Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1120
Views
10
Helpful
11
Replies

How Secure are we ???

Go to solution
Kuldeep singh
Level 1
Level 1

‎01-08-2013 04:43 AM - edited ‎03-04-2019 06:37 PM

Hello Experts,

One Question spinning in my mind from beginning.

I am administrating whole windows Systems and Network

devices ( router, Switch, Proxy Server, ASA Firewall) and uses

tools like Ethereal, Solarwind, Opmanager, etc) from last 5 years.

If i talk about Windows servers or application, then I know that

i am safe because i am using 128 bit SSL certificates, bcoz

it provide encryption.

But if i talk about Network / WAN / Unauthorised user from Outside,

How do I know that I am safe. How can i check through Cisco Router

or ASA firewall or else that Somebody else trying to hack or access

my network from outside. Plz explain with commands or best examples.

is there any need to buy other devices like IDS / IPS or

IT Security tools, if any, then plz suggest me tool and

also tell me that how can we check unauthorised activity

through tool ?

KS

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
John Blakley
VIP Alumni
VIP Alumni
In response to Kuldeep singh

‎02-28-2013 04:36 AM

Kuldeep,

I'm not sure what you're expecting to gain from this discussion, but some answers have already been provided. I'll throw in my suggestions in hopes that it helps. As you said in your OP, you feel "safe" because you're using ssl. In reality, any software isn't safe and there are vulnerabilities out there for MITM attacks if someone can spoof a certificate. In reality, there's nothing that's safe per se. Defense-in-depth is the only way to protect yourself better than just a "here and there" approach. Your whole security model needs to start from the top down. As far as your network equipment goes, unless you're planning on putting an IDS/IPS in front of your router (which some people do) you won't catch people trying to compromise your routers, firewalls, etc. You should have your router and firewall logging to syslog servers all login attempts. Unfortunately, when you have equipment directly on the internet like routers and firewalls, there is absolutely nothing that will keep you from being attacked. It's going to happen and the more popular the site, the more attacks that you're going to have.

From a basic standpoint, if you really want to be secure, don't enable any lines on the outside interfaces of your routers. Have all login requests sent to a radius server so you can log those requests. If you're offering services, such as Web, make sure that you software on the server is patched. A lot of people think that they're "secure" because they have a firewall but what they don't remember is the port still has to be open for the service to be accessible which means your server is now the point of attack and not your firewall. Lock down your firewalls and routers to only a certain address that can manage it. In other words, if you have a workstation in a data center and 2 admins have access to it, lock down your routers/firewalls to only be managed by that workstation and no where else. Configure control plane policing for your routers to help with ddos attacks that could be directed at your router.

There is no magic bullet that anyone on this board can tell you. It all depends on the amount of experience that you have in securing your network, but in reality it also depends on the type of industry you're in. If you're in the banking or healthcare industry, in the US we have legislations that we have to abide by and they (SOX, HIPAA, GLBA) tell the company what security requirements need to be in place. If you're a small, privately-owned video store, then obviously you don't need to lock your site down according to CIA guidelines. Take security seriously, but also make sure that it makes sense.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

View solution in original post

11 Replies 11

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame

‎01-08-2013 06:30 AM

For starter, take a look at this URL for hardening your device

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml

After doing so, we can continue on available options for traffic monitoring, logging features and security in general.

Regards,

0 Helpful

Go to solution
Kuldeep singh
Level 1
Level 1
In response to Edison Ortiz

‎01-08-2013 07:35 AM

Hi Edison

Here i am talking about only for Monitoring........

How can we check or monitor unauthorised

person or ip address doing vulnerability

activity (spoofing, hacking, cracking) from outside ?

FYI, I do not have any kind of Configuration like

AAA, TACAS+, Radius,etc as given in URL

referred by you.  How can trace or Monitor

unauthorised person or ip without using these

configuration or is it necessary to configure???

If i am buying such kind of security devices then

so i should know how it protects......

KS

0 Helpful

Go to solution
danielciscoswart
Level 1
Level 1
In response to Kuldeep singh

‎01-08-2013 11:16 PM

You need "Manage Engine Firewall Analyzer" for what you want to do.

