Complete.Org: Mailing Lists: Archives: discussion: May 2009:
[aclug-L] Re: Router questions
Home

[aclug-L] Re: Router questions

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: <discussion@xxxxxxxxx>
Subject: [aclug-L] Re: Router questions
From: "Cavgalar, Alexandros (Alex)" <cavgalar@xxxxxxxxxxxxxxxxxx>
Date: Mon, 18 May 2009 15:09:30 -0500
Reply-to: discussion@xxxxxxxxx

 Most residential routers have simple network management schemes.
Therefore, breaking into the network is very easy. The problem with
commercial grade low end routers like Cisco 8xx family is that they have
a cheap/low performance processor managing the router. Therefore, most
network security management is done via set hardware rules.
Unfortunately a smart enough cracker can easily break into these type of
routers.=20

If you want to be able to "tweak" the number of access/security rules,
it is best for you to either look into high throughput routers with
heavy security rules or to turn a standard Linux box into a router.
Although I'd like to warn you that if you use an older Linux box with
single processor, then you will have system throughput issues.
Therefore, I would suggest purchasing PCI based security accelerators
for this Linux box to eliminate the throughput issues. Companies like
HiFn, LSI (used to be called Tarari), and cPacket sell such PCI boards
for your PC but it might be little expensive.

Good Luck

Alex.

-----Original Message-----
From: discussion-bounce@xxxxxxxxx [mailto:discussion-bounce@xxxxxxxxx]
On Behalf Of Dale W Hodge
Sent: Monday, May 18, 2009 1:49 PM
To: discussion@xxxxxxxxx
Subject: [aclug-L] Router questions

I could use the help of some network pros before I rework my network.=20
First off I have a small lan with 8 computers. Currently I have two
linux boxes working as firewalls for my network but I'm considering
replacing them with some kind of hardware router and moving those boxes
to a DMZ. My network gets hammered by port scans and break-in attempts,
badly enough so that my ISP is offering to trade out IP's so they can
use mine for their honeypot!

The questions I have are two fold, whether replacing them with a
hardware solution would enhance security and if so what kind of router
should I purchase?  I have looked at both low cost residential routers
on up to Cisco SOHO routers like the 831/851/871. I know some of the
residential routers run a linux derivative, so are there any preferred
models I should consider? Or should I move on up to a Cisco or is it
overkill for small office like mine?

Thanks!

--Dale

-- This is the discussion@xxxxxxxxx list.  To unsubscribe, visit
http://www.complete.org/cgi-bin/listargate-aclug.cgi


-- This is the discussion@xxxxxxxxx list.  To unsubscribe,
visit http://www.complete.org/cgi-bin/listargate-aclug.cgi


[Prev in Thread] Current Thread [Next in Thread]