Mailing List Archive

Dear Mike,

> Does anyone have any updated router hardening guidelines, some of the sites
> I reference have not been updated for some time. e.g. www.team-cymru.org

Funny you should mention that. :) I’m in the midst of updating all of our Juniper templates, though I don’t expect to be done until circa mid January. 2020, to be clear. I will keep you posted!

Be well,
Rob.
--
Rabbi Rob Thomas Team Cymru
"It is easy to believe in freedom of speech for those with whom we
agree." - Leo McKern

Thanks for the follow up Rob, I have really loved your site over the years,
first started using the site while at Digex in late 90s early 2000s.

Mike

On Mon, Dec 30, 2019 at 2:08 PM Rabbi Rob Thomas <robt@cymru.com> wrote:

> Dear Mike,
>
> > Does anyone have any updated router hardening guidelines, some of the
> sites
> > I reference have not been updated for some time. e.g. www.team-cymru.org
>
> Funny you should mention that. :) I’m in the midst of updating all of
> our Juniper templates, though I don’t expect to be done until circa mid
> January. 2020, to be clear. I will keep you posted!
>
> Be well,
> Rob.
> --
> Rabbi Rob Thomas Team Cymru
> "It is easy to believe in freedom of speech for those with whom we
> agree." - Leo McKern
>
>
>
>
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

On Mon, 30 Dec 2019 14:19:51 +0000
harbor235 <harbor235@gmail.com> wrote:

> Does anyone have any updated router hardening guidelines, some of the sites
> I reference have not been updated for some time. e.g. www.team-cymru.org

There are a small handful of things I've done, or considered doing,
here:

<https://github.com/jtkristoff/junos>

It doesn't include some things like rpki-rtr that I've added in a
firewall filter config or tweaks I may have made in production, but
there may be some ideas in these templates for you.

John
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

On 12/30/19 06:19, harbor235 wrote:
> Does anyone have any updated router hardening guidelines, some of the sites
> I reference have not been updated for some time. e.g. www.team-cymru.org

Every time I build a new control-plane protection ACL at new company I
pretty much riff off what we did back in:

https://tools.ietf.org/html/rfc6192

some of the limits have changed and you need to salt to taste, but the
principles are largely still the same, and we have equivant
control-plane protection rulesets running on junipers / ciscos / aristas
and so on.

>
> thanks in advance,
>
>
> Mike
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp