Router Security Strategies: Securing IP Network Traffic Planes 1st Edition, Kindle Edition

by Schudel Gregg (Author), Smith David (Author) Format: Kindle Edition

Flip to back Flip to front

Audible Sample Playing... Paused You are listening to a sample of the Audible narration for this Kindle book.
Learn more

Share <Embed>

Other Sellers

from

Other Sellers

See all 5 versions

Buy

$63.99

eBook features:

Highlight, take notes, and search in the book
Length: 672 pages
Enhanced Typesetting: Enabled
Page Flip: Enabled
Due to its large file size, this book may take longer to download

Read with the free Kindle apps (available on iOS, Android, PC & Mac), Kindle E-readers and on Fire Tablet devices. See all supported devices

Sold by: Amazon.com Services LLC

Print List Price: $79.99 Save $16.00 (20%)‎

Enter a promotion code or Gift Card

Router Security Strategies: Securing IP Network Traffic Planes provides a compre-hensive approach to understand and implement IP traffic plane separation and protection on IP routers. This book details the distinct traffic planes of IP networks and the advanced techniques necessary to operationally secure them. This includes the data, control, management, and services planes that provide the infrastructure for IP networking.

The first section provides a brief overview of the essential components of the Internet Protocol and IP networking. At the end of this section, you will understand the fundamental principles of defense in depth and breadth security as applied to IP traffic planes. Techniques to secure the IP data plane, IP control plane, IP management plane, and IP services plane are covered in detail in the second section.

The final section provides case studies from both the enterprise network and the service provider network perspectives. In this way, the individual IP traffic plane security techniques reviewed in the second section of the book are brought together to help you create an integrated, comprehensive defense in depth and breadth security architecture.

“Understanding and securing IP traffic planes are critical to the overall security posture of the IP infrastructure. The techniques detailed in this book provide protection and instrumentation enabling operators to understand and defend against attacks. As the vulnerability economy continues to mature, it is critical for both vendors and network providers to collaboratively deliver these protections to the IP infrastructure.”

–Russell Smoak, Director, Technical Services, Security Intelligence Engineering, Cisco

Gregg Schudel, CCIE® No. 9591, joined Cisco in 2000 as a consulting system engineer supporting the U.S. service provider organization. Gregg focuses on IP core network security architectures and technology for interexchange carriers and web services providers.

David J. Smith, CCIE No. 1986, joined Cisco in 1995 and is a consulting system engineer supporting the service provider organization. David focuses on IP core and edge architectures including IP routing, MPLS technologies, QoS, infrastructure security, and network telemetry.

Understand the operation of IP networks and routers
Learn about the many threat models facing IP networks, Layer 2 Ethernet switching environments, and IPsec and MPLS VPN services

Learn how to segment and protect each IP traffic plane by applying defense in depth and breadth principles

Use security techniques such as ACLs, rate limiting, IP Options filtering, uRPF, QoS, RTBH, QPPB, and many others to protect the data plane of IP and switched Ethernet networks

Secure the IP control plane with rACL, CoPP, GTSM, MD5, BGP and ICMP techniques and Layer 2 switched Ethernet-specific techniques
Protect the IP management plane with password management, SNMP, SSH, NTP, AAA, as well as other VPN management, out-of-band management, and remote access management techniques

Secure the IP services plane using recoloring, IP fragmentation control, MPLS label control, and other traffic classification and process control techniques

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

Customers who bought this item also bought

Page 1 of 1 Start overPage 1 of 1

Omar Santos
7
Kindle Edition
$43.99
Available for download now.
Eric Vyncke
14
Kindle Edition
$40.39
Available for download now.

Amazon Business: Make the most of your Amazon Business account with exclusive tools and savings. Login nowBusiness Prime : For Fast, FREE shipping, premium procurement benefits, and member-only offers on Amazon Business. Try Business Prime free.

Editorial Reviews

From the Back Cover

"Router Security Strategies: Securing IP Network Traffic Planes" provides a compre-hensive approach to understand and implement IP traffic plane separation and protection on IP routers. This book details the distinct traffic planes of IP networks and the advanced techniques necessary to operationally secure them. This includes the data, control, management, and services planes that provide the infrastructure for IP networking. The first section provides a brief overview of the essential components of the Internet Protocol and IP networking. At the end of this section, you will understand the fundamental principles of defense in depth and breadth security as applied to IP traffic planes. Techniques to secure the IP data plane, IP control plane, IP management plane, and IP services plane are covered in detail in the second section. The final section provides case studies from both the enterprise network and the service provider network perspectives. In this way, the individual IP traffic plane security techniques reviewed in the second section of the book are brought together to help you create an integrated, comprehensive defense in depth and breadth security architecture. "Understanding and securing IP traffic planes are critical to the overall security posture of the IP infrastructure. The techniques detailed in this book provide protection and instrumentation enabling operators to understand and defend against attacks. As the vulnerability economy continues to mature, it is critical for both vendors and network providers to collaboratively deliver these protections to the IP infrastructure." -Russell Smoak, Director, Technical Services, Security Intelligence Engineering, Cisco Gregg Schudel, CCIE(R) No. 9591, joined Cisco in 2000 as a consulting system engineer supporting the U.S. service provider organization. Gregg focuses on IP core network security architectures and technology for interexchange carriers and web services providers. David J. Smith, CCIE No. 1986, joined Cisco in 1995 and is a consulting system engineer supporting the service provider organization. David focuses on IP core and edge architectures including IP routing, MPLS technologies, QoS, infrastructure security, and network telemetry.

