Router Security Strategies: Securing IP Network Traffic Planes (häftad)
Fler böcker inom
Format
Häftad (Paperback)
Språk
Engelska
Antal sidor
650
Utgivningsdatum
2008-01-01
Upplaga
illustrated ed
Förlag
CISCO PRESS
Medarbetare
Smith, David J.
Illustratör/Fotograf
Illustrations
Illustrationer
illustrations
Dimensioner
230 x 186 x 37 mm
Vikt
1100 g
Antal komponenter
1
ISBN
9781587053368

Router Security Strategies: Securing IP Network Traffic Planes

Häftad,  Engelska, 2008-01-01
640
  • Skickas från oss inom 7-10 vardagar.
  • Fri frakt över 249 kr för privatkunder i Sverige.
Router Security Strategies: Securing IP Network Traffic Planes provides a compre-hensive approach to understand and implement IP traffic plane separation and protection on IP routers. This book details the distinct traffic planes of IP networks and the advanced techniques necessary to operationally secure them. This includes the data, control, management, and services planes that provide the infrastructure for IP networking.

The first section provides a brief overview of the essential components of the Internet Protocol and IP networking. At the end of this section, you will understand the fundamental principles of defense in depth and breadth security as applied to IP traffic planes. Techniques to secure the IP data plane, IP control plane, IP management plane, and IP services plane are covered in detail in the second section.

The final section provides case studies from both the enterprise network and the service provider network perspectives. In this way, the individual IP traffic plane security techniques reviewed in the second section of the book are brought together to help you create an integrated, comprehensive defense in depth and breadth security architecture.

Understanding and securing IP traffic planes are critical to the overall security posture of the IP infrastructure. The techniques detailed in this book provide protection and instrumentation enabling operators to understand and defend against attacks. As the vulnerability economy continues to mature, it is critical for both vendors and network providers to collaboratively deliver these protections to the IP infrastructure.

Russell Smoak, Director, Technical Services, Security Intelligence Engineering, Cisco

Gregg Schudel, CCIE No. 9591, joined Cisco in 2000 as a consulting system engineer supporting the U.S. service provider organization. Gregg focuses on IP core network security architectures and technology for interexchange carriers and web services providers.

David J. Smith, CCIE No. 1986, joined Cisco in 1995 and is a consulting system engineer supporting the service provider organization. David focuses on IP core and edge architectures including IP routing, MPLS technologies, QoS, infrastructure security, and network telemetry.
  • Understand the operation of IP networks and routers
  • Learn about the many threat models facing IP networks, Layer 2 Ethernet switching environments, and IPsec and MPLS VPN services
  • Learn how to segment and protect each IP traffic plane by applying defense in depth and breadth principles
  • Use security techniques such as ACLs, rate limiting, IP Options filtering, uRPF, QoS, RTBH, QPPB, and many others to protect the data plane of IP and switched Ethernet networks
  • Secure the IP control plane with rACL, CoPP, GTSM, MD5, BGP and ICMP techniques and L...
Visa hela texten

Passar bra ihop

  1. Router Security Strategies: Securing IP Network Traffic Planes
  2. +
  3. Digital Minimalism

De som köpt den här boken har ofta också köpt Digital Minimalism av Cal Newport (häftad).

Köp båda 2 för 774 kr

Kundrecensioner

Har du läst boken? Sätt ditt betyg »

Fler böcker av författarna

Övrig information

Gregg Schudel, CCIE No. 9591 is a Consulting System Engineer (CSE) supporting the Service Provider organization at Cisco. Gregg is a Cisco Certified Internet Expert (CCIE) in security, and holds an MS degree in engineering from George Washington University (1982), and a BS in engineering from Florida Institute of Technology (1980). David J. Smith, CCIE No. 1986, is a Consulting System Engineer (CSE) within the Service Provider organization at Cisco. David holds a B.S. in Computer Engineering from Lehigh University (1989) as well as a M.S. in Information Networking from Carnegie Mellon University (1991). He is also CCIE No. 1986 for Routing/Switching.

Innehållsförteckning

Foreword xix

Introduction xx

Part I

IP Network and Traffic Plane Security Fundamentals 3

Chapter 1

Internet Protocol Operations Fundamentals 5

IP Network Concepts 5

Enterprise Networks 7

Service Provider Networks 9

IP Protocol Operations 11

IP Traffic Concepts 19

Transit IP Packets 20

Receive-Adjacency IP Packets 21

Exception IP and Non-IP Packets 22

Exception IP Packets 22

Non-IP Packets 23

IP Traffic Planes 24

Data Plane 25

Control Plane 27

Management Plane 29

Services Plane 30

IP Router Packet Processing Concepts 32

Process Switching 36

Fast Switching 39

Cisco Express Forwarding 44

Forwarding Information Base 44

Adjacency Table 45

CEF Operation 46

General IP Router Architecture Types 50

Centralized CPU-Based Architectures 50

Centralized ASIC-Based Architectures 52

Distributed CPU-Based Architectures 54

Distributed ASIC-Based Architectures 56

Summary 62

Review Questions 62

Further Reading 63

Chapter 2

Threat Models for IP Networks 65

Threats Against IP Network Infrastructures 65

Resource Exhaustion Attacks 66

Direct Attacks 67

Transit Attacks 70

Reflection Attacks 74

Spoofing Attacks 75

Transport Protocol Attacks 76

UDP Protocol Attacks 78

TCP Protocol Attacks 78

Routing Protocol Threats 81

Other IP Control Plane Threats 83

Unauthorized Access Attacks 85

Software Vulnerabilities 87

Malicious Network Reconnaissance 88

Threats Against Layer 2 Network Infrastructures 89

CAM Table Overflow Attacks 89

MAC Spoofing Attacks 90

VLAN Hopping Attacks 92

Private VLAN Attacks 93

STP Attacks 94

VTP Attacks 95

Threats Against IP VPN Network Infrastructures 96

MPLS VPN Threat Models 96

Threats Against the Customer Edge 98

Threats Against the Provider Edge 99

Threats Against the Provider Core 101

Threats Against the Inter-Provider Edge 103

Carrier Supporting Carrier Threats 103

Inter-AS VPN Threats 105

IPsec VPN Threat Models 108

Summary 111

Review Questions 112

Further Reading 113

Chapter 3

IP Network Traffic Plane Security Concepts 117

Principles of Defense in Depth and Breadth 117

Understanding Defense in Depth and Breadth Concepts 118

What Needs to Be Protected? 119

What Are Defensive Layers? 119

What Is the Operational Envelope of the Network? 122

What Is Your Organizations Operational Model? 123

IP Network Traffic Planes: Defense in Depth and Breadth 123

Data Plane 124