[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Securing Border Routers
Using non-world routable space on interfaces makes for difficulties in some
situations with PMTU-D and with troubleshooting (useless information in
traceroutes for example).
Owen
On Jan 19, 2011, at 6:04 PM, jim deleskie wrote:
> Never put a firewall in front of a router, it will die first. The team
> CYMRU stuff is great make sure you have ACL's on your VTY and allow access
> only from trusted internal IPs. I also like using non world routable space
> on any interface I can.
>
>
> On Wed, Jan 19, 2011 at 9:38 PM, Brandon Kim <brandon.kim at brandontek.com>wrote:
>
>>
>>
>>
>> What an insightful link! Thank you, I am reading it now.....
>>
>>
>>
>>
>>> From: Bryan.Welch at arrisi.com
>>> To: nanog at nanog.org
>>> Date: Wed, 19 Jan 2011 16:38:43 -0800
>>> Subject: RE: Securing Border Routers
>>>
>>> I ALWAYS start with the CYMRU secure bgp templates, found here:
>>> http://www.team-cymru.org/ReadingRoom/Templates/secure-bgp-template.html
>>>
>>> I personally would not recommend a firewall in front of your router,
>> sufficient ACL'ing should be enough for securing the router itself.
>>>
>>>
>>> Bryan
>>>
>>> -----Original Message-----
>>> From: Brandon Kim [mailto:brandon.kim at brandontek.com]
>>> Sent: Wednesday, January 19, 2011 4:36 PM
>>> To: nanog group
>>> Subject: Securing Border Routers
>>>
>>>
>>> Gents:
>>>
>>> What measures do you take to protect your border routers? Our routers are
>> running BGP so I'm interested if there is any way to secure them without
>> interfering with BGP? Is it normal to put a firewall in front of the border
>> routers?
>>>
>>> I'm concerned about DDOS attacks mainly....although we haven't had any, I
>> don't welcome them.....
>>>
>>> Brandon
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>