|
We do
three things here.
1. Primary line of defense is a Cisco 7000RSP as
the border router with several Access-list. Access list are on the
inbound circuits from the Internet, our T1s that connect to remote locations,
and our ethernet ports that connect to our servers, dialup, DSL and wireless
access servers. There are also a couple of access-list that are for
specific viruses.
3. We have Snort 2.0 installed as an IDS so we can see
what else is happening such as additional ports that need blocked, users that
have viruses and etc.
Access-list are a real pain until you understand them and have an easy
way to update them. I store the "master" access-list in .txt files on a
workstation, then modify them as needed, cut and paste them to the router.
The .txt file contains all the necessary commands, with the exception of
username/passwords, to delete the current access-list from each interface,
create the new access-list and then apply the access-list back to the proper
interfaces. A modification of an access-list takes me no more that 30
seconds from start to finish.
For
those that want to setup an IDS using Snort, there is a book out that is called
"Snort 2.0 Intrusion Detection" published by Syngress. Located
at http://www.syngress.com/catalog/sg_main.cfm?pid=2440
Ronnie
|
Title: Message
- [Modus] Firewalls for ISPs Admin
- [Modus] Firewalls for ISPs Denis Auger
- [Modus] Firewalls for ISPs Ronnie Franklin
- [Modus] Firewalls for ISPs Jon Saunders - SECPA
- [Modus] Firewalls for ISPs Michael B. Smith
- [Modus] Firewalls for ISPs John M. Troher
- [Modus] Firewalls for ISPs Ronnie Franklin
- [Modus] upgrading vopmail to modusmail l... David Payer
- [Modus] upgrading vopmail to modusma... Frank M. Cook
- [Modus] upgrading vopmail to modusma... Peter Wimbourne
- [Modus] upgrading vopmail to modusma... Ernest W. Lessenger
- [Modus] Firewalls for ISPs John M. Troher
