Solved

Best Way to protect our lan

Posted on 2009-04-07
7
557 Views
Last Modified: 2013-11-05
Hi experts,
Im using 5505 asa cisco pix firewall, and it is well configured, but also Im using VNC as remote desktop application and it is using by default the port 5900 to access my computers from external via internet over the real IPs.
So Ive been attacked till now 3 times on this port so I changed the port, and they attacked the VNC software even that it is protected by a password.

Is there any other way to protect my Lan from the external attack (software or hardware) and is there any software or hardware that monitor the traffic on the lan and the wan and between then (I know that we can monitor on cisco pix firewall but I need a more efficient monitoring tool)
P.S:  I dont want to use ISA server as back end protection

Thank you.
LeDaouk.
0
Comment
Question by:LeDaouk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 9

Accepted Solution

by:
cmorffew earned 125 total points
ID: 24088909
I personally wouldnt use VNC for external-to-internal connections.

Why dont you configure for VPN on your PIX and VPN into the network and then run your VNC to connect  to the computers one you hav ethe VPN connection established?  This is what  i do and even use RDP once i have VPN'ed into the network to connect to my servers.
0
 
LVL 6

Assisted Solution

by:ricks_v
ricks_v earned 125 total points
ID: 24103028
since you are VNCing to internet address, I believe you only vnc to a single host in the LAN.

cmorffew idea is the safest option, this way you can also vnc to many hosts behind the LAN, once you are connected via remote access or lan 2 l an vpn.

another option would be using ultra vnc, but that involves DC server to configure as client do not keep password in this scenario.

the simplest option would be putting ACL on the pix, to allow only certain internet address go vnc to client behind pix. Use single source and destination ip 255.255.255.255 incoming only.
This way no one else apart from you can vnc , thus no more password cracking by hacker as they can't even connect at all now

0
 
LVL 4

Author Comment

by:LeDaouk
ID: 24105840
Thanks cmorffew and ricks_v for your comments, so nice.
but I'm not intersted only for the remote connection my first target is how to protect more my lan from attackers, do I have to use something else the pix firewall or other monitoring tolls, or what I have to do more to protect it in the most secured and profesional way, is there a new technology of security etc ...
Thanks anyway
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 9

Expert Comment

by:cmorffew
ID: 24106371
You mentioned that the attackers are aiming at your VNC software only or is there more?
It sounds like your Firewall is doing its job if the only thing that is being targeted is VNC.

Your LAN sounds fine - you have basically opened the front door on port 5900(or whatever port you now have for VNC) so any one with VNC on the internet will sniff around to find a VNC port and then try and connect.

ricks_v is correct, the best option for you to secure the whole thing will be to only allow specific IP address's to connect to your VNC port on the PIX.  This way all those people trying to hack into your LAN via VNC will be denied because they are not on the approved IP list.

If you open a port on your firewall you have to expect someone to try and come in, its the same with email - port 25 and other ports, 443,80 etc are all open to the internet, but its the acl that specifies who can use them.  As long as the firewall is stopping them at the perimeter, then is it working and you are protected.

The weakest link on any LAN is the internet facing device, in your case the 5505 asa cisco pix firewall, which you have said is well configured.
0
 
LVL 4

Author Comment

by:LeDaouk
ID: 24113918
ok. then is there any tool to monitor trafic on fire wall in details?
0
 
LVL 9

Expert Comment

by:cmorffew
ID: 24124426
You can monitor the router logs using sys logger(something like Kiwi syslogger).  OR configure something as your snmp server to receive the snmp alerts from your firewall , router,switches anything that can send snmp info.

This would give you plenty of information on your network.
0
 
LVL 6

Expert Comment

by:ricks_v
ID: 24134403
agree, run a pc as syslog server, that way you can always come back and see what connections are being allowed and denied.

the pix itself has a limited memory to hold the logging, I assume 1 day logging max depending on how many in/outgoing connections.

here's some link on how to configure syslog server on PIX:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094030.shtml#setupsyslogd
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question