Raftul cu initiativa Book Archive

Comptia

Router security strategies : securing IP network traffic by Gregg Schudel

By Gregg Schudel

Router safety options: Securing IP community site visitors Planes presents a compre-hensive method of comprehend and enforce IP site visitors aircraft separation and security on IP routers. This publication info the exact site visitors planes of IP networks and the complicated concepts essential to operationally safe them. This comprises the information, keep an eye on, administration, and companies planes that offer the infrastructure for IP networking. 

 

The first part offers a quick review of the basic elements of the web Protocol and IP networking. on the finish of this part, you'll comprehend the basic rules of safeguard extensive and breadth defense as utilized to IP site visitors planes. ideas to safe the IP info airplane, IP keep an eye on airplane, IP administration airplane, and IP prone airplane are coated intimately within the moment section.

 

The ultimate part offers case reviews from either the company community and the merchant community views. during this approach, the person IP site visitors airplane safeguard thoughts reviewed within the moment element of the publication are introduced jointly that can assist you create an built-in, complete safeguard intensive and breadth safety architecture.

 

“Understanding and securing IP site visitors planes are serious to the general protection posture of the IP infrastructure.  The ideas distinct during this publication offer defense and instrumentation allowing operators to appreciate and protect opposed to assaults. because the vulnerability economic climate keeps to mature, it's severe for either proprietors and community prone to collaboratively carry those protections to the IP infrastructure.”

–Russell Smoak, Director, Technical prone, protection Intelligence Engineering, Cisco

 

Gregg Schudel, CCIE® No. 9591, joined Cisco in 2000 as a consulting process engineer aiding the U.S. merchant association. Gregg specializes in IP center community safeguard architectures and expertise for interexchange companies and net providers providers.

 

David J. Smith, CCIE No. 1986, joined Cisco in 1995 and is a consulting process engineer helping the merchant association. David specializes in IP center and facet architectures together with IP routing, MPLS applied sciences, QoS, infrastructure safeguard, and community telemetry.

 

  • Understand the operation of IP networks and routers
  • Learn in regards to the many chance versions dealing with IP networks, Layer 2 Ethernet switching environments, and IPsec and MPLS VPN services
  • Learn tips on how to phase and guard each one IP site visitors airplane through utilizing safeguard extensive and breadth principles
  • Use safety thoughts comparable to ACLs, price proscribing, IP suggestions filtering, uRPF, QoS, RTBH, QPPB, and so on to guard the knowledge aircraft of IP and switched Ethernet networks
  • Secure the IP keep watch over airplane with rACL, CoPP, GTSM, MD5, BGP and ICMP innovations and Layer 2 switched Ethernet-specific techniques
  • Protect the IP administration aircraft with password administration, SNMP, SSH, NTP, AAA, in addition to different VPN administration, out-of-band administration, and distant entry administration techniques
  • Secure the IP companies aircraft utilizing recoloring, IP fragmentation keep watch over, MPLS label keep an eye on, and different site visitors category and method regulate techniques

 This protection booklet is a part of the Cisco Press® Networking know-how sequence. protection titles from Cisco Press support networking execs safe severe info and assets, hinder and mitigate community assaults, and construct end-to-end self-defending networks.

 

 

Show description

Read Online or Download Router security strategies : securing IP network traffic planes PDF

Best comptia books

Internet Security Cryptographic Principles Algorithms and Protocols

Wisdom of quantity conception and summary algebra are pre-requisites for any engineer designing a safe internet-based method. even though, many of the books at present on hand at the topic are aimed toward practitioners who simply need to know how a number of the instruments in the marketplace paintings and what point of protection they communicate.

CompTIA A+ 220-701 and 220-702 Cert Guide

Enable me commence through announcing that at the present time I took the 220-701, the 1st of the necessary exams. I handed with a rating of 775, which as most sensible i will determine correlates to among eighty five and ninety on a a hundred element scale. My learn used to be solely self-directed and consisted of utilizing 4 assorted books, the A+ video sequence from ok Alliance and examination prep software program from [.

Pro PHP Security (Pro)

Hypertext Preprocessor is the world’s hottest open resource net scripting language, put in on nearly 17 million domain names around the world (www. Hypertext Preprocessor. net/usage. php). it really is enjoyed by way of newbies and embraced via complex clients. This e-book deals builders an entire consultant to taking either protecting and proactive safety ways inside their personal home page purposes.

Secure Data Management in Decentralized Systems

The examine scope of database defense has extended drastically, end result of the fast improvement of the worldwide inter-networked infrastructure. Databases aren't any longer stand-alone platforms which are basically obtainable to inner clients of agencies. as a substitute, permitting selective entry from diversified safety domain names has develop into a needs to for lots of enterprise practices.

