Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

internet router access list standards

Status
Not open for further replies.
csross

csross

MIS
Dec 21, 2003
92
US
I am setting up a router which connects to the cable modem. It will also be a dhcp server for a private internal network. I don't want anyone to get in except for ssh but if the clients on the inside request web pages, or send mail, or ftp out, for example, if I deny all but port 22 in, will they be able to execute all those things. We use a cable modem for the private network but I don't want to leave it open. There is also a public internal network but it doesn't go out the cablevision network.

Does anyone have a standard secure access list for a router thats on cablevision (or other private provider).

Thanks
 
Sort by date Sort by votes
u can write your access list to permit and/or deny any traffic using source/destination ports for flexibility, in any direction..

it all depends on wot u want, and how u set it up, unless wot u r asking is whether we can give u very specific ACL configs..

good luck..
 
Upvote 0 Downvote
Thanks for the response.

I guess I am looking for direction on the standards acls that are used in this kind of situation. My company is getting more and more concerned with security and I don't want to let them down.

If there is a faq or site you can point me to, I would be very appreciative.

thanks
 
Upvote 0 Downvote
Thank you very much. It appears to be a good source.

 
Upvote 0 Downvote
Just like post above yours. The best practice is to AT MOST only allow established TCP traffic back onto your internal net...

Try to move all global services behind a different interface(dmz) Nat makes this rather simple.. Just re ip and move your important devices and change the nat pool..

Then you can apply an more open access-list only to these devices...and if they happen to get infected or attacked you can place another access-list between this network and your internal to provide protection..
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Tariq Habaybeh
  • Locked
  • Question
Cisco 881WD-E-K9 router configuration
Replies
1
Views
97
burtsbees
burtsbees
dmourghen
  • Locked
  • Question
PBR issue and Access-list
Replies
0
Views
85
dmourghen
dmourghen
CDIV
  • Locked
  • Question
Use uplink port as access port 2960 1
Replies
9
Views
290
CDIV
CDIV
CDIV
  • Locked
  • Question
How do I enable SSH access in 2960x 1
Replies
4
Views
469
iggsterman
iggsterman
Zia khan
  • Locked
  • Question
Cisco: 2811 Router
Replies
1
Views
82
CASSBusinessSystems
CASSBusinessSystems

Part and Inventory Search

Sponsor

Back
Top