Doc Hardening
Páginas: 104 (25925 palabras)
Publicado: 22 de noviembre de 2012
Cisco - Cisco Guide to Harden Cisco IOS Devices
Page 1 of 55
Document ID: 13608 Contents Introduction Prerequisites Requirements Components Used Conventions Secure Operations Monitor Cisco Security Advisories and Responses Leverage Authentication, Authorization, and Accounting Centralize Log Collection and Monitoring Use Secure Protocols When Possible Gain Traffic Visibility with NetFlowConfiguration Management Management Plane General Management Plane Hardening Limiting Access to the Network with Infrastructure ACLs Securing Interactive Management Sessions Using Authentication, Authorization, and Accounting Fortifying the Simple Network Management Protocol Logging Best Practices Cisco IOS Software Configuration Management Control Plane General Control Plane Hardening Limiting CPUImpact of Control Plane Traffic Securing BGP Securing Interior Gateway Protocols Securing First Hop Redundancy Protocols Data Plane General Data Plane Hardening Filtering Transit Traffic with Transit ACLs Anti-Spoofing Protections Limiting CPU Impact of Data Plane Traffic Traffic Identification and Traceback Access Control with VLAN Maps and Port Access Control Lists Using Private VLANs ConclusionAcknowledgments Appendix: Cisco IOS Device Hardening Checklist Management Plane Control Plane Data Plane Cisco Support Community - Featured Conversations Related Information Introduction
This document contains information to help you secure your Cisco IOS® system devices, which increases the overall security of your network. Structured around the three planes into which functions of a networkdevice can be categorized, this document provides an overview of each included feature and references to related documentation. The three functional planes of a network, the management plane, control plane, and data plane, each provide different functionality that needs to be protected.
Management Plane—The management plane manages traffic that is sent to the Cisco IOS device and is made upof applications and protocols such as SSH and SNMP. Control Plane—The control plane of a network device processes the traffic that is paramount to maintaining the functionality of the network infrastructure. The control plane consists of applications and protocols between network devices, which includes the Border Gateway Protocol (BGP), as well as the Interior Gateway Protocols (IGPs) such as theEnhanced Interior Gateway Routing Protocol (EIGRP) and Open Shortest Path First (OSPF). Data Plane—The data plane forwards data through a network device. The data plane does not include traffic that is sent to the local Cisco IOS device.
The coverage of security features in this document often provides enough detail for you to configure the feature. However, in cases where it doesnot, the feature is explained in such a way that you can evaluate whether additional attention to the feature is required. Where possible and appropriate, this document contains recommendations that, if implemented, help secure a network.
Prerequisites Requirements
There are no specific requirements for this document.
http://kbase/paws/servlet/ViewFile/13608/21.xml?convertPaths=1
2/23/2012 Cisco - Cisco Guide to Harden Cisco IOS Devices
Page 2 of 55
Components Used
This document is not restricted to specific software and hardware versions.
Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions. Some command line examples in this document are wrapped to enhance readability.
Secure Operations
Secure network operations is asubstantial topic. Although most of this document is devoted to the secure configuration of a Cisco IOS device, configurations alone do not completely secure a network. The operational procedures in use on the network contribute as much to security as the configuration of the underlying devices. These topics contain operational recommendations that you are advised to implement. These topics...
Page 1 of 55
Document ID: 13608 Contents Introduction Prerequisites Requirements Components Used Conventions Secure Operations Monitor Cisco Security Advisories and Responses Leverage Authentication, Authorization, and Accounting Centralize Log Collection and Monitoring Use Secure Protocols When Possible Gain Traffic Visibility with NetFlowConfiguration Management Management Plane General Management Plane Hardening Limiting Access to the Network with Infrastructure ACLs Securing Interactive Management Sessions Using Authentication, Authorization, and Accounting Fortifying the Simple Network Management Protocol Logging Best Practices Cisco IOS Software Configuration Management Control Plane General Control Plane Hardening Limiting CPUImpact of Control Plane Traffic Securing BGP Securing Interior Gateway Protocols Securing First Hop Redundancy Protocols Data Plane General Data Plane Hardening Filtering Transit Traffic with Transit ACLs Anti-Spoofing Protections Limiting CPU Impact of Data Plane Traffic Traffic Identification and Traceback Access Control with VLAN Maps and Port Access Control Lists Using Private VLANs ConclusionAcknowledgments Appendix: Cisco IOS Device Hardening Checklist Management Plane Control Plane Data Plane Cisco Support Community - Featured Conversations Related Information Introduction
This document contains information to help you secure your Cisco IOS® system devices, which increases the overall security of your network. Structured around the three planes into which functions of a networkdevice can be categorized, this document provides an overview of each included feature and references to related documentation. The three functional planes of a network, the management plane, control plane, and data plane, each provide different functionality that needs to be protected.
Management Plane—The management plane manages traffic that is sent to the Cisco IOS device and is made upof applications and protocols such as SSH and SNMP. Control Plane—The control plane of a network device processes the traffic that is paramount to maintaining the functionality of the network infrastructure. The control plane consists of applications and protocols between network devices, which includes the Border Gateway Protocol (BGP), as well as the Interior Gateway Protocols (IGPs) such as theEnhanced Interior Gateway Routing Protocol (EIGRP) and Open Shortest Path First (OSPF). Data Plane—The data plane forwards data through a network device. The data plane does not include traffic that is sent to the local Cisco IOS device.
The coverage of security features in this document often provides enough detail for you to configure the feature. However, in cases where it doesnot, the feature is explained in such a way that you can evaluate whether additional attention to the feature is required. Where possible and appropriate, this document contains recommendations that, if implemented, help secure a network.
Prerequisites Requirements
There are no specific requirements for this document.
http://kbase/paws/servlet/ViewFile/13608/21.xml?convertPaths=1
2/23/2012 Cisco - Cisco Guide to Harden Cisco IOS Devices
Page 2 of 55
Components Used
This document is not restricted to specific software and hardware versions.
Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions. Some command line examples in this document are wrapped to enhance readability.
Secure Operations
Secure network operations is asubstantial topic. Although most of this document is devoted to the secure configuration of a Cisco IOS device, configurations alone do not completely secure a network. The operational procedures in use on the network contribute as much to security as the configuration of the underlying devices. These topics contain operational recommendations that you are advised to implement. These topics...
Leer documento completo
Regístrate para leer el documento completo.