Best Way to protect our lan

Posted on 2009-04-07
Medium Priority
Last Modified: 2013-11-05
Hi experts,
Im using 5505 asa cisco pix firewall, and it is well configured, but also Im using VNC as remote desktop application and it is using by default the port 5900 to access my computers from external via internet over the real IPs.
So Ive been attacked till now 3 times on this port so I changed the port, and they attacked the VNC software even that it is protected by a password.

Is there any other way to protect my Lan from the external attack (software or hardware) and is there any software or hardware that monitor the traffic on the lan and the wan and between then (I know that we can monitor on cisco pix firewall but I need a more efficient monitoring tool)
P.S:  I dont want to use ISA server as back end protection

Thank you.
Question by:LeDaouk
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2

Accepted Solution

cmorffew earned 500 total points
ID: 24088909
I personally wouldnt use VNC for external-to-internal connections.

Why dont you configure for VPN on your PIX and VPN into the network and then run your VNC to connect  to the computers one you hav ethe VPN connection established?  This is what  i do and even use RDP once i have VPN'ed into the network to connect to my servers.

Assisted Solution

ricks_v earned 500 total points
ID: 24103028
since you are VNCing to internet address, I believe you only vnc to a single host in the LAN.

cmorffew idea is the safest option, this way you can also vnc to many hosts behind the LAN, once you are connected via remote access or lan 2 l an vpn.

another option would be using ultra vnc, but that involves DC server to configure as client do not keep password in this scenario.

the simplest option would be putting ACL on the pix, to allow only certain internet address go vnc to client behind pix. Use single source and destination ip incoming only.
This way no one else apart from you can vnc , thus no more password cracking by hacker as they can't even connect at all now


Author Comment

ID: 24105840
Thanks cmorffew and ricks_v for your comments, so nice.
but I'm not intersted only for the remote connection my first target is how to protect more my lan from attackers, do I have to use something else the pix firewall or other monitoring tolls, or what I have to do more to protect it in the most secured and profesional way, is there a new technology of security etc ...
Thanks anyway

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.


Expert Comment

ID: 24106371
You mentioned that the attackers are aiming at your VNC software only or is there more?
It sounds like your Firewall is doing its job if the only thing that is being targeted is VNC.

Your LAN sounds fine - you have basically opened the front door on port 5900(or whatever port you now have for VNC) so any one with VNC on the internet will sniff around to find a VNC port and then try and connect.

ricks_v is correct, the best option for you to secure the whole thing will be to only allow specific IP address's to connect to your VNC port on the PIX.  This way all those people trying to hack into your LAN via VNC will be denied because they are not on the approved IP list.

If you open a port on your firewall you have to expect someone to try and come in, its the same with email - port 25 and other ports, 443,80 etc are all open to the internet, but its the acl that specifies who can use them.  As long as the firewall is stopping them at the perimeter, then is it working and you are protected.

The weakest link on any LAN is the internet facing device, in your case the 5505 asa cisco pix firewall, which you have said is well configured.

Author Comment

ID: 24113918
ok. then is there any tool to monitor trafic on fire wall in details?

Expert Comment

ID: 24124426
You can monitor the router logs using sys logger(something like Kiwi syslogger).  OR configure something as your snmp server to receive the snmp alerts from your firewall , router,switches anything that can send snmp info.

This would give you plenty of information on your network.

Expert Comment

ID: 24134403
agree, run a pc as syslog server, that way you can always come back and see what connections are being allowed and denied.

the pix itself has a limited memory to hold the logging, I assume 1 day logging max depending on how many in/outgoing connections.

here's some link on how to configure syslog server on PIX:

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question