Translate

Sunday, 18 January 2015

Building a Fortified Network

For Building a Fortress or Secure Network, we break networks into 3 plane considerably :-

  • Management Plane - It deals with securing the device for management purpose for communication. We can secure the management plane by using ssh, https, snmp services. Also it can be secured by restricting whom to allow to login in network. Keeping Brute force attacks away by keeping restrictions for Password attempts and time outs on devices. Providing access to restricted users for authorized privileges using Role Based CLI. Use of Secure NTP (Network time Protocol).                                                                                      
  • Control Plane - Control Plane basically deals with processor or functionality of device. They are Routing updates or Keep Alive messages. For Protecting Control plane authentication of user is must. Also we can specify number of session, device can connect at an instance and limiting the data traffic by restricting a packet size.
  • Data Plane - It is a forwarding plane, which transmits packets from one device to other. Data plane can be protected by using ACL, BPDU Guards and Root Guards to lock down STP. Also Port Security comes in handy in preventing Spoofing of MAC Address.

No comments:

Post a Comment