IPS: Which is better?
  • Hacking through the firewall myth
  • This was first published in November 2003

    Dig deeper on Network Firewalls, Routers and Switches



    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.



    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: