Re: Protecting PIX Firewall at the Perimeter Router

From: rsavage@nandomedia.com
Date: 11/05/02


Date: Tue, 5 Nov 2002 13:42:19 -0500 (EST)
From: <rsavage@nandomedia.com>
To: Naman Latif <naman.latif@inamed.com>

Yes, snmp for one. Then you might consider services you don't/won't ever
need to be seen from the internet (like sun rpc services, any type of
network back services, application service ports, etc.)

If you only need something like port 80 open, then map out a way to only
allow that port opened. You can also build ACLs for other remote networks
to limit who accesses what.

I really can't give you more info since I am not sure what your network
setup is like.

-Rory

On Mon, 4 Nov 2002, Naman Latif wrote:

> Hi All,
>
> I wanted some suggestions\practical experiences for protecting a
> Firewall wall at the Perimeter Router Level.
>
> We have a PIX Firewall connected to our Cisco Router, which is connected
> to the Internet. Should there be any IOS Firewall Rules in the Router,
> other than blocking Telnet,FTP etc to the Firewall itself ?
>
> PIX will be doing NAT, protecting DMZ machines, and IPSec connections.
>
> Regards \\ Naman
>



Relevant Pages

  • RE: can ping but not browse
    ... I have stopped the firewall. ... # are safed from all (security) hazards. ... firewall/bastion host to the internet ... # internet and to an internal network, ...
    (Fedora)
  • Re: Using a Linksys router, should I also use Zonealarm?
    ... public internet to access corporate network. ... In the "old days" when people used to use Dial-In instead of VPN you ware ... protected by corporate Firewall -- since there was no public Internet ...
    (microsoft.public.security)
  • RE: Hidden Ports
    ... this is done by the firewalls to prevent authenticated files from being replaced by trojans and connecting to the internet. ... kerio firewall ... or a program that already had network access attempted to ... > Depending on the Access setting for a component, ZoneAlarm Pro ...
    (Security-Basics)
  • Re: [fw-wiz] NAT Pseudo Security
    ... for protection from the Internet. ... if network A is connecting ... It only protects from connections originated from outside world. ... firewall with deep packet inspection. ...
    (Firewall-Wizards)
  • Re: Entire Network
    ... Internet access is different and just because a firewall isn't ... Second, if it isn't the firewall, then often it is a case of the system ... any way a network guru. ... > The network connection works just fine from both computers for internet ...
    (microsoft.public.windowsxp.basics)