This implementation enables true fault isolation and compartmentalization in the event of a security incident by preventing faults in one subsystem from negatively affecting others.
Discrete software components (subsystems) are implemented as separate software processes that run in their own protected memory address spaces. The modular, physically, and logically distributed architecture of Cisco IOS XR Software, as shown in Figure 1, offers tremendous advantages in creating a highly available, secured routing platform and network. The three functional planes of a network, the management, control, and data planes, each provide a different functionality that must be protected.įigure 1. Structured around the three planes by which the functions of a network device are categorized, this document provides an overview of each Cisco IOS XR Software feature and references related documentation. This document contains information that will help users secure Cisco IOS XR system devices to increase the overall security of a network. Identify Traffic by Using Classification ACLs Identify Anomalous Activity by Using NetFlow Open Shortest Path First Authentication with Keychainįilter IPv4 Traffic with Remote Triggered Black Hole Filteringįilter IPv6 Traffic with Remote Triggered Black Hole Filteringįeatures and Traffic Types that Impact the RP and LC CPU Message-Digest Algorithm 5 Peer AuthenticationīGP Time-to-Live-Based Security Protection
General Routing Protocol Securing Techniques Limit CPU Impact of Control Plane Traffic SNMP Community Strings with Access Control ListsĬontrol SNMP with Management Plane ProtectionĬreate Software and Configurations Backups Limit Network Access with Access Control ListsĪuthentication, Authorization, and Accountingįortify Simple Network Management Protocol Korn Shell and Auxiliary Authentication and Bypass Using Authentication, Authorization, and Accounting
0 kommentar(er)
