[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Best Way to protect our lan

Posted on 2009-04-07
Medium Priority
Last Modified: 2013-11-05
Hi experts,
Im using 5505 asa cisco pix firewall, and it is well configured, but also Im using VNC as remote desktop application and it is using by default the port 5900 to access my computers from external via internet over the real IPs.
So Ive been attacked till now 3 times on this port so I changed the port, and they attacked the VNC software even that it is protected by a password.

Is there any other way to protect my Lan from the external attack (software or hardware) and is there any software or hardware that monitor the traffic on the lan and the wan and between then (I know that we can monitor on cisco pix firewall but I need a more efficient monitoring tool)
P.S:  I dont want to use ISA server as back end protection

Thank you.
Question by:LeDaouk
  • 3
  • 2
  • 2

Accepted Solution

cmorffew earned 500 total points
ID: 24088909
I personally wouldnt use VNC for external-to-internal connections.

Why dont you configure for VPN on your PIX and VPN into the network and then run your VNC to connect  to the computers one you hav ethe VPN connection established?  This is what  i do and even use RDP once i have VPN'ed into the network to connect to my servers.

Assisted Solution

ricks_v earned 500 total points
ID: 24103028
since you are VNCing to internet address, I believe you only vnc to a single host in the LAN.

cmorffew idea is the safest option, this way you can also vnc to many hosts behind the LAN, once you are connected via remote access or lan 2 l an vpn.

another option would be using ultra vnc, but that involves DC server to configure as client do not keep password in this scenario.

the simplest option would be putting ACL on the pix, to allow only certain internet address go vnc to client behind pix. Use single source and destination ip incoming only.
This way no one else apart from you can vnc , thus no more password cracking by hacker as they can't even connect at all now


Author Comment

ID: 24105840
Thanks cmorffew and ricks_v for your comments, so nice.
but I'm not intersted only for the remote connection my first target is how to protect more my lan from attackers, do I have to use something else the pix firewall or other monitoring tolls, or what I have to do more to protect it in the most secured and profesional way, is there a new technology of security etc ...
Thanks anyway
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.


Expert Comment

ID: 24106371
You mentioned that the attackers are aiming at your VNC software only or is there more?
It sounds like your Firewall is doing its job if the only thing that is being targeted is VNC.

Your LAN sounds fine - you have basically opened the front door on port 5900(or whatever port you now have for VNC) so any one with VNC on the internet will sniff around to find a VNC port and then try and connect.

ricks_v is correct, the best option for you to secure the whole thing will be to only allow specific IP address's to connect to your VNC port on the PIX.  This way all those people trying to hack into your LAN via VNC will be denied because they are not on the approved IP list.

If you open a port on your firewall you have to expect someone to try and come in, its the same with email - port 25 and other ports, 443,80 etc are all open to the internet, but its the acl that specifies who can use them.  As long as the firewall is stopping them at the perimeter, then is it working and you are protected.

The weakest link on any LAN is the internet facing device, in your case the 5505 asa cisco pix firewall, which you have said is well configured.

Author Comment

ID: 24113918
ok. then is there any tool to monitor trafic on fire wall in details?

Expert Comment

ID: 24124426
You can monitor the router logs using sys logger(something like Kiwi syslogger).  OR configure something as your snmp server to receive the snmp alerts from your firewall , router,switches anything that can send snmp info.

This would give you plenty of information on your network.

Expert Comment

ID: 24134403
agree, run a pc as syslog server, that way you can always come back and see what connections are being allowed and denied.

the pix itself has a limited memory to hold the logging, I assume 1 day logging max depending on how many in/outgoing connections.

here's some link on how to configure syslog server on PIX:

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses
Course of the Month19 days, 18 hours left to enroll

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question