[...]... Network Core Security Concepts IP Core 13 9 MPLS VPN Core 14 0 13 8 Summary 14 1 Review Questions Further Reading 14 1 14 2 Part II Security Techniques for Protecting IP Traffic Planes 14 5 Chapter 4 IP Data Plane Security 14 7 Interface ACL Techniques 14 7 Unicast RPF Techniques 15 6 Strict uRPF 15 7 Loose uRPF 16 1 VRF Mode uRPF 16 3 Feasible uRPF 16 7 Flexible Packet Matching 16 8 QoS Techniques 17 0 Queuing 17 0 IP QoS... Provider Core 10 1 Threats Against the Inter-Provider Edge 10 3 Carrier Supporting Carrier Threats 10 3 Inter-AS VPN Threats 10 5 IPsec VPN Threat Models 10 8 Summary 11 1 Review Questions Further Reading Chapter 3 11 2 11 3 IP Network Traffic Plane Security Concepts 11 7 Principles of Defense in Depth and Breadth 11 7 Understanding Defense in Depth and Breadth Concepts 11 8 What Needs to Be Protected? 11 9 What Are... Layers? 11 9 What Is the Operational Envelope of the Network? 12 2 xi What Is Your Organization’s Operational Model? 12 3 IP Network Traffic Planes: Defense in Depth and Breadth 12 3 Data Plane 12 4 Control Plane 12 4 Management Plane 12 5 Services Plane 12 6 Network Interface Types 12 7 Physical Interfaces 12 8 Logical Interfaces 13 1 Network Edge Security Concepts Internet Edge 13 3 MPLS VPN Edge 13 6 13 3 Network... (Marking) Rate Limiting 17 3 17 1 IP Options Techniques 17 4 Disable IP Source Routing 17 5 IP Options Selective Drop 17 5 ACL Support for Filtering IP Options Control Plane Policing 17 8 17 7 xii ICMP Data Plane Mitigation Techniques Disabling IP Directed Broadcasts IP Sanity Checks 17 8 18 1 18 2 BGP Policy Enforcement Using QPPB 18 3 IP Routing Techniques 18 7 IP Network Core Infrastructure Hiding 18 7 IS-IS Advertise-Passive-Only... Breadth Security Strategies 598 Establish Well-Defined Incident Response Procedures 599 Establish an Incident Response Team 600 Identification 600 Classification 600 Traceback 6 01 Reaction 6 01 Post-Mortem Analysis 602 Cisco Product Security 602 Cisco Security Vulnerability Policy 603 Cisco Computer and Network Security 603 Cisco Safety and Security 603 Cisco IPS Signature Pack Updates and Archives Cisco Security. .. 206 Deep Packet Inspection 207 Layer 2 Ethernet Security Techniques 208 Port Security 208 MAC Address–Based Traffic Blocking 209 Disable Auto Trunking 210 VLAN ACLs 211 IP Source Guard 212 Private VLANs 212 Traffic Storm Control 213 Unknown Unicast Flood Blocking 214 Summary 214 Review Questions Further Reading Chapter 5 214 215 IP Control Plane Security 219 Disabling Unused Control Plane Services ICMP... Ethernet/802.1Q Header 543 IEEE 802.3 Ethernet Frame Header Format IEEE 802.1Q VLAN Header Format 547 MPLS Protocol Header Further Reading 554 5 51 543 xvii Appendix C Cisco IOS to IOS XR Security Transition 557 Data Plane Security Commands 558 Control Plane Security Commands 562 Management Plane Security Commands 578 Services Plane Security Commands 592 Further Reading 595 Appendix D Security Incident... Plane Security 299 Management Interfaces Password Security SNMP Security 300 303 306 Remote Terminal Access Security 309 Disabling Unused Management Plane Services 311 264 xiv Disabling Idle User Sessions System Banners 315 316 Secure IOS File Systems Role-Based CLI Access 319 320 Management Plane Protection 324 Authentication, Authorization, and Accounting AutoSecure 329 Network Telemetry and Security. .. Core Security 370 Disable IP TTL to MPLS TTL Propagation at the Network Edge IP Fragmentation 3 71 Router Alert Label 3 71 Network SLAs 372 370 xv Inter-Provider Edge Security 372 Carrier Supporting Carrier Security Inter-AS VPN Security 374 IPsec VPN Services 376 IPsec VPN Overview 376 IKE 377 IPsec 378 Securing IPsec VPN Services 386 IKE Security 386 Fragmentation 387 IPsec VPN Access Control 3 91 QoS... describes the security implications and abuse potential for each header field • Appendix C, Cisco IOS to IOS XR Security Transition”: Provides a one-for-one mapping between common IOS 12 .0S security- related configuration commands and their respective IOS XR counterparts • Appendix D, Security Incident Handling”: Provides a short overview of security incident handling techniques, and a list of common security . 10 1 Threats Against the Inter-Provider Edge 10 3 Carrier Supporting Carrier Threats 10 3 Inter-AS VPN Threats 10 5 IPsec VPN Threat Models 10 8 Summary 11 1 Review Questions 11 2 Further Reading 11 3 Chapter. Types 12 7 Physical Interfaces 12 8 Logical Interfaces 13 1 Network Edge Security Concepts 13 3 Internet Edge 13 3 MPLS VPN Edge 13 6 Network Core Security Concepts 13 8 IP Core 13 9 MPLS VPN Core 14 0 Summary. Techniques 15 6 Strict uRPF 15 7 Loose uRPF 16 1 VRF Mode uRPF 16 3 Feasible uRPF 16 7 Flexible Packet Matching 16 8 QoS Techniques 17 0 Queuing 17 0 IP QoS Packet Coloring (Marking) 17 1 Rate Limiting 17 3 IP