Chapter 4 - Network Foundation Protection Flashcards
What are the three basic planes in the NFP framework?
1) Management plane
2) Control plane
3) Data plane
What is network foundation protection?
(NFP) It is all about breaking the infrastructure down into smaller components, and then systematically focusing on how to secure each of those components.
Describe the management plane of the NFP framework.
This includes the protocols and traffic that an administrator uses between his workstation and the router and switch itself. An example is using a remote management protocol such as Secure Shell (SSH).
Describe the control plane in the NFP.
This includes protocols and traffic that the network devices use on their own without direct interaction from an admin. An example is a routing protocol.
Describe the data plane in the NFP.
This includes traffic which is being forwarded through the network (sometimes called transit traffic). An example is a user on one part of the network who is accessing a server; the data plane represents the traffic that is being switched or forwarded by the network devices between the client and server.
Describe how you would use Security Measures to protect the Management plane.
Authenticate and authorize admins (AAA). Protect time synchronization using NTP. Use only encrypted protocols such as SSH for CLI or SSL/TLS for GUI tools and use secure versions of SNMP. If plaintext tools are used, they should be protected by encryption protocols such as IPsec. A parser view is a way to limit what a specific individual, based on his role, can do on a router.
List 7 different security measures for the management plane.
1) Authentication, authorization, accounting (AAA)
2) Authenticated network time protocol (NTP)
3) Secure Shell (SSH)
4) SSL/TLS - Secure Sockets Layer/Transport Layer Security
5) Protected syslog
6) Simple Network Management Protocol Version 3 (SNMPv3)
7) Parser Views
How can you remove the possibility of an attacker manipulating routing tables?
Running protocol updates should be authenticated.
What are 2 Security Methods to use on the control plane?
1) Control plane policing (CoPP) & Control plan protection (CPPr)
3) Authenticated routing protocols
Access control lists (ACLs) are a security measure for which plane?
Data plane
Why is it important to protect the infrastructure at Layer 2 in the data plane?
You can avoid a rogue switch from becoming the root of your spanning tree.
When applied as filters on interfaces, what can control which traffic (transit traffic) is allowed on the data plane?
ACLs
How can an IOS Zone-Based firewall be a security measure at the data plane?
It can control exactly what traffic is flowing through your network based on policy.
What is role-based access control (RBAC)?
Creating a group that has specific rights, and then placing users in that group.
What are some ways to implement RBAC?
Using Access Control Server (ACS) and CLI parser views.
How does AAA work?
The network router or switch can interact with a centralized server before allowing any access, before allowing any command to be entered, and while keeping an audit trail that identifies who has logged in and what commands they executed. Your policies reside on the server and routers/switches act like clients.
What are some ways of locking down syslog?
By using a separate VLAN for management traffic or encrypting the syslog data.
What is an example of out-of-band (OOB)?
Using a separate VLAN to send management traffic through where the user traffic never goes.
What are 3 ways to secure the control plane?
1) CoPP
2) CPPr
3) Routing protocol authentication
What is CoPP?
Control Plane Policing
How does CoPP work?
You can configure this as a filter for any traffic destined to an IP address on the router itself.
What is an example of CoPP?
You can specify that management traffic, such as SSH/HTTPS/SSL can be rate-limited (policed) down to a specific level.
How is CoPP applied so that the policy can be applied globally to the router?
It is applied to the logical control plane interface (not directly to any Layer 3 interface).
What is CPPr?
Control plane protection.