Industrial-Sized Deals Shop all Back to School Shop Women's Handbags Learn more nav_sap_SWP_6M_fly_beacon Beach House $5 Off Fire TV Stick Off to College Essentials Shop Popular Services TransparentGGWin TransparentGGWin TransparentGGWin  Amazon Echo Starting at $99 Kindle Voyage Shop Back to School with Amazon Back to School with Amazon Outdoor Recreation STEM Toys & Games
Router Security Strategies and over one million other books are available for Amazon Kindle. Learn more

Router Security Strategies: Securing IP Network Traffic Planes 1st Edition

5 customer reviews
ISBN-13: 978-1587053368
ISBN-10: 1587053365
Why is ISBN important?
ISBN
This bar-code number lets you verify that you're getting exactly the right version or edition of a book. The 13-digit and 10-digit formats both work.
Scan an ISBN with your phone
Use the Amazon App to scan ISBNs and compare prices.
Sell yours for a Gift Card
We'll buy it for $2.00
Learn More
Trade in now
Have one to sell? Sell on Amazon
Buy used
$16.23
Buy new
$51.05
More Buying Choices
18 New from $20.75 16 Used from $16.23
Free Two-Day Shipping for College Students with Amazon Student Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student


InterDesign Brand Store Awareness Textbooks
$51.05 FREE Shipping. Only 5 left in stock (more on the way). Ships from and sold by Amazon.com. Gift-wrap available.

Frequently Bought Together

Router Security Strategies: Securing IP Network Traffic Planes + LAN Switch Security: What Hackers Know About Your Switches + Penetration Testing and Network Defense
Price for all three: $146.26

Buy the selected items together

Editorial Reviews

From the Back Cover

Router Security Strategies: Securing IP Network Traffic Planesprovides a compre-hensive approach to understand and implement IP traffic plane separation and protection on IP routers. This book details the distinct traffic planes of IP networks and the advanced techniques necessary to operationally secure them. This includes the data, control, management, and services planes that provide the infrastructure for IP networking. 

 

The first section provides a brief overview of the essential components of the Internet Protocol and IP networking. At the end of this section, you will understand the fundamental principles of defense in depth and breadth security as applied to IP traffic planes. Techniques to secure the IP data plane, IP control plane, IP management plane, and IP services plane are covered in detail in the second section.

 

The final section provides case studies from both the enterprise network and the service provider network perspectives. In this way, the individual IP traffic plane security techniques reviewed in the second section of the book are brought together to help you create an integrated, comprehensive defense in depth and breadth security architecture.

 

“Understanding and securing IP traffic planes are critical to the overall security posture of the IP infrastructure.  The techniques detailed in this book provide protection and instrumentation enabling operators to understand and defend against attacks. As the vulnerability economy continues to mature, it is critical for both vendors and network providers to collaboratively deliver these protections to the IP infrastructure.

-Russell Smoak, Director, Technical Services, Security Intelligence Engineering, Cisco

 

Gregg Schudel, CCIE® No. 9591, joined Cisco in 2000 as a consulting system engineer supporting the U.S. service provider organization. Gregg focuses on IP core network security architectures and technology for interexchange carriers and web services providers.

 

David J. Smith, CCIE No. 1986, joined Cisco in 1995 and is a consulting system engineer supporting the service provider organization. David focuses on IP core and edge architectures including IP routing, MPLS technologies, QoS, infrastructure security, and network telemetry.

 

  • Understand the operation of IP networks and routers
  • Learn about the many threat models facing IP networks, Layer 2 Ethernet switching environments, and IPsec and MPLS VPN services
  • Learn how to segment and protect each IP traffic plane by applying defense in depth and breadth principles
  • Use security techniques such as ACLs, rate limiting, IP Options filtering, uRPF, QoS, RTBH, QPPB, and many others to protect the data plane of IP and switched Ethernet networks
  • Secure the IP control plane with rACL, CoPP, GTSM, MD5, BGP and ICMP techniques and Layer 2 switched Ethernet-specific techniques
  • Protect the IP management plane with password management, SNMP, SSH, NTP, AAA, as well as other VPN management, out-of-band management, and remote access management techniques
  • Secure the IP services plane using recoloring, IP fragmentation control, MPLS label control, and other traffic classification and process control techniques

 This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

 

 

About the Author

Gregg Schudel,CCIE No. 9591 (Security), joined Cisco in 2000 as a consulting system engineer supporting the U.S. Service Provider Organization. Gregg focuses on IP core network and services security architectures and technology for inter-exchange carriers, web services providers, and mobile providers. Gregg is also part of a team of Corporate and Field resources focused on driving Cisco Service Provider Security Strategy. Prior to joining Cisco, Gregg worked for many years with BBN Technologies, where he supported network security research and development, most notably in conjunction with DARPA and other federal agencies involved in security research. Gregg holds an MS in engineering from George Washington University, and a BS in engineering from Florida Institute of Technology. Gregg can be contacted through e-mail at gschudel@cisco.com.

 

David J. Smith, CCIE No. 1986 (Routing and Switching), joined Cisco in 1995 and is a consulting system engineer supporting the Service Provider Organization. Since 1999 David has focused on service provider IP core and edge architectures, including IP routing, MPLS technologies, QoS, infrastructure security, and network telemetry. Between 1995 and 1999, David supported enterprise customers designing campus and global WANs. Prior to joining Cisco, David worked at Bellcore developing systems software and experimental ATM switches. David holds an MS in information networking from Carnegie Mellon University, and a BS in computer engineering from Lehigh University. David can be contacted through e-mail at dasmith@cisco.com.