HTH

Daniel

0 Helpful

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame
In response to Kuldeep singh

‎01-09-2013 05:53 AM

It's necessary to configure those services (you need to add IOS Intrusion Prevention System, as well).

For monitoring, the ASA offers a nice GUI interface while Cisco IOS routers, you will need to get familiar with the command line interface unless you purchase some 3rd party GUI tool where logs are sent to for monitoring purposes.

0 Helpful

Go to solution
Milan Rai
Level 1
Level 1
In response to Edison Ortiz

‎01-10-2013 02:13 AM

Hey Kuldeep

At first i am not professional .............n not a member tooo.....but just want so share my knowledge with you......if you dont mind....

There are lots of option on this part....as u are focusing on monitoring the inbound n oubound......connection.....one of the best option could be TMG ( microsoft)....where you need to created the policy which will let you know from which ip what services is being used........If any IP is seems to be doing nasty things then it can be completely blocked.........

You can have a rule set created for this purpose....what set of IP can access what resources inside the network.......

Like that another option would be the Checkpoint (firewall) which have all kinds of monitoring tools inside it.......

Just want to share my ideas if you dont like it then plz ignore it....

Thank You

0 Helpful

Go to solution
Kuldeep singh
Level 1
Level 1

‎02-28-2013 03:16 AM

Hello Experts,

Still have not found a justified answer

0 Helpful

Go to solution
John Blakley
VIP Alumni
VIP Alumni
In response to Kuldeep singh

‎02-28-2013 04:36 AM

Kuldeep,

I'm not sure what you're expecting to gain from this discussion, but some answers have already been provided. I'll throw in my suggestions in hopes that it helps. As you said in your OP, you feel "safe" because you're using ssl. In reality, any software isn't safe and there are vulnerabilities out there for MITM attacks if someone can spoof a certificate. In reality, there's nothing that's safe per se. Defense-in-depth is the only way to protect yourself better than just a "here and there" approach. Your whole security model needs to start from the top down. As far as your network equipment goes, unless you're planning on putting an IDS/IPS in front of your router (which some people do) you won't catch people trying to compromise your routers, firewalls, etc. You should have your router and firewall logging to syslog servers all login attempts. Unfortunately, when you have equipment directly on the internet like routers and firewalls, there is absolutely nothing that will keep you from being attacked. It's going to happen and the more popular the site, the more attacks that you're going to have.

From a basic standpoint, if you really want to be secure, don't enable any lines on the outside interfaces of your routers. Have all login requests sent to a radius server so you can log those requests. If you're offering services, such as Web, make sure that you software on the server is patched. A lot of people think that they're "secure" because they have a firewall but what they don't remember is the port still has to be open for the service to be accessible which means your server is now the point of attack and not your firewall. Lock down your firewalls and routers to only a certain address that can manage it. In other words, if you have a workstation in a data center and 2 admins have access to it, lock down your routers/firewalls to only be managed by that workstation and no where else. Configure control plane policing for your routers to help with ddos attacks that could be directed at your router.

There is no magic bullet that anyone on this board can tell you. It all depends on the amount of experience that you have in securing your network, but in reality it also depends on the type of industry you're in. If you're in the banking or healthcare industry, in the US we have legislations that we have to abide by and they (SOX, HIPAA, GLBA) tell the company what security requirements need to be in place. If you're a small, privately-owned video store, then obviously you don't need to lock your site down according to CIA guidelines. Take security seriously, but also make sure that it makes sense.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

Go to solution
johnlloyd_13
Level 9
Level 9
In response to John Blakley

‎02-28-2013 05:18 AM

Amen John B!!! +5

Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
John Blakley
VIP Alumni
VIP Alumni
In response to johnlloyd_13

‎02-28-2013 06:40 AM

Thanks John

HTH, John *** Please rate all useful posts ***
0 Helpful

Go to solution
Kuldeep singh
Level 1
Level 1
In response to John Blakley

‎02-28-2013 08:19 AM

Hi John,

Thanks for appreciated reply...

KS

0 Helpful

Go to solution
paul driver
VIP
VIP

‎02-28-2013 01:43 PM

Hello John,

Very nice explaination!

res

Paul

Please don't forget to rate this post if it has been helpful.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card