Security Basics mailing list archives
RE: Protecting PIX Firewall at the Perimeter Router
From: "Adam Maxwell" <netrunner () sneakers-inc net>
Date: Wed, 6 Nov 2002 19:41:21 -0000
-----BEGIN PGP SIGNED MESSAGE----- The Cisco routers are based on the same IOS as the pix firewall. You can set ACL's for management on the Cisco routers, for the interfaces and the console ports. - -----Original Message----- From: John Canty [mailto:John.Canty () Vibro-Meter com] Sent: 05 November 2002 19:23 To: Naman Latif; security-basics () security-focus com Subject: RE: Protecting PIX Firewall at the Perimeter Router I have the same config here 1720 perimeter and pix 515e. The pix can be set to receive telnet and pdm from one and only one IP and you can also set the interface on which it will see that IP. The router, I am less familiar with. I believe you may be able to do the same. The only downside is this gives you limited options on management. I.E. you can only use one computer on the inside network to manage these devices, or on the router use the aux port, and on both devices use the console port. If you are in the field and a device chooses to tank out on you then you could be in trouble. Multitech and other vendors do sell RAS servers you could allow it's IP as a telnet friendly IP, but this also opens up the possibility of someone dialing into this thing and messing things up. Try tossing one of these things on a pbx analog line with an extension and you may have a good solution there. Just like anything else, eliminate needless variables, but keep your options open. Set up gates that one must overcome in order to gain access. //John - -----Original Message----- From: Naman Latif [mailto:naman.latif () inamed com] Sent: Monday, November 04, 2002 8:47 PM To: security-basics () security-focus com Subject: Protecting PIX Firewall at the Perimeter Router Hi All, I wanted some suggestions\practical experiences for protecting a Firewall wall at the Perimeter Router Level. We have a PIX Firewall connected to our Cisco Router, which is connected to the Internet. Should there be any IOS Firewall Rules in the Router, other than blocking Telnet,FTP etc to the Firewall itself ? PIX will be doing NAT, protecting DMZ machines, and IPSec connections. Regards \\ Naman -----BEGIN PGP SIGNATURE----- Version: PGP Personal Security 7.0.3 iQIVAwUBPclwYAG81/VlR++2AQGK3A/7ByYRMohohjN70FMPqwJZo3Q54ZPkLMvf 3LKVmqeoyopd2MQCNk/znTf1uFNZb/RAjSDPEKMEHPUWqwWI4EH54MKTgzMJFLWt 1ykBZ1zhvnpSi7RM3VVr4rEBiZnzthfAt2hw70QG69+cnHEM0lfc/t8s19i7owzb VeK5ntwkIspXIWv7ZR6dLqBXMewKWlAtyzGn96kSYRfkqckuQW3TTFuKLrDbV18E SEi7dwefgc5+O+WoYS2yCh5p10FGC+5yKfD6bVnAFhzbcVpmTl74JMjNnKkynHwk LPJD6Gkpw4dlVZwckNA2ISy30Ws8uS0PD/8XpgCDEeXNBEDJsTotWEyeB0pcI21g t+TFOXY5fMaRI+HLlpvxTI/HK50m7ZDsIBVmIIBkwmaSrM+8h2nfzqLVWMEu7w5y wXg8H7uo3GdYSQ+5F6sNyEj52gyWA3DYGG+fim55f6LHMIEHuTP1TKRBFLiBIcnQ q9HSimbQop5DYvWsg+oi0k5ObjHjSm/G3jJ5z70ZqqCkVHR4n2qeVhvp5iHv6u84 WJ8Zi7nUHimNXTT9QuPmXhJvKI4kjyvlLJVmzwib5Ca7666MFjIOXE5WMiqOjFw0 y7B8KkBY9skaGe6PxCsOFFawdGDhWhlPIbsPQcEsjF5xh8pWsjjRzkFNoqjCl1ba DgZPOjyvOl0= =F5Vf -----END PGP SIGNATURE-----
Current thread:
- Protecting PIX Firewall at the Perimeter Router Naman Latif (Nov 05)
- RE: Protecting PIX Firewall at the Perimeter Router Gordon Brandt (Nov 06)
- Re: Protecting PIX Firewall at the Perimeter Router rsavage (Nov 06)
- Re: Protecting PIX Firewall at the Perimeter Router William Kupersanin (Nov 06)
- Re: Protecting PIX Firewall at the Perimeter Router R P G (Nov 07)
- RE: Protecting PIX Firewall at the Perimeter Router Thomas Novak (Nov 09)
- Re: Protecting PIX Firewall at the Perimeter Router R P G (Nov 07)
- <Possible follow-ups>
- RE: Protecting PIX Firewall at the Perimeter Router John Canty (Nov 06)
- RE: Protecting PIX Firewall at the Perimeter Router Adam Maxwell (Nov 07)
- RE: Protecting PIX Firewall at the Perimeter Router Vik Evans (Nov 11)
- RE: Protecting PIX Firewall at the Perimeter Router Adam Maxwell (Nov 07)
- RE: Protecting PIX Firewall at the Perimeter Router Piacquadio, Juan (Nov 06)
- RE: Protecting PIX Firewall at the Perimeter Router Paris E. Stone (Nov 07)
- RE: Protecting PIX Firewall at the Perimeter Router Calhoun, Heath (Nov 07)
- RE: Protecting PIX Firewall at the Perimeter Router Ben Duncan (Nov 08)