Eritrea Finance

Nov 30 2017

Router Security Strategies: Securing IP Network Traffic Planes #ip #traffic #monitoring


#

Router Security Strategies: Securing IP Network Traffic Planes

eBook (Watermarked)

This eBook includes the following formats, accessible from your Account page after purchase:

EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

MOBI The eBook format compatible with the Amazon Kindle and Amazon Kindle applications.

This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

Router Security Strategies: Securing IP Network Traffic Planes provides a compre-hensive approach to understand and implement IP traffic plane separation and protection on IP routers. This book details the distinct traffic planes of IP networks and the advanced techniques necessary to operationally secure them. This includes the data, control, management, and services planes that provide the infrastructure for IP networking.

The first section provides a brief overview of the essential components of the Internet Protocol and IP networking. At the end of this section, you will understand the fundamental principles of defense in depth and breadth security as applied to IP traffic planes. Techniques to secure the IP data plane, IP control plane, IP management plane, and IP services plane are covered in detail in the second section.

The final section provides case studies from both the enterprise network and the service provider network perspectives. In this way, the individual IP traffic plane security techniques reviewed in the second section of the book are brought together to help you create an integrated, comprehensive defense in depth and breadth security architecture.

Understanding and securing IP traffic planes are critical to the overall security posture of the IP infrastructure. The techniques detailed in this book provide protection and instrumentation enabling operators to understand and defend against attacks. As the vulnerability economy continues to mature, it is critical for both vendors and network providers to collaboratively deliver these protections to the IP infrastructure.

Russell Smoak, Director, Technical Services, Security Intelligence Engineering, Cisco

Gregg Schudel, CCIE No. 9591, joined Cisco in 2000 as a consulting system engineer supporting the U.S. service provider organization. Gregg focuses on IP core network security architectures and technology for interexchange carriers and web services providers.

David J. Smith, CCIE No. 1986, joined Cisco in 1995 and is a consulting system engineer supporting the service provider organization. David focuses on IP core and edge architectures including IP routing, MPLS technologies, QoS, infrastructure security, and network telemetry.

  • Understand the operation of IP networks and routers
  • Learn about the many threat models facing IP networks, Layer 2 Ethernet switching environments, and IPsec and MPLS VPN services

  • Learn how to segment and protect each IP traffic plane by applying defense in depth and breadth principles

  • Use security techniques such as ACLs, rate limiting, IP Options filtering, uRPF, QoS, RTBH, QPPB, and many others to protect the data plane of IP and switched Ethernet networks

  • Secure the IP control plane with rACL, CoPP, GTSM, MD5, BGP and ICMP techniques and Layer 2 switched Ethernet-specific techniques
  • Protect the IP management plane with password management, SNMP, SSH, NTP, AAA, as well as other VPN management, out-of-band management, and remote access management techniques

  • Secure the IP services plane using recoloring, IP fragmentation control, MPLS label control, and other traffic classification and process control techniques

This security book is part of the Cisco Press Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

Related Article

ICMP Header 521

ICMP Echo Request/Echo Reply Query Message Headers 525

ICMP Time to Live Exceeded in Transit Error Message Header 529

ICMP Destination Unreachable, Fragmentation Needed and Don t Fragment was

Set Error Message Header 533

Other ICMP Destination Unreachable Error Message Headers 539

Ethernet/802.1Q Header 543

IEEE 802.3 Ethernet Frame Header Format 543

IEEE 802.1Q VLAN Header Format 547

MPLS Protocol Header 551

Further Reading 554

Cisco IOS to IOS XR Security Transition 557

Data Plane Security Commands 558

Control Plane Security Commands 562

Management Plane Security Commands 578

Services Plane Security Commands 592

Further Reading 595

Security Incident Handling 597

Six Phases of Incident Response 597

Understand the Threats 598

Deploy Defense in Depth and Breadth Security Strategies 598

Establish Well-Defined Incident Response Procedures 599

Establish an Incident Response Team 600

Post-Mortem Analysis 602

Cisco Product Security 602

Cisco Security Vulnerability Policy 603

Cisco Computer and Network Security 603

Cisco Safety and Security 603

Cisco IPS Signature Pack Updates and Archives 603

Cisco Security Center 603

Cisco IntelliShield Alert Manager Service 603

Cisco Software Center 604

Industry Security Organizations 604

Regional Network Operators Groups 605

Further Reading 606


Written by admin


Leave a Reply

Your email address will not be published. Required fields are marked *