Best Way to protect our lan

Hi experts,
Im using 5505 asa cisco pix firewall, and it is well configured, but also Im using VNC as remote desktop application and it is using by default the port 5900 to access my computers from external via internet over the real IPs.
So Ive been attacked till now 3 times on this port so I changed the port, and they attacked the VNC software even that it is protected by a password.

Is there any other way to protect my Lan from the external attack (software or hardware) and is there any software or hardware that monitor the traffic on the lan and the wan and between then (I know that we can monitor on cisco pix firewall but I need a more efficient monitoring tool)
P.S:  I dont want to use ISA server as back end protection

Thank you.
Who is Participating?
I personally wouldnt use VNC for external-to-internal connections.

Why dont you configure for VPN on your PIX and VPN into the network and then run your VNC to connect  to the computers one you hav ethe VPN connection established?  This is what  i do and even use RDP once i have VPN'ed into the network to connect to my servers.
since you are VNCing to internet address, I believe you only vnc to a single host in the LAN.

cmorffew idea is the safest option, this way you can also vnc to many hosts behind the LAN, once you are connected via remote access or lan 2 l an vpn.

another option would be using ultra vnc, but that involves DC server to configure as client do not keep password in this scenario.

the simplest option would be putting ACL on the pix, to allow only certain internet address go vnc to client behind pix. Use single source and destination ip incoming only.
This way no one else apart from you can vnc , thus no more password cracking by hacker as they can't even connect at all now

LeDaoukAuthor Commented:
Thanks cmorffew and ricks_v for your comments, so nice.
but I'm not intersted only for the remote connection my first target is how to protect more my lan from attackers, do I have to use something else the pix firewall or other monitoring tolls, or what I have to do more to protect it in the most secured and profesional way, is there a new technology of security etc ...
Thanks anyway
Turn Raw Data into a Real Career

There’s a growing demand for qualified analysts who can make sense of Big Data. With an MS in Data Analytics, you can become the data mining, management, mapping, and munging expert that today’s leading corporations desperately need.

You mentioned that the attackers are aiming at your VNC software only or is there more?
It sounds like your Firewall is doing its job if the only thing that is being targeted is VNC.

Your LAN sounds fine - you have basically opened the front door on port 5900(or whatever port you now have for VNC) so any one with VNC on the internet will sniff around to find a VNC port and then try and connect.

ricks_v is correct, the best option for you to secure the whole thing will be to only allow specific IP address's to connect to your VNC port on the PIX.  This way all those people trying to hack into your LAN via VNC will be denied because they are not on the approved IP list.

If you open a port on your firewall you have to expect someone to try and come in, its the same with email - port 25 and other ports, 443,80 etc are all open to the internet, but its the acl that specifies who can use them.  As long as the firewall is stopping them at the perimeter, then is it working and you are protected.

The weakest link on any LAN is the internet facing device, in your case the 5505 asa cisco pix firewall, which you have said is well configured.
LeDaoukAuthor Commented:
ok. then is there any tool to monitor trafic on fire wall in details?
You can monitor the router logs using sys logger(something like Kiwi syslogger).  OR configure something as your snmp server to receive the snmp alerts from your firewall , router,switches anything that can send snmp info.

This would give you plenty of information on your network.
agree, run a pc as syslog server, that way you can always come back and see what connections are being allowed and denied.

the pix itself has a limited memory to hold the logging, I assume 1 day logging max depending on how many in/outgoing connections.

here's some link on how to configure syslog server on PIX:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.