Router Security Strategies: Securing IP Network Traffic Planes provides
a compre-hensive approach to understand and implement IP traffic plane
separation and protection on IP routers. This book details the distinct
traffic planes of IP networks and the advanced techniques necessary to
operationally secure them. This includes the data, control, management,
and services planes that provide the infrastructure for IP networking.

The first section provides a brief overview of the essential components
of the Internet Protocol and IP networking. At the end of this section,
you will understand the fundamental principles of defense in depth and
breadth security as applied to IP traffic planes. Techniques to secure
the IP data plane, IP control plane, IP management plane, and IP
services plane are covered in detail in the second section.

The final section provides case studies from both the enterprise network
and the service provider network perspectives. In this way, the
individual IP traffic plane security techniques reviewed in the second
section of the book are brought together to help you create an
integrated, comprehensive defense in depth and breadth security
architecture.

“Understanding and securing IP traffic planes are critical to the
overall security posture of the IP infrastructure. The techniques
detailed in this book provide protection and instrumentation enabling
operators to understand and defend against attacks. As the vulnerability
economy continues to mature, it is critical for both vendors and network
providers to collaboratively deliver these protections to the IP
infrastructure.”
-Russell Smoak, Director, Technical Services, Security Intelligence
Engineering, Cisco

Gregg Schudel, CCIE® No. 9591, joined Cisco in 2000 as a consulting
system engineer supporting the U.S. service provider organization. Gregg
focuses on IP core network security architectures and technology for
interexchange carriers and web services providers.

David J. Smith, CCIE No. 1986, joined Cisco in 1995 and is a consulting
system engineer supporting the service provider organization. David
focuses on IP core and edge architectures including IP routing, MPLS
technologies, QoS, infrastructure security, and network telemetry.

- Understand the operation of IP networks and routers
- Learn about the many threat models facing IP networks, Layer 2
Ethernet switching environments, and IPsec and MPLS VPN services
- Learn how to segment and protect each IP traffic plane by applying
defense in depth and breadth principles
- Use security techniques such as ACLs, rate limiting, IP Options
filtering, uRPF, QoS, RTBH, QPPB, and many others to protect the data
plane of IP and switched Ethernet networks
- Secure the IP control plane with rACL, CoPP, GTSM, MD5, BGP and ICMP
techniques and Layer 2 switched Ethernet-specific techniques
- Protect the IP management plane with password management, SNMP, SSH,
NTP, AAA, as well as other VPN management, out-of-band management, and
remote access management techniques
- Secure the IP services plane using recoloring, IP fragmentation
control, MPLS label control, and other traffic classification and
process control techniques
This security book is part of the Cisco Press® Networking Technology
Series. Security titles from Cisco Press help networking professionals
secure critical data and resources, prevent and mitigate network
attacks, and build end-to-end self-defending networks.