[135288] in North American Network Operators' Group
Re: Securing Border Routers
daemon@ATHENA.MIT.EDU (jim deleskie)
Wed Jan 19 21:04:10 2011
In-Reply-To: <BLU158-w57A22B157DAF65737032D8DCF90@phx.gbl>
Date: Wed, 19 Jan 2011 22:04:05 -0400
From: jim deleskie <deleskie@gmail.com>
To: Brandon Kim <brandon.kim@brandontek.com>
Cc: nanog group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Never put a firewall in front of a router, it will die first. The team
CYMRU stuff is great make sure you have ACL's on your VTY and allow access
only from trusted internal IPs. I also like using non world routable space
on any interface I can.
On Wed, Jan 19, 2011 at 9:38 PM, Brandon Kim <brandon.kim@brandontek.com>wrote:
>
>
>
> What an insightful link! Thank you, I am reading it now.....
>
>
>
>
> > From: Bryan.Welch@arrisi.com
> > To: nanog@nanog.org
> > Date: Wed, 19 Jan 2011 16:38:43 -0800
> > Subject: RE: Securing Border Routers
> >
> > I ALWAYS start with the CYMRU secure bgp templates, found here:
> > http://www.team-cymru.org/ReadingRoom/Templates/secure-bgp-template.html
> >
> > I personally would not recommend a firewall in front of your router,
> sufficient ACL'ing should be enough for securing the router itself.
> >
> >
> > Bryan
> >
> > -----Original Message-----
> > From: Brandon Kim [mailto:brandon.kim@brandontek.com]
> > Sent: Wednesday, January 19, 2011 4:36 PM
> > To: nanog group
> > Subject: Securing Border Routers
> >
> >
> > Gents:
> >
> > What measures do you take to protect your border routers? Our routers are
> running BGP so I'm interested if there is any way to secure them without
> interfering with BGP? Is it normal to put a firewall in front of the border
> routers?
> >
> > I'm concerned about DDOS attacks mainly....although we haven't had any, I
> don't welcome them.....
> >
> > Brandon
> >
> >
> >
> >
> >
> >
>
>
