Network Core Infrastructure Best Practices Yusuf Bhaiji 1 ©2007 Cisco Systems, Inc. All rights reserved. Agenda (cid:131) Infrastructure Protection Overview (cid:131) Understanding Routers and Planes (cid:131) Infrastructure Protection from the Inside Out Router Hardening: Traditional Methods Router Hardening: Protecting the CPU Network Hardening 2 ©2007 Cisco Systems, Inc. All rights reserved. Router Hardening: Traditional Methods U t e l n e t , s n m p n P o C “untrusted” ti c r e e t t o u r P o R Attacks, junk (cid:131) We will look at best practices on securing the CPU 3 ©2007 Cisco Systems, Inc. All rights reserved. Router Hardening: Protecting the CPU U t e l n e t , s n m p n n P o o C “untrusted” ti ti c c r e e e t t t o o u r r P P o R Attacks, junk (cid:131) We will look at best practices on preventing unwanted traffic from reaching the CPU 4 ©2007 Cisco Systems, Inc. All rights reserved. The Old World: Network Edge t e l n e t sn mp “outside” “outside” Core (cid:131) Core routers individually secured (cid:131) Every router accessible from outside 5 ©2007 Cisco Systems, Inc. All rights reserved. Network Hardening t e l n e t snmp “outside” “outside” Core (cid:131) We will look at best practices on preventing unwanted traffic from reaching the core routers 6 ©2007 Cisco Systems, Inc. All rights reserved. Agenda (cid:131) Infrastructure Protection Overview (cid:131) Understanding Routers and Planes (cid:131) Infrastructure Protection from the Inside Out Router Hardening: Traditional Methods Router Hardening: Protecting the CPU Network Hardening 7 ©2007 Cisco Systems, Inc. All rights reserved. Infrastructure Protection Overview 8 ©2007 Cisco Systems, Inc. All rights reserved. Three Security Characteristics Availability Confidentiality Integrity (cid:131) The goal of security is to maintain these three characteristics 9 ©2007 Cisco Systems, Inc. All rights reserved. Three Security Characteristics Availability Confidentiality Integrity (cid:131) Primary goal of infrastructure security and this session is maintaining availability 10 ©2007 Cisco Systems, Inc. All rights reserved.
Description: