Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4922
Views
3
Helpful
4
Replies

Best Pratice - Protecting your Core Router

JohnTylerPearce
Level 7
Level 7

‎06-18-2012 09:56 AM - edited ‎03-03-2019 06:38 AM

What is the best practice for protecting your Internet Edge router? Is it best practice to put a firewall in front of your router, or just have the

router in front, and it's only job is to route. As far as attacks go, if it's on a public addressable network, it doesn't matter what device it is,

it can get attacked theortically.                  

Labels:
0 Helpful
4 Replies 4

smehrnia
Level 7
Level 7

‎06-18-2012 07:52 PM

Hi,

on the public edge, attacks occure, the question is when it happenes how to deal with them.

On your device you have 3 area's to look after: Data Plane, Control Plane and Management plane. within each area you can limit the input / output traffic's src and dst to ur trusted ones. although you can take some protection measures for known attacks and worms, if there is any special attacks u r facing, u have to identify and avoid them with the tools available: NetFlow, ACL, uRPF, IP Source Tracker, QoS, RTBH, CoPP, etc.

of course some ppl pay tons of money for dynamic protection solutions, and some go on their own

plz Rate if it helped.

Soroush.



Hope it Helps!

Soroush.

JohnTylerPearce
Level 7
Level 7
In response to smehrnia

‎06-19-2012 05:18 AM

Thanks for your advise soro.

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎06-19-2012 09:57 AM

Disclaimer

The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

As far as attacks go, if it's on a public addressable network, it doesn't matter what device it is,
it can get attacked theortically.                  

"... it doesn't matter ...", yes and no.  Firewalls generally default to blocking everything, you need to open them up for selected traffic.  "Normal" network routers generally default to allow everything, you need lock them down.

"Best practice" is generally using a firewall to protect your Internet edge as that's what the device is designed for.  However, a properly hardened router gains little benefit by being protected by a firewall but the firewall can better protect the rest of your interior network.  So, if you're going to have a firewall for the latter reason, it can make sense, if possible and practical, to also protect your Internet edge router too.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card