RE: Protecting PIX Firewall at the Perimeter Router

["Gordon Brandt" <gbrandt () apwagner com>]

Cisco has some very good documents on their site regarding the basic
security configurations for routers.  I do not, unfortunately, have the URL.
That being said, there are a few things that you may want to place on your
router
1.  Block incoming traffic originating at RFC1918 private addresses.  There
is no reason why these should be coming into your network other than to
spoof.
2.  Block inbound traffic such as SNMP unless you actually want this coming
in from the internet

Those are the two things that I remember most clearly as the best
suggestions for gateway routers

Hope it helps

Gordon Brandt
Network Engineer
AP Wagner Inc.
2205 George Urban Blvd.
Depew, NY  14043
Work: (716) 961-7119
Fax:    (716) 856-4779
http://www.apwagner.com



> -----Original Message-----
> From: Naman Latif [mailto:naman.latif () inamed com]
> Sent: Monday, November 04, 2002 8:47 PM
> To: security-basics () security-focus com
> Subject: Protecting PIX Firewall at the Perimeter Router
>
>
> Hi All,
>
> I wanted some suggestions\practical experiences for protecting a
> Firewall wall at the Perimeter Router Level.
>
> We have a PIX Firewall connected to our Cisco Router, which
> is connected
> to the Internet. Should there be any IOS Firewall Rules in the Router,
> other than blocking Telnet,FTP etc to the Firewall itself ?
>
> PIX will be doing NAT, protecting DMZ machines, and IPSec connections.
>
> Regards \\ Naman