Problem solve Get help with specific problems with your technologies, process and projects.

Securing external connections via internal Cisco Routers

My company would like to connect two external "untrusted" third parties to our internal network via Cisco routers. Although there are plans to restrict the ports, the protocols and use ACLs (Access Control Lists) to limit traffic to the minimal number of IP addresses, I am not comfortable with this setup. Do you think this is a bad idea? Or am I being overly cautious?
I understand and share your concerns. Simple ACLs (Access Control Lists) are not enough to handle traffic from an untrusted network, in my opinion. Make sure they are at least using stateful packet filtering, such as that available in the firewall feature set for IOS. Also, given that the networks are untrusted, I'd enhance the detection capabilities beyond the router's function by deploying network-based intrusion detection capabilities on the border network. Use a solid commercial IDS or even the free Snort tool to monitor for attacks. Using the firewall feature set, and a low-cost or free IDS can significantly help improve the security of your proposed set-up at minimal additional cost.
  • Best Web Links: Infrastructure and network security
  • On-demand webcast: IDS vs. IPS: Which is better?
  • Hacking through the firewall myth
  • This was last published in November 2003

    Dig Deeper on Network device security: Appliances, firewalls and switches

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.