Re: Securing Border Routers

[jim deleskie <deleskie () gmail com>]

Never put a firewall in front of a router, it will die first.  The team
CYMRU stuff is great make sure you have ACL's on your VTY and allow access
only from trusted internal IPs.  I also like using non world routable space
on any interface I can.


On Wed, Jan 19, 2011 at 9:38 PM, Brandon Kim <brandon.kim () brandontek com>wrote:

> What an insightful link! Thank you, I am reading it now.....
>
>
>
>
> > From: Bryan.Welch () arrisi com
> > To: nanog () nanog org
> > Date: Wed, 19 Jan 2011 16:38:43 -0800
> > Subject: RE: Securing Border Routers
> >
> > I ALWAYS start with the CYMRU secure bgp templates, found here:
> > http://www.team-cymru.org/ReadingRoom/Templates/secure-bgp-template.html
> >
> > I personally would not recommend a firewall in front of your router,
> sufficient ACL'ing should be enough for securing the router itself.
> > Bryan
> >
> > -----Original Message-----
> > From: Brandon Kim [mailto:brandon.kim () brandontek com]
> > Sent: Wednesday, January 19, 2011 4:36 PM
> > To: nanog group
> > Subject: Securing Border Routers
> >
> >
> > Gents:
> >
> > What measures do you take to protect your border routers? Our routers are
> running BGP so I'm interested if there is any way to secure them without
> interfering with BGP? Is it normal to put a firewall in front of the border
> routers?
> > I'm concerned about DDOS attacks mainly....although we haven't had any, I
> don't welcome them.....
> > Brandon