Understand the operation of IP networks and routers
Learn about the many threat models facing IP networks, Layer 2 Ethernet switching environments, and IPsec and MPLS VPN services

Learn how to segment and protect each IP traffic plane by applying defense in depth and breadth principles

Use security techniques such as ACLs, rate limiting, IP Options filtering, uRPF, QoS, RTBH, QPPB, and many others to protect the data plane of IP and switched Ethernet networks

Secure the IP control plane with rACL, CoPP, GTSM, MD5, BGP and ICMP techniques and Layer 2 switched Ethernet-specific techniques
Protect the IP management plane with password management, SNMP, SSH, NTP, AAA, as well as other VPN management, out-of-band management, and remote access management techniques

Secure the IP services plane using recoloring, IP fragmentation control, MPLS label control, and other traffic classification and process control techniques

This security book is part of the Cisco Press(R) Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks. --This text refers to an alternate kindle_edition edition.

About the Author

Gregg Schudel,CCIE No. 9591 (Security), joined Cisco in 2000 as a consulting system engineer supporting the U.S. Service Provider Organization. Gregg focuses on IP core network and services security architectures and technology for inter-exchange carriers, web services providers, and mobile providers. Gregg is also part of a team of Corporate and Field resources focused on driving Cisco Service Provider Security Strategy. Prior to joining Cisco, Gregg worked for many years with BBN Technologies, where he supported network security research and development, most notably in conjunction with DARPA and other federal agencies involved in security research. Gregg holds an MS in engineering from George Washington University, and a BS in engineering from Florida Institute of Technology. Gregg can be contacted through e-mail at gschudel@cisco.com.

David J. Smith, CCIE No. 1986 (Routing and Switching), joined Cisco in 1995 and is a consulting system engineer supporting the Service Provider Organization. Since 1999 David has focused on service provider IP core and edge architectures, including IP routing, MPLS technologies, QoS, infrastructure security, and network telemetry. Between 1995 and 1999, David supported enterprise customers designing campus and global WANs. Prior to joining Cisco, David worked at Bellcore developing systems software and experimental ATM switches. David holds an MS in information networking from Carnegie Mellon University, and a BS in computer engineering from Lehigh University. David can be contacted through e-mail at dasmith@cisco.com.

--This text refers to an alternate kindle_edition edition.

Product details

ASIN : B0051TM5L2
Publisher : Cisco Press; 1st edition (December 29, 2007)
Publication date : December 29, 2007
Language : English
File size : 14649 KB
Simultaneous device usage : Up to 5 simultaneous devices, per publisher limits
Text-to-Speech : Enabled
Screen Reader : Supported
Enhanced typesetting : Enabled
X-Ray : Not Enabled
Word Wise : Not Enabled
Print length : 672 pages
Lending : Not Enabled

Best Sellers Rank: #2,883,089 in Kindle Store (See Top 100 in Kindle Store)
- #1,074 in Online Safety & Piracy
- #4,067 in Privacy & Online Safety
- #6,134 in Computer Networking (Kindle Store)

Customer Reviews:
10 ratings

Customer reviews

5 star		75%
4 star		25%
3 star 0% (0%)		0%
2 star 0% (0%)		0%
1 star 0% (0%)		0%

How are ratings calculated?

Top reviews from the United States

There was a problem filtering reviews right now. Please try again later.

tasos

Good read

Reviewed in the United States on January 4, 2018

Verified Purchase

It was a well structured book on Cisco IOS security referring to network engineers who work on enterprise WAN or Service Provider environment. I learned many commands that I wasn't aware of and I liked the section that compares the IOS and IOS XR command reference.
Unfortunately no reference to NX OS or Zone Based/IOS firewall so if you want something related to those 2 technologies you should search elsewhere.
I also didn't like the fact that the same information was sometimes repeated over and over again.
Otherwise a good book to have on your library.

Helpful

Kunapureddy Pratyush

Five Stars

Reviewed in the United States on August 9, 2016

Verified Purchase

Good book.

Helpful

Richard Bejtlich

This is the sort of Cisco security book I like to read

Reviewed in the United States on February 11, 2008

Router Security Strategies (RSS) is the sort of Cisco security book I like to read. Some of you were surprised by my three star review of another recent Cisco security book -- LAN Switch Security (LSS). I suggest the authors of that book take a look at RSS as a model for writing a second edition of LSS. RSS is well-organized, very clear, and backed by plenty of actionable command syntax. Were it not for a tendency to unnecessarily repeat and summarize material, I would have rated RSS five stars. Nevertheless, anyone operating Cisco routers would do well to consider how RSS approaches the network security problem.

