Re: Secure network question???

Thank you Scott for your answer. I did a little checking on ebay and found
that a PIX 501 is something that I can afford, Sorry, I was thinking back a
few years ago when a PIX 515 was in the thousands of dollars range used and
never heard of a 501 (limited exposure to some cisco products not installed
in my department). I will add it to my 2620 and also get a managed switch
(2912,26,24) so I can do the VLAN plan. I just heard of a local store who
got the new improved D-Link router/firewall and will try to get him to let
me look at the config. and program my store with that same info.. Although,
I still have to program it all and I have never touched a PIX before or
programed a Cisco router for B-ISDN so you will still hear from me in the
next few months. In your reply you talked about ""reflexive" ACL's", I don't
remember reading about them, old CCNA exam just concentrated on
basic/extended ACL's, is this something I should study up on or is it
something that the PIX will take care of for me or do I even need to worry
about them? Forgive me for sounding ignorant but, since I left the
data/teleco. world a couple of years ago, I seldom get a chance to talk
tech. and a lot fades and times have changed quickly - kind of miss it.
Kind of makes me think, experience dosen't last long in this industry!
Chris

"thrill5" <nospam@xxxxxxxxxxx> wrote in message
news:D5idnTiGhYUlKKTZRVn-vw@xxxxxxxxxxxxxx
Securing a network is very complicated business, and using ACL's instead
of a firewall is not a very good idea unless you are very well versed in
security and have a sound knowledge of reflexive ACL's. A router is not a
firewall, and so configuring one to be a firewall is like trying to fit a
square peg in a round hole. Yes you can do it, but not the right tool for
the job. A PIX is a firewall and so it is can be easily configured to
work as one., and consequently a PIX is not a router, so you would not use
one to do the function of a router. I would leave the security to the
"guru".

Scott
"clubfoot" <clubfoot@xxxxxxxxxxx> wrote in message
news:4438b94b$1_3@xxxxxxxxxxxxxxxxxxxxx
Hi all. I own a shipping store and we have one computer that we rent
computer time on with web access, 2 point-of-sale and 1 accounting
system. The franchise co. office has just informed us that they have a
new "high security router" programed for thighter security than the
simple off the shelf D-Link that they used to provide us with. The new
router is a D-Link "advanced security and firewall" programed by a
"network security guru." I think I can do a better job with a Cisco
system. I got my CCNA 5 years ago and know a little (just enough to pass
the old CCNA exam) about cisco routers and switches. I would like to
program a 2620 with a 2924 or 2912 to get greater security and provide 3
VLANs for my network. The rental computer is connected via network to our
copy machine and I would like to keep them separate from our
point-of-sale systems and that all separate from our back room accounting
system. The "guru's" won't tell me anything about how they programed the
new router, I guess that would hurt there bottom line. I don't have
enough to get a PIX so I would like to do what I can in the 2620 and the
switch. My question is this, what would be my best plan of attack? I'm
thinking about creating a large ACL to block any ports that I won't need,
however, I don't yet know what ports that would be. I ship UPS, FedEx,
DHL and US Postal and I still have to allow for common access from the
rental computer, and know that some of these shipers use some strange
ports that there software uses - I'm still trying to find out what those
ports are. Oh, plus we are going to on-line credit card processing and
will be adding on-line system backups. Would an ACL blocking ports and
some known nasty IP ranges be a sufficient enogh way to provide security
better than a piece-O-$H1T D-Link and keep a virus or hack-attack on one
system from getting to the others? And, if so, does anyone know what
ports UPS, FedEx, DHL, US Postal, online credit card processing and
common computer rental ports are used so I can allow them in the ACL?
Also, if it makes any difference, we are using ISDN-BRI, yes I know I'm
almost the last person on earth to use BRI but I can't get anything else
in this brand new development, so I have to figure out how to program
that also.
Thanks in advance for any help you can give me!
Chris





.

Relevant Pages

  • Re: Downloadig patch...3 hours and not even close to being done
    ... >> If you are using a firewall, you will need to ensure that ports 6112, ... If you are using a router, ... Software firewalls = false security, ... Average users can just wait the time it takes, ...
    (alt.games.warcraft)
  • [NEWS] 3Com OfficeConnect Remote 812 ADSL router exposes internal LAN computers ports
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The 3Com 812 is a widely-deployed router, found in many ISPs ADSL lines. ... where inbound packets destined to specific ports can be routed to specific ... ADSL line by providing a default gateway for internet access. ...
    (Securiteam)
  • RE: Would you pay more ...
    ... modem as a preferred option. ... the router could be ... pre-configured to limit the ports passed through, ... If you wish to have more security, a firewall is of course the ...
    (Security-Basics)
  • Re: Secure network question???
    ... firewall, and so configuring one to be a firewall is like trying to fit a ... as one., and consequently a PIX is not a router, so you would not use one to ... I would leave the security to the "guru". ... that I won't need, however, I don't yet know what ports that would be. ...
    (comp.dcom.sys.cisco)
  • RE: Border router security configuration
    ... particular ports and small server dameon on the router. ... Better Management for Network Security ...
    (Security-Basics)