Chapter 13. Security and VPNs

Previous page
Table of content
Next page


This chapter discusses how to configure and use the following network security features:

  • 13-1: Suggested Ways to Secure a Router ” The Cisco IOS software provides a wide range of functionality on a router. This section gives you a set of tips on how to close down unnecessary router services and control access to the router itself.

  • 13-2: Authentication, Authorization, and Accounting (AAA) ” A router can interface with external servers to authenticate incoming users, grant or deny permission to specific network resources, and maintain an audit trail for billing or logging purposes.

  • 13-3: Dynamically Authenticate and Authorize Users with Authentication Proxy ” A router can intercept HTTP traffic and require user authentication on behalf of external AAA servers. Authorization to network resources can also be granted per user.

  • 13-4: Controlling Access with Lock and Key Security ” You can control access to a network by having a router block access until an end user authenticates. Temporary access is then granted through router security.

  • 13-5: Filtering IP Sessions with Reflexive Access Lists ” Inbound traffic can be tightly controlled at a router. Outbound traffic can then trigger temporary access for returning inbound traffic.

  • 13-6: Prevent DoS Attacks with TCP Intercept ” A router can monitor and intercept half-opened TCP sessions, protecting hosts on the inside of a protected network.

  • 13-7: Intelligent Filtering with Context-Based Access Control (CBAC) ” A comprehensive set of firewall functions can be configured on a router. CBAC performs traffic filtering (better than access lists), traffic inspection (better than Reflexive Access Lists), and TCP Intercept. It also generates alerts and audit trails and limited intrusion detection.

  • 13-8: Detect Attacks and Threats with the IOS Intrusion Detection System ” A router can monitor inbound traffic from an unprotected network. It detects 59 different attacks that are commonly used. Attack signatures can be selectively enabled or disabled, according to your security requirements.

  • 13-9: Using Internet Key Exchange (IKE) for VPNs ” IKE provides a standardized means for maintaining and exchanging encryption and authentication keys between routers and other IPSec VPN devices. IKE can also integrate with certificate authorities for centralized certificate management.

  • 13-10: IPSec VPN Tunnels ” IP Security (IPSec) provides a standardized way to secure data transmission over a public or unprotected network. Data can be encrypted with DES or 3DES, authenticated at the packet level to ensure data integrity, and authenticated to verify the source of the data packets.


Previous page
Table of content
Next page
Cisco Field Manual[c] Router Configuration
Cisco Field Manual[c] Router Configuration
ISBN: 1587050242
EAN: N/A
Year: 2005
Pages: 185
BUY ON AMAZON
Image Processing with LabVIEW and IMAQ Vision
Building Web Applications with UML (2nd Edition)
Systematic Software Testing (Artech House Computer Library)
Sap Bw: a Step By Step Guide for Bw 2.0
Extending and Embedding PHP
Python Standard Library (Nutshell Handbooks) with
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy