cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Internet access risks

SOLVED
Highlighted
Conversationalist

Internet access risks

Hello community,

 

A question that surrounds me and I wanted to comment with you:

 

If transport access (WAN) connected to my MX65 is a basic internet access (residential/non-business: xDSL, FTTH)

 

What are the real security risks?

 

For example: an hacker get remotely access local router (basic ftth) could I jump to MX:loca manage access, rest of end-points?

 

BR.-Fran

 

1 ACCEPTED SOLUTION

Accepted Solutions
Kind of a big deal ww
Kind of a big deal

Re: Internet access risks

https://documentation.meraki.com/MX-Z/Firewall_and_Traffic_Shaping/Firewall_Settings

 

Note: In NAT mode, all inbound connections are denied except for ICMP traffic to the appliance, by default. If you want to allow additional inbound traffic, you will need to create a new port forwarding rule or NAT policy and explicitly allow connections based on protocols, ports, or remote IP addresses (see below).

Outbound connections are allowed by default. Customers may need to add a default deny rule for compliance and increased security.

4 REPLIES 4
Kind of a big deal ww
Kind of a big deal

Re: Internet access risks

https://documentation.meraki.com/MX-Z/Firewall_and_Traffic_Shaping/Firewall_Settings

 

Note: In NAT mode, all inbound connections are denied except for ICMP traffic to the appliance, by default. If you want to allow additional inbound traffic, you will need to create a new port forwarding rule or NAT policy and explicitly allow connections based on protocols, ports, or remote IP addresses (see below).

Outbound connections are allowed by default. Customers may need to add a default deny rule for compliance and increased security.

Meraki Employee

Re: Internet access risks

Hey @franfm,

 

In addition to @ww link, you can also disable the local status page from the Dashboard by going into Network-Wide > General > Device Configuration. 

 

This helps prevent users accidentally (or intentionally!) trying to access the local status page.

 

Giacomo

Please keep in mind that what I post here is my personal knowledge and opinion. Don't take anything I say for the Holy Grail, but try and see!
Appreciate who helps and be respectful of every opinion and every solution offered.
Share the love, especially the Meraki one!
Conversationalist

Re: Internet access risks

Thanks guys.

 

OK, with which the only real risk to our endpoint/LAN in case of compromised the access router (ISP) would be a DoS attack on our MX?

 

Are you agree?

 

BR.Fran

Kind of a big deal ww
Kind of a big deal

Re: Internet access risks


@franfm wrote:

Thanks guys.

 

OK, with which the only real risk to our endpoint/LAN in case of compromised the access router (ISP) would be a DoS attack on our MX?

 

Are you agree?

 

BR.Fran



i would rather care to educate users and secure and patch your endpoints as they are opening the connections to the public network and getting data into your lan.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.