[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 384
  • Last Modified:

Should I upgrade from a Cisco 2620 to a Cisco 2801

We have a T1 line with a Cisco 2620 router that came a  part of a promotion from Sprint our T1 provider 4 or 5 years ago.  As we look to renew our T1 service with Sprint they are offering an option that for $35 extra dollars a month for two years, gives us a Cisco 2801 router.  We haven't upgraded the IOS on the 2620 since we received it.  I'm thinking that it may make sense to go with the new router in order to take advantage of any security enhancements.

I have very little experience configuring Cisco routers.  I all typically would do is use the filter to only open up IP addresses and ports to a new web server.  We also have a SonicWall Pro 230 in our configuration that is about 2 years old.

With the 2620 and the Sonic wall are we pretty secure or should I upgrade to the 2801?  Security is my main concern.  I don't want to leave ourselves exposed to unnecessarily.  

Thanks,

Mike
0
Mike93110
Asked:
Mike93110
  • 2
2 Solutions
 
pjtemplinCommented:
If you don't have experience configuring Cisco IOS and you do feel comfortable with Sonicwall, focus your security efforts on using the Sonicwall to your advantage.  Let the router be a router, and don't worry about the upgrade.  Anyone with a bigger pipe than your T1 can flood your link if they really want to; having a beefier router won't matter if the T1 is already filled up during that kind of attack.  (We have 2xDS3 and 4xFastE; when a customer of ours gets hit hard, even our pipes get filled up.  The only remedy is to get the attack stopped and/or blocked; putting Cisco's largest router on our end of a DS3 won't make the DS3 empty out.)
0
 
td_milesCommented:
as pjtemplin says, if it aint broke, don't worry about it. We have one of our customers using a 2503 for an E1 connection and it is working just fine. Granted it takes about 30 seconds when you do a "write mem", but other than that it is plugging along. It doesn't take much to route packets.
0
 
Mike93110Author Commented:
Is there anything I should do to quickly ensure that there aren't any obvious security holes in my existing router that should be plugged?  Is it worth having someone double check my configurations or with the Snoicwall is the router pretty much a moot issue from a security standpoint.
0
 
td_milesCommented:
If the router doesn't connect to your internal network at all, then the worst that can probably happen is someone might caused the router to lock up or reboot, which will effectively be a DoS against you. If they can't get onto your internal network behind the SonicWall, then they can't really do anything malicious.

On the router, ensure that only things that are actually needed are enabled. Disable anything not required. Block telnet access from the Internet to the router (or restrict to a limited set of hosts). You You can check the Cisco vulnerability website:
http://www.cisco.com/en/US/products/products_security_advisories_listing.html
and if you find anything applicable to the IOS version you are running (show version) then you can request the patched IOS version.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now