Scribd Logo
Upload

Welcome to Scribd!

  • SNRS30S02L01 - Examining Cisco Security Framework

    Uploaded by

    Péter Beleznay
    5 views9 pages

    Original Title

    SNRS30S02L01 - Examining Cisco security framework

    Copyright

    © © All Rights Reserved

    Available Formats

    PPS, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPS, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pps, pdf, or txt
    5 views9 pages

    SNRS30S02L01 - Examining Cisco Security Framework

    Uploaded by

    Péter Beleznay

    Copyright:

    © All Rights Reserved
    Download as PPS, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pps, pdf, or txt
    of 9

    Examining the

    Cisco Network
    Foundation
    Protection Strategy

    Network Platform Security with Routers

    © 2008 Cisco Systems, Inc. All rights reserved. SNRS v3.0—2-1


    What Has Changed in the World of
    Security?
     A secure infrastructure is now
    assumed.
     The Internet has changed from
    an environment of trust to one of
    distrust.
    – No packet can be trusted.
    – All packets earn trust through
    network device inspection.
    – It is no longer enough to
    forward traffic. Packets often
    need to be marked and
    classified.
     Availability requirements have
    increased.

    © 2008 Cisco Systems, Inc. All rights reserved. SNRS v3.0—2-2


    Securing the Router Plane-by-Plane
    Continuous service delivery requires a methodical
    approach to protecting router planes.

    Data Plane
    Ability to forward data

    Control Plane Service Delivery


    Ability to route Network availability
    and performance

    Cisco Network Management Plane


    Foundation Ability to manage
    Protection

    © 2008 Cisco Systems, Inc. All rights reserved. SNRS v3.0—2-3


    Cisco Network Foundation Protection
    Protects infrastructure and enables continuous service delivery
     Detects traffic anomalies and responds to attacks in real time
    Data Plane
     Technologies: NetFlow, IP source tracker, ACLs, uRPF, RTBH, FPM, QoS

     Defense-in-depth protection for routing control plane


    Control Plane
     Technologies: Receive ACLs, control plane policing, routing protection

    Management  Secure and continuous management of Cisco IOS network infrastructure


    Plane  Technologies: CPU and memory thresholding, dual export syslog

    NetFlow, IP source Internet


    tracker, ACLs, uRPF, NetFlow, IP source
    RTBH, QoS tools, tracker, ACLs, uRPF,
    encryption RTBH, QoS tools
    NetFlow,
    ACLs, uRPF
    Customer Service
    Provider
    Core
    Control Plane and Management Plane Protection

    © 2008 Cisco Systems, Inc. All rights reserved. SNRS v3.0—2-4


    Cisco Network Foundation Protection
    Services and Benefits
    Cisco IOS Services Benefits

    NetFlow Provides macro-level, anomaly-based DDoS detection


    Identifies the source interface from which an attack is
    IP source tracker
    coming
    ACL Protects edge routers from malicious traffic
    Data Plane Mitigates problems from malformed or spoofed IP source
    uRPF
    addresses
    RTBH Drops packets based on source IP address
    QoS tools Protects against flooding attacks
    Controls the type of traffic that can be forwarded to the
    Receive ACLs
    processor
    Control plane Provides QoS control for packets destined to the control
    Control policing plane of the routers
    Plane
     MD5 neighbor authentication protection
    Routing protection  Redistribution protection
     Overload protection
    CPU and memory
    Management thresholding Protects CPU and memory resources against DoS attacks
    Plane
    Dual export syslog Exports syslog to dual collectors

    © 2008 Cisco Systems, Inc. All rights reserved. SNRS v3.0—2-5


    Cisco AutoSecure
    router#
    auto secure [management | forwarding] [no-interact |
    full] [ntp | login | ssh | firewall | tcp-intercept]

     Launches Cisco AutoSecure


     If you enter the full parameter, you are presented with the
    following main steps:
    – Identify outside interfaces
    – Secure the management plane
    – Create a security banner
    – Configure passwords, AAA, and SSH
    – Secure the interface settings
    – Secure the forwarding plane

    © 2008 Cisco Systems, Inc. All rights reserved. SNRS v3.0—2-6


    Supported Platforms
     Cisco 800 Series Routers
     Cisco 1800 Series Integrated
    Services Routers
     Cisco 2800 Series Integrated
    Services Routers
     Cisco 3800 Series Integrated
    Services Routers
     Cisco Catalyst 6500 Series
    Switches
     Cisco 7200 Series Routers
     Cisco 7600 Series Routers

    © 2008 Cisco Systems, Inc. All rights reserved. SNRS v3.0—2-7


    Summary
     The features of Cisco Network Foundation Protection provide a
    strategy for infrastructure protection.
     Cisco Network Foundation Protection controls the risk incurred
    from interconnected global networks.
     Cisco AutoSecure allows you to choose which router components
    to secure.
     Cisco integrated services routers support the Cisco Network
    Foundation Protection feature set for device-level protection.

    © 2008 Cisco Systems, Inc. All rights reserved. SNRS v3.0—2-8


    © 2008 Cisco Systems, Inc. All rights reserved. SNRS v3.0—2-9

    You might also like