03-17-2023 04:07 AM
Hello. If I check my static external IP address on https://www.yougetsignal.com/tools/open-ports/
It says that port 22 is open on it.
ISP is plugged to my Cisco 2901.
How do I make sure the port 22 (SSH) is not open to public?
I tried following suggestions I found on other discussions here but couldn't succeed. I'm not an expert at all here.
Could someone please assist?
03-17-2023 09:31 AM
Completely agreed. It seems like getting an ACL with this will be the bare minimum to prevent the SSH port (and who knows what others) accessible from the internet. This is the link to the general Cisco IOS hardening guidelines which can provide some more comprehensive guidelines. https://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html
03-17-2023 10:09 AM
Nice!
One way to approach, what I was suggesting, in your reference is here.
The document's suggestion is more generic in its ACEs and application, but same concept, i.e. "Infrastructure ACLs leverage the idea that nearly all network traffic traverses the network and is not destined to the network itself.", which is often especially true when traffic is sourced from the Internet.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide