2Securing Network Devices
This chapter studies the following topics:
- – the types of network traffic:
- - the management plane,
- - the control plane,
- - the data plane;
- – securing the management plan:
- - securing passwords,
- - implementing connection restrictions,
- - securing access through control lines, VTY and auxiliaries,
- - assigning administrative roles: protecting access using privilege levels;
- – protecting access through the management of “views” and “super-views”:
- - securing configuration files and the system,
- - using automated security features;
- – securing the control plan.
2.1. Types of network traffic
Cisco has categorized the different types of network traffic into different “planes” of communication. It has defined three such planes: the management plane, the control plane and the data plane.
- – the management plane: this includes traffic used by a network administrator to configure network devices. It is generally made up of protocols, such as Telnet, SSH and SNMP;
- – the control plane: this includes traffic between the network devices, transmitted to each other for discovery and/or for automatically configuring the network, such as the traffic of updating routing protocols or ARP protocol, for instance.
- – the data plane: this is the actual traffic of end users in the network.
2.2. Securing the management plan
Securing the management plan includes, among others, the following:
- – applying a secure password policy;
- – securing console, VTY and auxiliary access; ...
Get Computer Network Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
