This chapter covers the following topics:
• The definition of the different security zones around the topology of the Data Center
• Security designs pertaining to the Internet Edge, including antispoofing filtering, Unicast Reverse Path Forwarding (uRPF), traffic rate limiting, routing protocol security, stateful firewalling, and intrusion detection
• Core security, including device hardening and routing protocol security
• Aggregation layer security using stateful firewalls, packet filters, and network-based intrusion detection systems (IDSs)
• Server farm security deploying host-based and network-based intrusion detection, private VLANs, port security, VLAN access control lists (ACLs), ...