Router Security Strategies: Securing IP Network Traffic Planes

Gregg Schudel, David Smith

  • 出版商: Cisco Press
  • 出版日期: 2007-12-01
  • 售價: $3,010
  • 貴賓價: 9.5$2,860
  • 語言: 英文
  • 頁數: 672
  • 裝訂: Paperback
  • ISBN: 1587053365
  • ISBN-13: 9781587053368
  • 相關分類: 資訊安全
  • 海外代購書籍(需單獨結帳)

買這商品的人也買了...

相關主題

商品描述

Router Security Strategies: Securing IP Network Traffic Planes provides a compre-hensive approach to understand and implement IP traffic plane separation and protection on IP routers. This book details the distinct traffic planes of IP networks and the advanced techniques necessary to operationally secure them. This includes the data, control, management, and services planes that provide the infrastructure for IP networking. 

 

The first section provides a brief overview of the essential components of the Internet Protocol and IP networking. At the end of this section, you will understand the fundamental principles of defense in depth and breadth security as applied to IP traffic planes. Techniques to secure the IP data plane, IP control plane, IP management plane, and IP services plane are covered in detail in the second section.

 

The final section provides case studies from both the enterprise network and the service provider network perspectives. In this way, the individual IP traffic plane security techniques reviewed in the second section of the book are brought together to help you create an integrated, comprehensive defense in depth and breadth security architecture.

 

“Understanding and securing IP traffic planes are critical to the overall security posture of the IP infrastructure.  The techniques detailed in this book provide protection and instrumentation enabling operators to understand and defend against attacks. As the vulnerability economy continues to mature, it is critical for both vendors and network providers to collaboratively deliver these protections to the IP infrastructure.”

–Russell Smoak, Director, Technical Services, Security Intelligence Engineering, Cisco

 

Gregg Schudel, CCIE® No. 9591, joined Cisco in 2000 as a consulting system engineer supporting the U.S. service provider organization. Gregg focuses on IP core network security architectures and technology for interexchange carriers and web services providers.

 

David J. Smith, CCIE No. 1986, joined Cisco in 1995 and is a consulting system engineer supporting the service provider organization. David focuses on IP core and edge architectures including IP routing, MPLS technologies, QoS, infrastructure security, and network telemetry.

 

  • Understand the operation of IP networks and routers
  • Learn about the many threat models facing IP networks, Layer 2 Ethernet switching environments, and IPsec and MPLS VPN services
  • Learn how to segment and protect each IP traffic plane by applying defense in depth and breadth principles
  • Use security techniques such as ACLs, rate limiting, IP Options filtering, uRPF, QoS, RTBH, QPPB, and many others to protect the data plane of IP and switched Ethernet networks
  • Secure the IP control plane with rACL, CoPP, GTSM, MD5, BGP and ICMP techniques and Layer 2 switched Ethernet-specific techniques
  • Protect the IP management plane with password management, SNMP, SSH, NTP, AAA, as well as other VPN management, out-of-band management, and remote access management techniques
  • Secure the IP services plane using recoloring, IP fragmentation control, MPLS label control, and other traffic classification and process control techniques

 This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

 

 

商品描述(中文翻譯)

《路由器安全策略:保護IP網絡流量平面》提供了一種全面的方法,以了解和實施IP路由器上的IP流量平面分離和保護。本書詳細介紹了IP網絡的不同流量平面以及操作上保護它們所需的高級技術。這包括為IP網絡提供基礎設施的數據、控制、管理和服務平面。

第一部分簡要介紹了互聯網協議和IP網絡的基本組件。在本部分結束時,您將了解深度和廣度安全防禦原則如何應用於IP流量平面。第二部分詳細介紹了保護IP數據平面、IP控制平面、IP管理平面和IP服務平面的技術。

最後一部分從企業網絡和服務提供商網絡的角度提供了案例研究。通過這種方式,將本書第二部分中評審的各個IP流量平面安全技術結合起來,幫助您創建一個集成的、全面的深度和廣度安全架構。

“了解和保護IP流量平面對於IP基礎設施的整體安全姿態至關重要。本書中詳細介紹的技術提供了保護和儀器化,使操作人員能夠理解並防禦攻擊。隨著漏洞經濟的不斷成熟,供應商和網絡提供商共同提供這些保護措施對於IP基礎設施至關重要。”
- Russell Smoak,思科安全情報工程技術服務總監

Gregg Schudel,CCIE® No. 9591,於2000年加入思科,擔任美國服務提供商組織的咨詢系統工程師。Gregg專注於IP核心網絡安全架構和互換運營商和Web服務提供商的技術。

David J. Smith,CCIE No. 1986,於1995年加入思科,擔任服務提供商組織的咨詢系統工程師。David專注於IP核心和邊緣架構,包括IP路由、MPLS技術、QoS、基礎設施安全和網絡遙測。

本書的內容包括:
- 了解IP網絡和路由器的運作
- 了解IP網絡、第2層以太網交換環境以及IPsec和MPLS VPN服務面臨的多種威脅模型
- 通過深度和廣度原則對每個IP流量平面進行分割和保護
- 使用安全技術,如ACL、速率限制、IP選項過濾、uRPF、QoS、RTBH、QPPB等,保護IP和交換式以太網網絡的數據平面
- 通過rACL、CoPP、GTSM、MD5、BGP和ICMP技術以及第2層交換式以太網特定技術保護IP控制平面
- 通過密碼管理、SNMP、SSH、NTP、AAA以及其他VPN管理、帶外管理和遠程訪問管理技術保護IP管理平面
- 使用重新著色、IP碎片控制、MPLS標籤控制和其他流量分類和流程控制技術保護IP服務平面

本書是思科出版社®網絡技術系列的一部分。思科出版社的安全書籍幫助網絡專業人士保護關鍵數據和資源,預防和減輕網絡攻擊,構建端到端的自衛網絡。