Cisco^® CCNA Security Exam Notes : Securing Routing Protocols

4. Secure Routing and Switching

4.2 Securing routing protocols

telnet and http protocols are insecure, i.e., information is transmitted in plain text. They use TCP port numbers 23 and 80 respectively.

ssh and https are secure protocols, i.e., they carry information in encrypted form. They use TCP port numbers 22 and 443 respectively.

Authenticated Routing Protocol Updates:

Routing protocol authentication options for the most often used routing protocols such as EIGRP, OSPF, RIP and BGP are preferred due to reasons such as route manipulation or poisoning. There are two ways to do this:

• Using a routing protocol centric solution that configures the passwords or keys to use within the routing protocol configuration, or
• By using separately configured keys that are able to be used by multiple routing protocols. The configuration of both RIP and EIGRP utilize key chains for their authentication configuration.

The following security measures may be applied to Data Plane:

• Access Control Lists (ACLs)
• Private VLANs
• Spanning Tree Protocol guards
• IOS IPS, and
• Zone-based firewall

OSPF authentication can be enabling in two ways:

• Per interface: Authentication is enabling per interface using the "ip ospf athentication" command.
• Area authentication: Authentication for area can enable using "area authentication" command.

Types of Authentication : There are three different types of authentication available for OSPF version 2:

• 1. Security Concepts
  • 1.1 Common Security principles
  • 1.2 Common Security threats
  • 1.3 Cryptography Concepts
  • 1.4 Network Topologies
• 2. Secure Access
  • 2.1 Secure management
  • 2.2 AAA Concepts
  • 2.3 802.1X authentication
• 3. VPN
  • 3.1 VPN Concepts
  • 3.2 Remote access VPN
  • 3.3 Site-to-site VPN
• 4. Secure Routing and Switching
  • 4.1 Security on Cisco routers
  • 4.2 Securing routing protocols
  • 4.3 Securing the control plane
  • 4.4 Common Layer 2 attacks
  • 4.5 Mitigation procedures
  • 4.6 VLAN Security
• 5. Cisco Firewall Technologies
  • 5.1 Different Firewall technologies
  • 5.2 Implement NAT on cisco ASA 9.x
  • 5.3 Implement Zone-Based firewall
  • 5.4 Firewall features on the Cisco Adaptive Security Appliance (ASA)
• 6. IPS
  • 6.1 IPS Deployment considerations
  • 6.2 IPS Technologies
• 7. Content and Endpoint Security
  • 7.1 Describe mitigation technology for email-based threats
  • 7.2 Mitigation technology for web-based threats
  • 7.3 Describe mitigation technology for endpoint threats