Scribd
Upload
34 views9 pages

SNRS30S02L01 - Examining Cisco Security Framework

The document discusses Cisco's Network Foundation Protection strategy which uses various technologies and features to secure the data, control, and management planes of routers. It protects infrastructure, enables continuous service delivery, and controls risks from interconnected networks.

Uploaded by

Péter Beleznay
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPS, PDF, TXT or read online on Scribd
34 views9 pages

SNRS30S02L01 - Examining Cisco Security Framework

The document discusses Cisco's Network Foundation Protection strategy which uses various technologies and features to secure the data, control, and management planes of routers. It protects infrastructure, enables continuous service delivery, and controls risks from interconnected networks.

Uploaded by

Péter Beleznay
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPS, PDF, TXT or read online on Scribd
You are on page 1/ 9

Examining the

Cisco Network
Foundation
Protection Strategy

Network Platform Security with Routers

© 2008 Cisco Systems, Inc. All rights reserved. SNRS v3.0—2-1


What Has Changed in the World of
Security?
 A secure infrastructure is now
assumed.
 The Internet has changed from
an environment of trust to one of
distrust.
– No packet can be trusted.
– All packets earn trust through
network device inspection.
– It is no longer enough to
forward traffic. Packets often
need to be marked and
classified.
 Availability requirements have
increased.

© 2008 Cisco Systems, Inc. All rights reserved. SNRS v3.0—2-2


Securing the Router Plane-by-Plane
Continuous service delivery requires a methodical
approach to protecting router planes.

Data Plane
Ability to forward data

Control Plane Service Delivery


Ability to route Network availability
and performance

Cisco Network Management Plane


Foundation Ability to manage
Protection

© 2008 Cisco Systems, Inc. All rights reserved. SNRS v3.0—2-3


Cisco Network Foundation Protection
Protects infrastructure and enables continuous service delivery
 Detects traffic anomalies and responds to attacks in real time
Data Plane
 Technologies: NetFlow, IP source tracker, ACLs, uRPF, RTBH, FPM, QoS

 Defense-in-depth protection for routing control plane


Control Plane
 Technologies: Receive ACLs, control plane policing, routing protection

Management  Secure and continuous management of Cisco IOS network infrastructure


Plane  Technologies: CPU and memory thresholding, dual export syslog

NetFlow, IP source Internet


tracker, ACLs, uRPF, NetFlow, IP source
RTBH, QoS tools, tracker, ACLs, uRPF,
encryption RTBH, QoS tools
NetFlow,
ACLs, uRPF
Customer Service
Provider
Core
Control Plane and Management Plane Protection

© 2008 Cisco Systems, Inc. All rights reserved. SNRS v3.0—2-4


Cisco Network Foundation Protection
Services and Benefits
Cisco IOS Services Benefits

NetFlow Provides macro-level, anomaly-based DDoS detection


Identifies the source interface from which an attack is
IP source tracker
coming
ACL Protects edge routers from malicious traffic
Data Plane Mitigates problems from malformed or spoofed IP source
uRPF
addresses
RTBH Drops packets based on source IP address
QoS tools Protects against flooding attacks
Controls the type of traffic that can be forwarded to the
Receive ACLs
processor
Control plane Provides QoS control for packets destined to the control
Control policing plane of the routers
Plane
 MD5 neighbor authentication protection
Routing protection  Redistribution protection
 Overload protection
CPU and memory
Management thresholding Protects CPU and memory resources against DoS attacks
Plane
Dual export syslog Exports syslog to dual collectors

© 2008 Cisco Systems, Inc. All rights reserved. SNRS v3.0—2-5


Cisco AutoSecure
router#
auto secure [management | forwarding] [no-interact |
full] [ntp | login | ssh | firewall | tcp-intercept]

 Launches Cisco AutoSecure


 If you enter the full parameter, you are presented with the
following main steps:
– Identify outside interfaces
– Secure the management plane
– Create a security banner
– Configure passwords, AAA, and SSH
– Secure the interface settings
– Secure the forwarding plane

© 2008 Cisco Systems, Inc. All rights reserved. SNRS v3.0—2-6


Supported Platforms
 Cisco 800 Series Routers
 Cisco 1800 Series Integrated
Services Routers
 Cisco 2800 Series Integrated
Services Routers
 Cisco 3800 Series Integrated
Services Routers
 Cisco Catalyst 6500 Series
Switches
 Cisco 7200 Series Routers
 Cisco 7600 Series Routers

© 2008 Cisco Systems, Inc. All rights reserved. SNRS v3.0—2-7


Summary
 The features of Cisco Network Foundation Protection provide a
strategy for infrastructure protection.
 Cisco Network Foundation Protection controls the risk incurred
from interconnected global networks.
 Cisco AutoSecure allows you to choose which router components
to secure.
 Cisco integrated services routers support the Cisco Network
Foundation Protection feature set for device-level protection.

© 2008 Cisco Systems, Inc. All rights reserved. SNRS v3.0—2-8


© 2008 Cisco Systems, Inc. All rights reserved. SNRS v3.0—2-9

You might also like