Given a frame relay link (or any other kind) to an outside company,
you should first have a firewall between you and them.
For simplicity (You can always get more elaborate) this can be a packet
filtering router. In this case, you set filters that allow the precise
type of traffic (Telnet, FTP, SMTP, whatever) that they are allowed to
do, and the hosts that they are allowed to contact in whatever manner.
On top of that, I'm going to assume that you use propagation of the default
route (0.0.0.0) to lead all packets to your ISP.
There are two steps that should be in place which will both protect you,
but you should have them anyway.
1) The only IP addresses that are advertised out to the Internet should
be yours, and not this other outfit. This is controlled either by BGP4,
or static routing between you and your ISP.
2) You should have on the firewall (router, or router in front of another
firewall) route advertising policies which limit what route advertising
the other outfit is allowed to see. The default route should NOT be on
this list.
Without more specific information, I can't guess at your config. If the
other outfit is using a peice of your class C or class B (or whatever),
then you will need to add filters to make sure that they can only get
to whatever they are supposed to and nothing else.
BobK
|
|
