Gerardo responded privately to me on this, but I hope he won't mind that I post
it back to the list, since it's addressing a common firewall issue.
While I'm not prepared to go into much detail on network security, I'll outline
briefly some of the steps that should be taken.
Ideally you would develop a security policy. As far as the Internet is
concerned, what types of traffic do you want to permit to and from your
protected domains? This is best done from the viewpoint that we list what is
allowed and prohibit all else.
If you're only going to have a single router with no additional firewall, you
can still provide some defense for your systems. With a Cisco router you can do
packet filtering and logging, at least. You setup filters to permit traffic
that you desire, deny everything else, and log some or all of the blocked
traffic. With Ciscos, you can log in the router's memory and/or to a separate
syslogd server. Cisco log entries show the source and destination addresses and
ports of the packets being logged.
There is much information on Cisco's web site about using a router to protect
your network. Here is one place to start:
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/cs003.htm
Tony Rall
Gerardo Soto <[EMAIL PROTECTED]> on 05/25/1999 09:09:31
As you can tell I am no expert when it comes to firewalling and
configuring it , but let me tell you that kraken2 is my router and that
means someone is portscanning my network. How do I get my router to log
what is going on ? or better yet How do I get better logs about what is
going on within my network ? I mean , get more specific information like
who is doing the queries , where are they coming from and so on , right I
have a tcpdump on a RedHat linux v.5.0 and a 2511 cisco router.
Could you give me some advise ?
I would deeply appreciate it.
REGARDS !!!!!! Gerardo
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
