[135287] in North American Network Operators' Group
RE: Securing Border Routers
daemon@ATHENA.MIT.EDU (Brandon Kim)
Wed Jan 19 20:38:44 2011
From: Brandon Kim <brandon.kim@brandontek.com>
To: <bryan.welch@arrisi.com>, nanog group <nanog@nanog.org>
Date: Wed, 19 Jan 2011 20:38:39 -0500
In-Reply-To: <DFA5AECDEC85EE4087D45C463C19B375134D703DE1@KWAEXMAIL1.ARRS.ARRISI.COM>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
What an insightful link! Thank you=2C I am reading it now.....
> From: Bryan.Welch@arrisi.com
> To: nanog@nanog.org
> Date: Wed=2C 19 Jan 2011 16:38:43 -0800
> Subject: RE: Securing Border Routers
>=20
> I ALWAYS start with the CYMRU secure bgp templates=2C found here:
> http://www.team-cymru.org/ReadingRoom/Templates/secure-bgp-template.html
>=20
> I personally would not recommend a firewall in front of your router=2C su=
fficient ACL'ing should be enough for securing the router itself.
>=20
>=20
> Bryan
>=20
> -----Original Message-----
> From: Brandon Kim [mailto:brandon.kim@brandontek.com]=20
> Sent: Wednesday=2C January 19=2C 2011 4:36 PM
> To: nanog group
> Subject: Securing Border Routers
>=20
>=20
> Gents:
>=20
> What measures do you take to protect your border routers? Our routers are=
running BGP so I'm interested if there is any way to secure them without i=
nterfering with BGP? Is it normal to put a firewall in front of the border =
routers?
>=20
> I'm concerned about DDOS attacks mainly....although we haven't had any=2C=
I don't welcome them.....
>=20
> Brandon
>=20
>=20
>=20
>=20
> =20
>=20
=
