Configuration and recommended settings of border router in relation to network security

1. Configuration and recommended settings of border router in relation to network security Bc. nprap. Petr Gryc University of Defence Brno, Czech republic

2. Content • Motivation • Subjectof my student’s project • Current state • Quick review of main applied principles • Complications and future plans

3. Motivation • Creation of new formation and independent units in Czech Army • Implementing VoIP in some dislocations • An Example of current real topology settings

4. Subjectof my student’s work • Border routers, as a interface between trusted and untrusted networks • Concept of DMZ, servers with internal and external access

5. Current state • Working router settings containing • Packet filtering • Router and router services settings • NAT-T • QoS • List of rules and recommended settings according to nsa.gov and cisco.com • School laboratory operating

6. Main applied principles • Restriction of unneeded router services and blocking unnecessary functions • Basic static routing with „rough“ security implementation used together with exact access rules to servers for convenience of firewall settings • Secured remote access and QoS

7. Expected complications • Cisco and Alcatel network technology, both of them with proprietary VoIP technology and end use devices • Continuous changing and development of Czech Army IS • various types and length of messages • some of them are certified as Secret

8. Future goals • Implementation VoIP security and interconnection to existing VoIP network through real Army servers • Compare settings with real border router of detached military unit • Applied better rules based on packet load of Czech Army IS

9. Conclusion • Summary: • Subject of my student’s project, motivation • Current state and main principles • Future plans and complications • Contact: pgryc@seznam.cz • Thanks for your attention