NO_CONTENT_IN_FEATURE


Best Books of the Month
Best Books of the Month
Want to know our Editors' picks for the best books of the month? Browse Best Books of the Month, featuring our favorite new books in more than a dozen categories.

Product Details

  • Paperback: 672 pages
  • Publisher: Cisco Press; 1 edition (January 8, 2008)
  • Language: English
  • ISBN-10: 1587053365
  • ISBN-13: 978-1587053368
  • Product Dimensions: 7.3 x 1.6 x 9.1 inches
  • Shipping Weight: 2.4 pounds (View shipping rates and policies)
  • Average Customer Review: 4.8 out of 5 stars  See all reviews (5 customer reviews)
  • Amazon Best Sellers Rank: #1,462,983 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

5 star
80%
4 star
20%
3 star
0%
2 star
0%
1 star
0%
See all 5 customer reviews
Share your thoughts with other customers

Most Helpful Customer Reviews

7 of 7 people found the following review helpful By Richard Bejtlich on February 11, 2008
Format: Paperback
Router Security Strategies (RSS) is the sort of Cisco security book I like to read. Some of you were surprised by my three star review of another recent Cisco security book -- LAN Switch Security (LSS). I suggest the authors of that book take a look at RSS as a model for writing a second edition of LSS. RSS is well-organized, very clear, and backed by plenty of actionable command syntax. Were it not for a tendency to unnecessarily repeat and summarize material, I would have rated RSS five stars. Nevertheless, anyone operating Cisco routers would do well to consider how RSS approaches the network security problem.

RSS focuses on ways to protect transit, receive, and exception IP traffic in the data, control, management, and service planes of Enterprise and Service Provider (SP) networks. That one sentence almost summarizes the entire table of contents, where Chs 4-7 cover the four planes, Chs 8 and 9 provide case studies for Enterprise and SP networks, respectively, and Chs 1-3 provide introductory and conceptual material. This is how to write a technical book! Tangential material appears in four appendices, and the authors keep the reader on track through the entire text.

RSS makes a compelling case for network security in a world where applications and Web 2.0 are all the rage. I believe many people who scoff at network security have no real idea of the complexities inherent in modern network infrastructure. Too many application-centric people take it for granted that they can reach whatever Web victim they're attacking; perhaps that is a credit to network engineers who've made their creations just work and not be the center of attention.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
1 of 1 people found the following review helpful By oldCCIE on March 23, 2008
Format: Paperback
That's just yet another great title from Cisco Press!. This book does a great job of logically dividing the overall router security into each logical context by way of describing the router's planes. I also found very elaborate and diverse "Further Reading" towards the end of each chapter very useful. I particularly liked the idea of overall structure and quality of contents in the book which relate to both a casual and an advanced reader!

Book is structured into four Parts;

Part I focuses on laying the foundation for the rest of the book. It achieves this purpose by talking about the Enterprise and SP network fundamentals. This also includes day-in-the-life-of-a-packet through various router switching mechanisms. Chapter 2 re-hashes the network security/threat models but does a nice job of dividing it into various aspects of architectures including various IP VPNs scenarios.

For an advanced reader, this should serve as a nice refresher!

Part II introduces you to real meat of router security, i.e., securing the router planes in both IP and MPLS networks. Authors do a good job of describing the details of each component. Chapters in this section contain working details and IOS configuration snippets to enhance the understanding of various concepts discussed. An advanced user will find all the details given here very useful, and prefer read them cover to cover.

Part III walks you through various case studies to further the concepts explained in the prior chapters. I particularly like the idea of covering both Enterprise and SP case studies.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
1 of 1 people found the following review helpful By John Gordon Ainsworth on March 16, 2008
Format: Paperback
Router Security Strategies is a book about protecting ip networks by dividing them into different segments. Network engineers for service providers and larger enterprise networks will benefit most from this manual.

Chapters 1 through 7 are not a cookbook that you can look up sample configurations, but a broad coverage of security concerns. The authors spend these chapters leading the reader to an understanding of how ip traffic can be broken down into different categories, and how to define them as well as the particular vulnerabilities each has.

Schudel and Smith describe a three dimensional way of looking at security. Whereas we may have previously thought of securing each interface in a path, this book explodes this view into a multi-dimensional paradigm of data, control, management, and services. Like parallel universes each must be addressed separately while maintaining a big picture of how each plane can affect the other. The data plane is the actual payload for applications. The control plane indicates protocols that keep the traffic flowing to their destination. The management plane concerns the network administrator's access to the equipment. Special features such as Virtual Private Networks and Quality of Service constitute the services plane.
Chapters 8 and 9 give case studies that include diagrams, numbered line configurations, with documentation.

Appendix B details of each section of IP, TCP, and other protocol packets with vulnerabilities for each part. This is the first time I have seen this type of break down and found it made several aspects of attacks clearer to me. There are several other appendices that cover the IOS XR image and an excellent section on security incident handling that one could use as an outline for their company to use. I give Router Security Strategy 5 stars.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Set up an Amazon Giveaway

Amazon Giveaway allows you to run promotional giveaways in order to create buzz, reward your audience, and attract new followers and customers. Learn more
Router Security Strategies: Securing IP Network Traffic Planes
This item: Router Security Strategies: Securing IP Network Traffic Planes
Price: $51.05
Ships from and sold by Amazon.com

What Other Items Do Customers Buy After Viewing This Item?