RSS focuses on ways to protect transit, receive, and exception IP traffic in the data, control, management, and service planes of Enterprise and Service Provider (SP) networks. That one sentence almost summarizes the entire table of contents, where Chs 4-7 cover the four planes, Chs 8 and 9 provide case studies for Enterprise and SP networks, respectively, and Chs 1-3 provide introductory and conceptual material. This is how to write a technical book! Tangential material appears in four appendices, and the authors keep the reader on track through the entire text.

RSS makes a compelling case for network security in a world where applications and Web 2.0 are all the rage. I believe many people who scoff at network security have no real idea of the complexities inherent in modern network infrastructure. Too many application-centric people take it for granted that they can reach whatever Web victim they're attacking; perhaps that is a credit to network engineers who've made their creations just work and not be the center of attention. Should attackers decide to focus on network infrastructure, RSS provides plenty of techniques for defending routers and even some switches. I enjoyed learning more about several uRPF techniques, Flexible Pattern Matching (FPM), Selective Packet Discard, Receive ACLS, Control Plane Policing, Dynamic APR Inspection (DAI), and CLI Views. Many of these methods exist to protect the network itself, not necessarily the endpoints. While the authors do mention a desire to protect hosts, I liked seeing such a focus on defending infrastructure. Perhaps "network security" should be a term transitioned to solely mean protecting network platforms?

I thought Appendix B would be the standard catalog of TCP/IP header diagrams, but I was pleasantly described to see a different approach. App B did depict IP, TCP, UDP, ICMP, IEEE 802.3, and 802.1Q headers, but the authors provide a security implication for each field in these headers. I found that to be original and informative.

I subtracted one star for two aspects of the book which bothered me. First, the authors tend to use the term "threat" in a manner which is not consistent with real threat terminology. For example, p 87 speaks of "the potential threat and impact of a given vulnerability". Threat, impact, and vulnerability are all separate concepts. Ch 2, where such terminology appears, is titled "Threat Models for IP Networks." If you read the chapter it is a catalog of attacks, which sections titled "Resource Exhaustion Attacks", "Spoofing Attacks", and so on. Clearly Ch 2 is "Attack Models for IP Networks".

Second, although the material in RSS is excellent, the authors' tendency to repeat concepts wore me down. It's usually acceptable to begin a section by referencing and/or rephrasing material from an earlier chapter, or at worst farther back in the same chapter. It's simply annoying to be told the same material that appeared in the last paragraph. Any time the reader encounters "as stated in the last section" or similar, the authors should reconsider discussing the concept again. Edits like these wouldn't necessarily shrink the book that much, but the text would not treat the reader as if he or she has too short an attention span to remember what he or she just read.

Despite those two concerns, I still very much enjoyed reading RSS. You will probably get more out of the book if you have MPLS experience, but the authors provide plenty of background anyway. One of the best aspects of RSS is the presentation of extensive IOS syntax for all of the major concepts in the book. The authors do not talk about a technique and then leave it as an exercise for the reader to determine how that idea should be implemented in IOS. Those trying to protect data, control, management, and service IP traffic will be well-served by reading RSS.

7 people found this helpful

Helpful

Rik Guyler

Excellent coverage of the intended subject matter.

Reviewed in the United States on March 25, 2008

We finally have a book that pulls several different IOS security strategies together. So many references prior to this one touch on these topics sporadically but I have yet to find a better resource that covers all the bases as does this one.

The things I like about this book:

So many authors tend to try to spread their subject matter out too wide and take too broad of an approach when writing about network security. Schudel and Smith didn't do that. Instead they focused on specific areas and worked diligently to stay on target. It was very refreshing to read a book that actually didn't wander off on tangential subjects on a regular basis.

As for actual subject matter I was very pleased to find a book that discussed the various "planes" within Cisco IOS. In my opinion Cisco has not been very good about documenting this subject and so this book has cleared up several knowledge gaps I had prior to reading it. All of the bits of information I've heard or read about in the past were pulled together in a clear and concise manner. It was also pleasing to see just the right amount of configuration "shows" rather than pages and pages of them.

I also was very happy that this book was not full of fluff. The authors used just enough background info to convey their message but did not go overboard in non-essential detail. As with any technical reference I prefer thorough and correct information but many times there is just too much description that just gets in the way.

Some reviewers stated that the authors repeated themselves within this book. For me this was not a negative. There are certain topics that I very much need repeated in order to retain it thoroughly and so this was not a problem for me. The repetitious content was neither significant nor time consuming so I consider it to be a positive rather than a negative.

The things I do not like about this book:

This is trivial but I would have much preferred a hardback book rather than a paperback. This is a personal preference of course but hardbacks tend to last longer for me.

Helpful

Router Security Strategies: Securing IP Network Traffic Planes 1st Edition, Kindle Edition

Buy for others

Buying and sending eBooks to others

Customers who bought this item also bought

Editorial Reviews

From the Back Cover

About the Author

Product details

Customer reviews

Top reviews from the United States

There was a problem filtering reviews right now. Please try again later.