Never put a firewall in front of a router, it will die first. The team CYMRU stuff is great make sure you have ACL's on your VTY and allow access only from trusted internal IPs. I also like using non world routable space on any interface I can.
On Wed, Jan 19, 2011 at 9:38 PM, Brandon Kim <[email protected]>wrote: > > > > What an insightful link! Thank you, I am reading it now..... > > > > > > From: [email protected] > > To: [email protected] > > Date: Wed, 19 Jan 2011 16:38:43 -0800 > > Subject: RE: Securing Border Routers > > > > I ALWAYS start with the CYMRU secure bgp templates, found here: > > http://www.team-cymru.org/ReadingRoom/Templates/secure-bgp-template.html > > > > I personally would not recommend a firewall in front of your router, > sufficient ACL'ing should be enough for securing the router itself. > > > > > > Bryan > > > > -----Original Message----- > > From: Brandon Kim [mailto:[email protected]] > > Sent: Wednesday, January 19, 2011 4:36 PM > > To: nanog group > > Subject: Securing Border Routers > > > > > > Gents: > > > > What measures do you take to protect your border routers? Our routers are > running BGP so I'm interested if there is any way to secure them without > interfering with BGP? Is it normal to put a firewall in front of the border > routers? > > > > I'm concerned about DDOS attacks mainly....although we haven't had any, I > don't welcome them..... > > > > Brandon > > > > > > > > > > > > > >
