Slashdot Mirror
8 Steps To Protect Your Cisco Router
Daniel B. Cid writes "I wrote the article '8 steps to Protect your Cisco router' (PDF). This small text gives to the reader eight steps (very easy to understand) showing how minimize your Cisco router exposure, by turning off some unused services, applying some access control lists and applying some security options available on that."
Damn straight. I had a Cisco PIX 506E and the thing was rediculously overpriced for what it offered. The manuals that accompany the device were nothing more than IOS command guides (the product guide on CD only vaguely helpful).
I became a much happier person when I moved to a linux machine with a nice shorewall iptables script.
There is one thing I have to say about the cisco 506E, it had a form factor that beats the hell out of a plain pc. I would have loved to run linux on it. It was very small/quiet/light/unobtrusive.
A small disclaimer: I know that with tons of Cisco training you can become a master of these Cisco PIX devices. However I will never forgive cisco for charging for 3DES encryption "upgrades".
A netgear FVS318 VPN firewall has twice the features as this unit for $150, although dont expect huge throughput when using 3DES or AES for vpn tunnels, for that app a 400mhz or greater linux firewall would probably do the trick. They also had buggy firmware in the past, but they seem to be working well with the 1.4 firmware. They have dyndns integration, 8 vpn tunnels, really awesome web based configuration, and a nice professional looking casing. Hooking two of these units together for a vpn is a snap.
The Ro Factor - Jeep/Linux Weblog
the nsa(or nsac or whatever they're called) wrote a much better one, coming in at about 300 pages. can't find the url, but it's on their site...