[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firewalling

For one, if you are planning on firewalling the router, your firewall
becomes your router.

You are going to have to have some type of WAN interface installed on your
firewall in order to even have your network work.

Secondly, you should be able to secure a cisco router from remote attack.
You cant prevent DOS attacks, but you cant do that even with a firewall.

Thirdly, you should be able to put strict access lists into your cisco
router to pretty much keep the honest people honest.

Finally, you should be able to put some type of firewall behind the router
and in front of your LAN. Keep in mind however, that a firewall is not a
magic wall that will keep you safe from harm. It's still very easy for
some user on the secure side to run a program and become a back door and
pipeline for a hacker on the outside to wreak havoc on all the computers
on the inside.

It sounds to me like you have alot of research to do before you should
attepmt this type of install, or perhaps hire some consultant.

On Wed, 29 Mar 2000, Kevin wrote:

>I'm not really sure if I should post this to the isp list or this one, but
>anyway.  I work for a fairly small isp and the management told me they want
>me to put some sort of firewall in front of the router.  Actually their
>first idea was a firewall in front of the router, then one behind the
>router, then to the servers.  I'm curious what kind of effect having a
>firewalled router will have on the dialup customers as well as certain
>servers like a shell provider.  Also what would I firewall from the router.
>I don't want to really restrict any ports for end dialup users as I've had
>personal experience with this, and it can be a pain.  Any ideas, comments,
>or short poems about how great I am would be greatly appreciated.
>To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
>with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  _    __   _____      __   _________      
______________  /_______ ___  ____  /______  John Gonzalez/Net.Tech
__  __ \ __ \  __/_  __ `__ \/ __  /_  ___/ MDC Computers/netMDC!
_  / / / `__/ /_  / / / / / / /_/ / / /__ (505)437-7600/fax-437-3052
/_/ /_/\___/\__/ /_/ /_/ /_/\__,_/  \___/ http://www.netmdc.com
[---------------------------------------------[system info]-----------]
  8:25pm  up 65 days,  4:22,  4 users,  load average: 0.09, 0.16, 0.25

Reply to: