Re: Frame-relay and perimeter security. [bcc][faked-from]

From: Stefan Grey (examplebrain@hotmail.com)
Date: Fri Mar 31 2006 - 06:00:06 GMT-3

• Next message: imam@intikom.co.id: "Limit traffic"
• Previous message: Hash Aminu: "Re: Need Help With My Terminal Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Where would you advise to connect it than?? into the ASA I assume??

>From: Brad Ellis <brad@ccbootcamp.com>
>Reply-To: Brad Ellis <brad@ccbootcamp.com>
>To: Stefan Grey <examplebrain@hotmail.com>, ccielab@groupstudy.com
>Subject: Re: Frame-relay and perimeter security. [bcc][faked-from]
>Date: Thu, 30 Mar 2006 11:46:25 -0800
>
>Stefan,
>
>If the SAFE blueprint is omitting the local router and ASA it's assuming
>the FR/ATM connections are secure (or maybe there are some security modules
>in the switch it's connecting to?). You could go crazy with security and
>have a crapload of ASAs instead of switches and only allow PCs (desktops
>and servers) to connect to these ASAs...while it will be an extremely
>secure environment (assuming you locked down the ASAs properly), I dont
>think it would be very cost effective...the key to security is a
>practical/cost effective model with the necessity of devices and the
>protection they offer to correspond with the security needs of the data
>it's protecting. basically, have the proper security model for the
>criticality and privacy of what it's protecting.
>
>thanks,
>Brad Ellis
>CCIE#5796 (R&S / Security)
>CCSI#30482
>Network Learning Inc - A Cisco Learning Partner (CLP)
>YES! We take Cisco Learning credits!
>brad@ccbootcamp.com
>www.ccbootcamp.com (Cisco Training and Advanced Technology Rental Racks)
>Voice: 702-968-5100
>FAX: 702-446-8012
>
>----- Original Message ----- From: "Stefan Grey" <examplebrain@hotmail.com>
>To: <ccielab@groupstudy.com>
>Sent: Thursday, March 30, 2006 9:22 AM
>Subject: Frame-relay and perimeter security. [bcc][faked-from]
>
>
>Hello guys,
>
>Imagine.... The customer is receiving internet/vpn traffic through router
>than goes ASA than local switch and the local network. Everything is fine
>and according to the SAFE model.
>Second thing.... the customer has the remote office in other city and has
>the frame-relay connection between them. Where is it correct solution to
>put
>this ethernet which goes to the remote office?? into ASA DMZ or in the
>local
>switch or to the router??
>
>I just have seen the picture in the SAFE bluepring where was drawn that
>frame-relay/ATM connects to the local switch ommiting router and ASA. Is it
>secure?? Is it correct??? Isn't it valnurable that if hacker has attacked
>the remote office he could without any problems attack from there the CO in
>this case??
>But in other case if pluging this FR connection to the perimeter router...
>then isn't it bad to have both local traffic and internet traffic on the
>outgoing interface of the ASA??
>
>Any thoughts??
>
>What do you think from your experience??
>
>Thanks.
>
>_________________________________________________________________
>Discover the magic of RSS feeds at MSN Ireland! http://ie.msn.com/
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html

• Next message: imam@intikom.co.id: "Limit traffic"
• Previous message: Hash Aminu: "Re: Need Help With My Terminal Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Apr 01 2006 - 10:07:40 GMT-3