[25169] in North American Network Operators' Group
Re: your mail
daemon@ATHENA.MIT.EDU (Alex P. Rudnev)
Wed Sep 22 06:46:54 1999
Date: Wed, 22 Sep 1999 14:37:46 +0400 (MSD)
From: "Alex P. Rudnev" <alex@Relcom.EU.net>
To: Gerry McDonald <gerry@injectronics.com>
Cc: nanog@merit.edu
In-Reply-To: <199909211528.LAA25105@ligarius-fe0.ultra.net>
Message-ID: <Pine.SUN.3.91.990922143220.25341J-100000@virgin.relcom.eu.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
Get IOS FireWall Feauture set, router with the 2 LAN and 2 WAN
interfaces, and say _get away_ to the hw vendors.
No doubt, it's possible to enter into IOS if you did not installed access
lists on the VTY, keep working some extra services (such as router-based
WWW) or so on; but it do not depend of the firewalls at all... And - if
you don't need session-level firewall (with the analysing of SMTP content
for example) IOS FW feature set is very effective solution.
On 21 Sep 1999, Gerry McDonald wrote:
> Date: 21 Sep 99 11:13:08 -0500
> From: Gerry McDonald <gerry@injectronics.com>
> To: nanog@merit.edu
>
>
> I have a question... I am currently expanding our network to accommodate a T1 to the
> Internet and a 512K frame connection to our WAN.. I need to purchase a router and spoke
> to several vendors. I have heard conflicting stories regarding the model of Cisco router I
> should get.
>
> One vendor <vendor a> tells me that I should get a 2620 with 2 Wan Ports and the other
> vendor <vendor b> is telling me that I might compromise my security by using one router for
> WAN and Internet connections. Their suggesting that I get 2 routers one for my Wan and
> another for the Internet connection...
>
> Vendor B is telling me that it would be possible to enter our wan without touching our firewall
> should someone be able to hack into our IOS on the router...
>
> I decided to go the experts... I would appreciate any helpful suggestions.
>
> Thanks...
>
> -Gerry
>
>
>
>
>
Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 230-41-41, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