Additional info for Router security strategies : securing IP network traffic planes

Example text

No L2 Header Lookup and Rewrite Queue Packet to Egress Interface Yes Punt to CPU for Processing IP Router Packet Processing Concepts process switching Chapter 1: Internet Protocol Operations Fundamentals IP Router Packet Processing Concepts Illustration of Process Switching Route Processor Software Processing IP Routing Table Interrupt Processing Input Queue Interface Processor L3 Packet L2 Frame Interrupt Processing Process Switching Output Queue Interface Processor L3 Packet L2 Frame Chapter 1: Internet Protocol Operations Fundamentals acceptable use IP Router Packet Processing Concepts Chapter 1: Internet Protocol Operations Fundamentals Illustration of Fast Switching Route Processor IP Routing Table Software Processing Process Switching No Entry in route cache?

Drop Packet No Send ICMP Error Type 3 Code 0 to Source Yes “Receive” destination? No L2 Header Lookup and Rewrite Queue Packet to Egress Interface Yes Punt to CPU for Processing IP Router Packet Processing Concepts process switching Chapter 1: Internet Protocol Operations Fundamentals IP Router Packet Processing Concepts Illustration of Process Switching Route Processor Software Processing IP Routing Table Interrupt Processing Input Queue Interface Processor L3 Packet L2 Frame Interrupt Processing Process Switching Output Queue Interface Processor L3 Packet L2 Frame Chapter 1: Internet Protocol Operations Fundamentals acceptable use IP Router Packet Processing Concepts Chapter 1: Internet Protocol Operations Fundamentals Illustration of Fast Switching Route Processor IP Routing Table Software Processing Process Switching No Entry in route cache?

Chapter 1: Internet Protocol Operations Fundamentals IP Protocol Operations Chapter 1: Internet Protocol Operations Fundamentals IP Packet Header Layer 3 0 4 IP Version 8 IP Hdr Len (IHL) 12 16 Type of Service (ToS) Identification Time to Live (TTL) 20 24 28 Total Length (TL) Flags Protocol Fragment Offset (FO) Header Checksum Source Address Destination Address IP Options (Up to 40 Bytes) Padding 31 IP Protocol Operations Chapter 1: Internet Protocol Operations Fundamentals TCP/IP Illustrated, Volume 1 pipe IP Traffic Concepts context traffic type traffic planes traffic type Chapter 1: Internet Protocol Operations Fundamentals IP Networking Perspective Router Perspective PoP PE P 12000 PE PoP Perspective 12000 P 12000 PE 12000 12000 AS PoP PoP AS Perspective AS AS Internet Perspective AS Internet off particular router IP Traffic Concepts to through IP traffic plane receive receive-adjacency management plane owned receive-adjacency receive packet receive-adjacency packet loopback tunnel Chapter 1: Internet Protocol Operations Fundamentals punt punted to the CPU for processing control management exception IP packets packets Exception IP Packets services planes non-IP IP Traffic Concepts Non-IP Packets Chapter 1: Internet Protocol Operations Fundamentals IP traffic planes planes logical IP Traffic Planes Data Plane Customer Multiservice Edge Router Core Router Customer Customer Customer Customer Customer Customer Customer Access Link IP/MPLS Network Peer #1 Network Internet Peer #2 Network Chapter 1: Internet Protocol Operations Fundamentals IP Traffic Planes how Control Plane Example Multiservice Edge Router Core Router Customer LDP LDP LDP ISIS ISIS ISIS LDP LD P ISI S iBGP LDP LDP LDP ISIS ISIS ISIS Access Link IP/MPLS Network GP eBG P eB Peer #1 Network Internet ISIS LDP ISIS P iBGP LDP iBGP iBGP Customer ISIS iBGP iBG P LD P ISI S ISI S LD P P LDP ISIS iBG Customer Customer P iBG P LD S ISI P iBG P LD S ISI P iBG P LD S ISI Customer eBGP iBGP iBGP iBGP iBG Customer Peer #2 Network Customer eBGP Customer Chapter 1: Internet Protocol Operations Fundamentals ICMP ping IP Traffic Planes Management Plane Example Network Operations Center (NOC) Customer slo g m p In-Band Management sy sn ss h Out-of-Band Management Multiservice Edge Router Core Router Customer Customer Customer Customer Customer Customer Customer Access Link IP/MPLS Network Peer #1 Network Internet Peer #2 Network Chapter 1: Internet Protocol Operations Fundamentals IP Traffic Planes Services Plane Example Customer Multiservice Edge Router Core Router Customer Customer Customer Customer Customer Customer Customer Access Link IP/MPLS Network Peer #1 Network Internet Peer #2 Network MPLS VPN Chapter 1: Internet Protocol Operations Fundamentals IP Router Packet Processing Concepts Chapter 1: Internet Protocol Operations Fundamentals Simple IP Forwarding Example IP Packet Received Header checksum valid?

Download PDF sample

Rated 4.53 of 5 – based on 7 votes