Lecture CCNA security partner - Chapter 3: Network Foundation Protection and Cisco Configuration Professional

This chapter deals with Cisco IOS Network Foundation Protection (NFP) as a framework for infrastructure protection, all its components, and commonly used countermeasures asfound in Cisco IOS devices. More precisely, this chapter differentiates the security measures to be implemented on the three conceptual planes of Cisco IOS devices: the control plane, the data plane, and the management plane. This chapter also discusses using Cisco Configuration Professional (CCP) to implement security controls on Cisco IOS routers. | Network Foundation Protection and Cisco Configuration Professional 1 Cisco Network Foundation Protection (NFP) provides an umbrella strategy for infrastructure protection by encompassing Cisco IOS security features Threats Against the Network Infrastructure The following are some of the symptoms and impact of network infrastructure security incidents: • High route processor CPU utilization (near 100 percent) • Loss of line protocol keepalives and routing protocol updates, leading to route flaps and major network transitions • Slow or completely unresponsive interactive sessions via the CLI, due to high CPU utilization • Route processor resource exhaustion, making resources such as memory and buffers unavailable for legitimate IP data packets • Packet queue backup, leading to indiscriminate drops (or drops due to lack of buffer resources) of other incoming packets 2 Cisco NFP Framework From the perspective of network traffic, a similar classification applies: • Data plane packets: . | Network Foundation Protection and Cisco Configuration Professional 1 Cisco Network Foundation Protection (NFP) provides an umbrella strategy for infrastructure protection by encompassing Cisco IOS security features Threats Against the Network Infrastructure The following are some of the symptoms and impact of network infrastructure security incidents: • High route processor CPU utilization (near 100 percent) • Loss of line protocol keepalives and routing protocol updates, leading to route flaps and major network transitions • Slow or completely unresponsive interactive sessions via the CLI, due to high CPU utilization • Route processor resource exhaustion, making resources such as memory and buffers unavailable for legitimate IP data packets • Packet queue backup, leading to indiscriminate drops (or drops due to lack of buffer resources) of other incoming packets 2 Cisco NFP Framework From the perspective of network traffic, a similar classification applies: • Data plane packets: End-station, user-generated packets that are always forwarded by network devices to other end-station devices. From the perspective of the network device, data plane packets always have a transit destination IP address and can be managed by normal, destination IP address–based forwarding processes. Data plane packets are typically processed in a fast-switching cache. • Control plane packets: Network device–generated/received packets that are used for the creation and operation of the network itself. From the perspective of the network device, control plane packets always have a receive destination IP address and are managed by the CPU in the network device route processor. Examples include protocols such as Address Resolution Protocol (ARP), Border Gateway Protocol (BGP), Open Shortest Path First (OSPF), and other protocols that hold the network together. • Management plane packets: Network device–generated/received packets, or management station–generated/received packets, that are used .

Không thể tạo bản xem trước, hãy bấm tải xuống
TÀI LIỆU MỚI ĐĂNG
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.