Thursday, March 11, 2010

Secure IOS Template Version 6.2 01 FEB 2010

Introduction

One of the challenges of any network is how to mitigate, if not deny, the various attacks launched daily on the Internet. While blocking the script kiddies and their attempts to gain root or scan a subnet is one challenge, a greater challenge has been to mitigate the DDoS attacks. While nothing is foolproof, layers of protection can be applied to the problem.

Taking a holistic view of the challenge led to the creation of the layered approach. In this approach, the following philosophies are applied:

  1. The border router provides for protocol protection and defends itself and the firewall.
  2. The firewall provides port protection and defends itself and the host residing behind it.
  3. The end stations are configured to survive various DOS attacks as well as to reduce the number of noxious services which might be exploited.

This results in the "funnel effect," wherein progressively less nasty traffic comes through the overall pipe. The network is "crunchy through and through," not just at the edges.

A brief aside - If you are interested in tuning your UNIX systems to provide additional defense against myriad attack types, please peruse my UNIX IP Stack Tuning Guide.

Read more: Secure IOS Template Version 6.2 01 FEB 2010

Posted via email from jasper22's posterous