Therefore, security concepts will be recommended, although the exact configuration details may not be provided. In addition to providing configuration details, this document serves primarily as a best practices guide. The data plane does not include traffic that is sent to the local Cisco firewall device. Data plane: The data plane forwards data through a network device.The control plane consists of applications and protocols between network devices, which include the interior gateway protocols (IGPs) such as the Enhanced Interior Gateway Routing Protocol (EIGRP) and Open Shortest Path First (OSPF). Control plane: The control plane of a network device processes the traffic that is paramount to maintaining the functionality of the network infrastructure.Management plane: The management plane manages traffic that is sent to the Cisco firewall device and is composed of applications and protocols such as SSH and Simple Network Management Protocol (SNMP).The three functional planes of a network each provide different functionality that needs to be protected. For the purposes of this document, all mentions of "Cisco firewall" refer explicitly to the Cisco ASA Adaptive Security Appliances, though the concepts may apply to other firewall and security devices. In addition, this document provides an overview of each included feature and references to related documentation. This document is structured around security operations (best practices) and the three functional planes of a network. The functions of network devices are structured around three planes: management, control, and data. This document provides administrators and engineers guidance on securing Cisco firewall appliances, which increases the overall security of an end-to end architecture. Limiting the CPU Impact of Data Plane Traffic Show or Hide Invalid Usernames in Syslogsįiltering Transit Traffic with Transit ACLsĮnable Inspection for Nondefault ApplicationsĪCLs to Block Private and Bogon Addresses Using Authentication, Authorization, and Accounting.įortifying the Simple Network Management Protocolĭisable Logging to Monitor Sessions and the Console Leverage Authentication, Authorization, and Accounting.Ĭontrol Management Sessions for Security Services Modules Monitor Cisco Security Advisories and Responses
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |