Free Articles, Free Web Content, Reprint Articles
Tuesday, November 19, 2019
 
Free Articles, Free Web Content, Reprint ArticlesRegisterAll CategoriesTop AuthorsSubmit Article (Article Submission)ContactSubscribe Free Articles, Free Web Content, Reprint Articles
 

DoS Protection on Cisco 7600 Router

The Cisco 7600 router is in my opinion one of the most versatile High End routing machines on the planet!! It is one of my favorite networking devices. If you take a look at Cisco website under the Ro...

The Cisco 7600 router is in my opinion one of the most versatile High End routing machines on the planet!! It is one of my favorite networking devices. If you take a look at Cisco website under the Routers Product Category, you will notice that the 7600 can be used in Data Centers, in Service Provider networks, in WAN aggregation or as Internet Edge router. In Service Providers can be used as Provider Edge (PE) in IP MPLS networks aggregating many Customer Edge (CE) router devices. Its modularity and high port capacity allows the 7600 to work as both Layer2 aggregation and as Layer3 high performance router.

In Service Provider networks one of the main concerns of network administrators is to protect the networking infrastructure from Denial of Service attacks. These DoS attacks are actually the most serious and popular security threat against Service Providers. Botnets are frequently the main source of such attacks. ICMP flooding, UDP flooding, spoofed addresses DoS, SYN attacks etc are a few examples of DoS or DDos (Distributed Denial of Service) attacks. Fortunately the Cisco 7600 router has many robust features and mechanisms to protect itself from such attacks.

In the company that I work (Service Provider) we have already implemented several security protection features on 7600 which are really effective against DoS attacks. A summary of the DoS protection mechanisms on 7600 follows below:

Security Access Control Lists (ACL): Applied on interfaces to block traffic at Layer3/4 layers.

QoS Rate Limiting: Using class-maps and policy-maps you can apply rate limiting to specific type of traffic (e.g ICMP)

uRPF (unicast Reverse Path Forwarding): protects against spoofing attacks.

Traffic Storm Control: Protects against broadcast storm attacks.

TCP Intercept: Protects against SYN attacks.

Hardware-Based Rate Limiters: Work on PFC3 engines. These rate limiters protect the MSFC routing engine from various packets that can overload its CPU (configured with the mls rate-limit command)

Control Plane Policing (CoPP): Again used for protection of the MSFC routing engine by applying rate limiting to packets that flow from the data plane to the control plane.

Of course in addition to the above you must not forget other important security mechanisms such as strong password policy, proper Authentication and Accounting, logging, SNMP security, Routing Protocols security (MD5 authentication in OSPFBusiness Management Articles, BGP etc) etc. All of these technical issues must be based on a thorough and carefully written security policy.

Article Tags: Cisco 7600 Router, Cisco 7600, 7600 Router, Service Provider, Rate Limiting, Protects Against

Source: Free Articles from ArticlesFactory.com

ABOUT THE AUTHOR


Adelbert is a Cisco specialist with more than 11 years experience in the field of networking. You can check out his website for more Cisco Router information and other related details about designing and implementing Cisco solutions. Harris is also the author of the Cisco ASA Firewall Fundamentals ebook.



Health
Business
Finance
Travel
Technology
Home Repair
Computers
Marketing
Autos
Family
Entertainment
Law
Education
Communication
Other
Sports
ECommerce
Home Business
Self Help
Internet
Partners


Page loaded in 0.026 seconds