No announcement yet.

network hardening

  • Filter
  • Time
  • Show
Clear All
new posts

  • network hardening

    Hi guys..

    just to say hi to the forumers..

    Im currently hardening my network...there few things that i already impose to my network.

    just wonder whether is it good idea for me to not allowing my WAN ip attached to the my router to receive any or reply ping/traceroute packet.

    maybe you guys could drop me a the command lines (CL'S) that might be effective to.

    Fyi im on cisco 2800 series and ios ver 12.4T.

    your views appeciated.


  • #2
    Re: network hardening

    Personally I don't think it's a significant security risk to allow your external router to be pinged. Some would argue that it allows a potential attacker to know that a live device exists there... but my answer is: it's already discoverable through an nmap scan so who cares? If it's a firewall then there's almost always going to be some kind of open port response that nmap would be able to discover which would prove it was a live device anyway. I find it much too useful to be able to ping the external interface as a simple way of tracking availability. If you're worried though, I suppose you could make a firewall rule that only allows ICMP from trusted IPs like your home or some watchdog service. Just my $0.02.
    Wesley David
    LinkedIn | Careers 2.0
    Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
    Vendor Neutral Certifications: CWNA
    Blog: || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
    Goofy kitten avatar photo from Troy Snow: