Latest Cisco news.Cisco remote-office security optionsBy Ron NutterNetwork World Fusion, 11/03/03 We’re standardizing our switches, routers and firewalls on Cisco to make things easier to administer. We’re in the process of bringing up a remote office and we’re looking for the best way to do it. Some say using Access Control Lists (ACL) and/or upgrading to the firewall version of IOS for the router would be the cheapest way to protect the remote office. Others think a Cisco PIX firewall is a more secure way to go. What would you suggest?– Via the Internet Having your router function as a firewall and a router is a possibility, but it puts all your eggs in one basket. ACLs can help you control intrusions but they’re not as flexible as a device more suited to that purpose. Going to the firmware version of IOS for the router is a better option than just using ACLs because you can be a little more granular in how you set up the protection.The concern I have with using a single device is that if it fails or is compromised, an outside intruder is now directly on your network.By using two devices (a router and a firewall, or in your case, a PIX) to connect the office to the Internet, you’re adding one more layer the intruder will have to go through to get to your network. By adding a PIX, setting up a VPN connection between the remote office and your main location will be easier and will allow your staff to remotely access the distant office with Cisco’s VPN Client if they have to work on something when they’re away from the main office.By using ACLs on a router with the non-firmware version of IOS, you can stop some brute force attacks, such as the Nachi/Welchi scans, from getting into the network.You can also put steps in place to block source address coming from the three private reserved address ranges specified in RFC 1918 or those reserved by the Internet Assigned Numbers Authority that aren’t in use. This will keep someone from spoofing those addresses, causing your network to try to talk to a host that isn’t there. This leaves the PIX to only allow the traffic you want in and control what is allowed to go out.For remote offices, you can go with a smaller PIX than what you have at your main office and still have the same level of firewall protection at both ends. To read this story online, please go to: https://www.nwfusion.com/columnists/2003/1103nutter.html?nl Related content feature 5 ways to boost server efficiency Right-sizing workloads, upgrading to newer servers, and managing power consumption can help enterprises reach their data center sustainability goals. By Maria Korolov Dec 04, 2023 9 mins Green IT Green IT Green IT news Omdia: AI boosts server spending but unit sales still plunge A rush to build AI capacity using expensive coprocessors is jacking up the prices of servers, says research firm Omdia. By Andy Patrizio Dec 04, 2023 4 mins CPUs and Processors Generative AI Data Center feature What is Ethernet? History, evolution and roadmap The Ethernet protocol connects LANs, WANs, Internet, cloud, IoT devices, Wi-Fi systems into one seamless global communications network. By John Breeden Dec 04, 2023 11 mins Networking news IBM unveils Heron quantum processor and new modular quantum computer IBM also shared its 10-year quantum computing roadmap, which prioritizes improvements in gate operations and error-correction capabilities. By Michael Cooney Dec 04, 2023 5 mins CPUs and Processors CPUs and Processors CPUs and Processors Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe