Security Basics mailing list archives
Re: getting routes from internet facing routers
From: aditya mukadam <aditya.mukadam () gmail com>
Date: Wed, 22 Jul 2009 10:24:37 +0530
Martin, This applies to dyamic routing. If routing protocol is configured between devices A and B , the routes/routing table will be exchanged. This routing information received( by the device) from peer /neigbour devices will used to determine the best route to the destination IPs. Since the routing updates received from peer /neigbour will determine the path, its important to make sure that we only receive routes from legitimate devices. We should configure the devices to validate identity and routing updates. It is recommended to configure 1) Authentication 2) External route filters on ASBRs Hope this helps. Thanks, Aditya Govind Mukadam, CISSP,CEH,JNSA-Advanced Security, JNCIA-SSL,CQS-PIX, CQS-VPN http://www.linkedin.com/in/adityamukadam On Tue, Jul 21, 2009 at 2:10 AM, martin<martiniscool () gmail com> wrote:
Hi All I've always heard as best practice that you should keep your internal routes off external facing routers. And I've also heard that it's possible to get routes from a router/firewall facing the public domain without having to login to it. Can anybody explain (or give an example) of how this is achieved ? Is it by using ICMP ? Does this only apply to routers using dynamic routing or does it also apply to static routes ? Thanks in advance ! M ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- getting routes from internet facing routers martin (Jul 20)
- Message not available
- Re: getting routes from internet facing routers martin (Jul 21)
- Re: getting routes from internet facing routers Shreyas Zare (Jul 21)
- Re: getting routes from internet facing routers martin (Jul 22)
- Re: getting routes from internet facing routers Jeffrey Walton (Jul 22)
- Re: getting routes from internet facing routers Shreyas Zare (Jul 22)
- Re: getting routes from internet facing routers martin (Jul 21)
- Message not available
- Message not available
- Message not available
- Message not available
- getting routes from internet facing routers martin (Jul 27)
- <Possible follow-ups>
- Re: Re: getting routes from internet facing routers stcroix111 (Jul 27)