[135285] in North American Network Operators' Group
RE: Securing Border Routers
daemon@ATHENA.MIT.EDU (Welch, Bryan)
Wed Jan 19 19:39:34 2011
From: "Welch, Bryan" <Bryan.Welch@arrisi.com>
To: nanog group <nanog@nanog.org>
Date: Wed, 19 Jan 2011 16:38:43 -0800
In-Reply-To: <BLU158-w13F6A3CA3CEC3895852E48DCF90@phx.gbl>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I ALWAYS start with the CYMRU secure bgp templates, found here:
http://www.team-cymru.org/ReadingRoom/Templates/secure-bgp-template.html
I personally would not recommend a firewall in front of your router, suffic=
ient ACL'ing should be enough for securing the router itself.
Bryan
-----Original Message-----
From: Brandon Kim [mailto:brandon.kim@brandontek.com]=20
Sent: Wednesday, January 19, 2011 4:36 PM
To: nanog group
Subject: Securing Border Routers
Gents:
What measures do you take to protect your border routers? Our routers are r=
unning BGP so I'm interested if there is any way to secure them without int=
erfering with BGP? Is it normal to put a firewall in front of the border ro=
uters?
I'm concerned about DDOS attacks mainly....although we haven't had any, I d=
on't welcome them.....
Brandon
=20
