Re: Router Packet Filtering and Firewalls
From: Sean Smith (shmelty@yahoo.com)
Date: 01/30/03
- Previous message: Jeff Walzer: "Cisco PIX ip audit command"
- In reply to: Geoff Shatz: "Router Packet Filtering and Firewalls"
- Next in thread: Mark Reardon: "Re: Router Packet Filtering and Firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 Jan 2003 12:44:12 -0800 (PST) From: Sean Smith <shmelty@yahoo.com> To: security-basics@securityfocus.com
As far as the ISP being lazy... Even though they say
the service offered you is a managed router, in realty
all it is is setting up the routing and making sure
that it functions. As far as security, they like to
charge extra for the security management. What you had
before was a screened host setup and that is a nice
security scheme. You could go one further and put
another screening router behind your firewall and
create a screened subnet. You lucky you got them to
configre any filters for you. I asked AT&T to do that
for me, but they wanted another $400/month for each
router.
sean
--- Geoff Shatz <geoff.shatz@pchelps.com> wrote:
>
>
> I am trying to confirm my thoughts regarding the use
> of router packet
> filtering in addition to having a firewall behind
> the router but first a
> little background...
>
> Years ago when we first connected our firm to the
> Internet we did not have
> a firewall but used packet filtering on the router
> to protect our
> perimeter.
>
> As time progressed and security became a much
> greater issue for everyone
> in IT we moved forward an installed a firewall
> between our router and the
> LAN. I was managing our router at that time and kept
> the initial packet
> filters in place as I figured two layers of security
> were better than one.
>
> A few years ago we were forced to switch ISP's and
> our new ISP managed the
> router they supplied to us. They supplied the router
> with no ACL's applied
> to either interface which as I understand it with
> Cisco IOS creates an
> implicit permit for both inbound and outbound.
>
> After contacting technical support I was told none
> of their customers use
> packet filtering at the router level and that's what
> a firewall was for.
> I had a small battle with them but they finally
> relented and configured
> the router the way I asked them to.
>
> We just had a second circuit installed and I had to
> go through the same
> routine with them and the end result was the same.
>
> Am I missing something here? Is it not better to
> have both packet
> filtering applied on the router and a firewall
> behind it? Is there
> something inherently wrong with this or is this just
> a case of our ISP not
> really giving a damn about security and on top of it
> being lazy? Any
> comments would be appreciated.
>
> -Geoff
>
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
- Next message: David Gillett: "RE: Sniffing in switched network"
- Previous message: Jeff Walzer: "Cisco PIX ip audit command"
- In reply to: Geoff Shatz: "Router Packet Filtering and Firewalls"
- Next in thread: Mark Reardon: "Re: Router Packet Filtering and Firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
