November 8th, 2002, 05:09 PM
Is my Cisco 827 enough protection
Im using a 827 router with NAT and I feel this is fairly secure on the net, can someone with a damm site more experience (my mother cat upwards then) tell me. I have got a server in between my router and my network running Lan Pro Suite 2002 at the moment. I would like to remove this server and just talk directly to the router but as I say above, I have not got the experience to make this shout.
November 8th, 2002, 08:06 PM
im assuming your using this server as a gateway and its multihomed. routers help and can be configured to act as a firewall but id feel more secure myself with at least a software firewall inbetween my network and the internet. i really don't know how good 602's fw is but if you feel secure with the 827 just make sure you keep the OS up to date.
if you have enough ports in the router plug everthing into it if not:
Put a switch or hub in between the 602 and the router and connect the lan directly to the switch:
get a switch or hub. take the cable to the inside interface of 602 and plug it into the switch so you lan connectects directly to the switch. plug the cable from 602s outside interface into the switch, assuming this is mapped for a mail server. connect the router to the switch with a crossover. change the gateway setting on all the clients to point to the router dhcp should take care of this though. i don't know if Lan Pro uses dhcp if it does turn it off the router should have its own dhcp server and as long as dhcp is enabled on the clients, they should all get their setting from there.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
November 8th, 2002, 08:25 PM
The Cisco 827 is not the choice for a newbie cause it requires some network knowledge and the (best) way to configure is CLI. (there's also a crappy GUI). Anyway you seem to be an advanced user; IMHO the Cisco is an (expensive) but stable and secure router. It's fast and stable in almost all situations and the security depends on how you configure it. The NAT provides some basic security need. But there are lot's of settings you can play with like the Acces List and DMZ settings. This thing is basicly what it says: a very good router, not something flashy like those purple Alcatel things.
November 8th, 2002, 08:58 PM
At present I have a server, with two NICS one goes to the Router, the other goes to a hub. I have naother three workstations on that hub. THe default gateway is the server and the Lan Pro Suite manages all the routing and other network services (email, proxy blatter blatter blatter)What I want to do is remove the server from the equation. THere are a few reasons I want to do this
1. Fed up of hearing the bloody server humming in the corner
2. I seem to have to hit the refresh button a lot to get the pages through the Server Firewall
3. As you state above the router was bloody expensive.
I am using the access lists and have restricted it to ip address's
The question I just keep asking myself is "IS IT ENOUGH"
November 8th, 2002, 09:14 PM
TinTin you can use a Free Linux box in addition to your Cisco. But it will do basicly the same as your cisco does. It will give you less reason to be paranoid.
Since you don't want a humming box in the corner, (I can understand that, read my tutorial on AO about cooling and noise basics) you should consider either using the cisco alone (like you are asking) or implementing a diskless/fanless server system to act like a gateway/firewall. You can accomplish this with a simple 80486 or a Pentium1 (those cisco routers only run at 50Mhz / 32Mb Ram therefor a 80486 DX/2 will handle your traffic with same speeds) running Linux on a floppy. (for example www.BBIagent.net if you need PPPoE, or www.FreeSco.org for all cable modem connections). You can remove the cpu fan on such low speed systems and opt for passive cooling with a heatsink. Replacing your powersupply fan with a PAPST silent computer fan (or replace the complete powersupply with a silent one) will lower the noise extremly. Since the box only need a mobo, Ram and 2 nic's it will be silent.
Anyway, I think the cisco is pretty secure if configured properly and with strong passwords. I hope this helped.
November 8th, 2002, 09:39 PM
I use a Cisco 3620, overkill of course but I have a bunch of other equipment that I use for lab work, as my firewall. Using a combination of PAT, ACL's, CBAC, and IDS my environment is pretty darm secure. I used to have Norton Personal Firewall before setting up the Cisco device and used to get alerts all the time. After installing the router I never got another alert in Norton so after a couple of months I just got rid of it and keep the Cisco solution. It's probably not 100% fool proof but it works for me. Don't loose sleep over security issues though. If you worry about it too much you'll develope ulcers. BTW my setup is attached to a light switch so that when I turn off the lights my equipment shuts down also. Helps me to sleep at night
November 8th, 2002, 09:45 PM
Do they run on the same circuit? Or does it works like a relayswitch? Cause it's perhaps a good idea regarding security but regarding electricity? If thye are on the same circuit, I hope your equipment (including your lights and light switch) is recent and good quality, cause those can cause small adjustments in voltages, etc... but if your setup runs stable, nothing to worry about.
BTW my setup is attached to a light switch so that when I turn off the lights my equipment shuts down also. Helps me to sleep at night