Re: router recommendation?

From: Noah (noah_at_ieee.org)
Date: 05/08/04

  • Next message: Masroor Ehsan: "How to decode Yahoo Messenger saved password?"
    To: "Murad Talukdar" <talukdar_m@subway.com>, <security-basics@lists.securityfocus.com>
    Date: Sat, 8 May 2004 09:09:19 -0600
    
    

    The Cisco IOS software will do what you want. The type of router doesn't
    matter much for what you want, just make sure you have enough memory to
    upgrade to future "T" releases if you want the newest features...

    >Two major things I need to be able to do on the WAN port of the new router
    for monitoring and security is lock the port at >full duplex and 10M

    interface mode) duplex full
    interface mode) speed 10

    > and also I need to be able to respond to ICMP requests but want to limit
    it to only the monitoring servers of our ISP.

    #to allow ping
    global config mode) access-list 101 permit icmp (ip address of ISP
    monitoring servers) (inverse mask of ISP monitoring server's network) eq
    echo
    #to allow ping reply
    global config mode) access-list 101 permit icmp (ip address of ISP
    monitoring servers) (inverse mask of ISP monitoring server's network) eq
    echo-reply
    #deny everything else
    global config mode) access-list 101 deny ip any any

    #apply to interface
    interface mode) ip access-group 101 out

    > I'm looking at a Cisco 1721 with the latest 1700 IOS.
    > Am I looking at the right one? Our network isn't huge and doesn't require
    anything too major.

    If you say that the 1721 will meet your capacity needs, it will do.

    > Thanks
    > Murad Talukdar

    Noah
    CCIE #12652

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------


  • Next message: Masroor Ehsan: "How to decode Yahoo Messenger saved password?"