DoS Protection on Cisco 7600 Routers

---

• DoS Protection on Cisco 7600 Routers
• Twitter spam shows large fall
• How to protect access to Web-based applications
• Phone networks try new spam abuse system
• Gartner: 10 mobile & wireless technologies that should be on your radar
• Rustock botnets starts spewing encrypted spam
• Police ask internet cafes to snoop on users
• Victorinox’s £100,000 challenge for secure USB stick
• WA government bureaucrats slapped down for laptop losses
• Protect your Facebook privacy
• Protecting Sensitive Business Data on the iPad
• GSMA launches SMS spam reporting service
• China's Great Firewall spreads overseas
• 20 years for notorious TJX hacker Gonzalez
• Security in the Cloud

DoS Protection on Cisco 7600 Routers Posted: 26 Mar 2010 12:58 PM PDT The Cisco 7600 router is in my opinion one of the most versatile High End routing machines on the planet!! It is one of my favorite networking devices. If you take a look at Cisco website under the Routers Product Category, you will notice that the 7600 can be used in Data Centers, in Service Provider networks, in WAN aggregation or as Internet Edge router. In Service Providers can be used as Provider Edge (PE) in IP MPLS networks aggregating many Customer Edge (CE) router devices. Its modularity and high port capacity allows the 7600 to work as both Layer2 aggregation and as Layer3 high performance router. In Service Provider networks one of the main concerns of network administrators is to protect the networking infrastructure from Denial of Service attacks. These DoS attacks are actually the most serious and popular security threat against Service Providers. Botnets are frequently the main source of such attacks. ICMP flooding, UDP flooding, spoofed addresses DoS, SYN attacks etc are a few examples of DoS or DDos (Distributed Denial of Service) attacks. Fortunately the Cisco 7600 router has many robust features and mechanisms to protect itself from such attacks. In the company that I work (Service Provider) we have already implemented several security protection features on 7600 which are really effective against DoS attacks. A summary of the DoS protection mechanisms on 7600 follows below: Security Access Control Lists (ACL): Applied on interfaces to block traffic at Layer3/4 layers. QoS Rate Limiting: Using class-maps and policy-maps you can apply rate limiting to specific type of traffic (e.g ICMP) uRPF (unicast Reverse Path Forwarding): protects against spoofing attacks. Traffic Storm Control: Protects against broadcast storm attacks. TCP Intercept: Protects against SYN attacks. Hardware-Based Rate Limiters: Work on PFC3 engines. These rate limiters protect the MSFC routing engine from various packets that can overload its CPU (configured with the mls rate-limit command) Control Plane Policing (CoPP)::Again used for protection of the MSFC routing engine by applying rate limiting to packets that flow from the data plane to the control plane. Of course in addition to the above you must not forget other important security mechanisms such as strong password policy, proper Authentication and Accounting, logging, SNMP security, Routing Protocols security (MD5 authentication in OSPF, BGP etc) etc. All of these technical issues must be based on a thorough and carefully written security policy. Related posts: DoS Protection for Cisco IP Networks Lan-to-Lan IPSEC VPN between two Cisco Routers Configuring Connection Limits on Cisco ASA Firewalls – Protect from DoS

Twitter spam shows large fall Posted: 26 Mar 2010 09:00 AM PDT Twitter has published figures that appear to show a dramatic fall in spam on the service.

How to protect access to Web-based applications Posted: 26 Mar 2010 09:00 AM PDT As more companies begin to rely on Web-based applications, questions arise about the security of such applications. One weak link in the security chain is user authentication. User IDs and passwords are insufficient to protect your business from unauthorized access. This article describes a Web-based service that provides multi-factor authentication for applications in the cloud.

Phone networks try new spam abuse system Posted: 26 Mar 2010 09:00 AM PDT Mobile phone companies are trialling a new abuse reporting system that could make it much easier for networks to spot and block spam reported by consumers across the world.

Gartner: 10 mobile & wireless technologies that should be on your radar Posted: 26 Mar 2010 09:00 AM PDT Gartner is highlighting 10 mobile and wireless networking technologies – including new versions of Bluetooth and location-awareness -- it says will play a big role in business-to-employee and business-to-consumer interactions over the next couple of years.

Rustock botnets starts spewing encrypted spam Posted: 26 Mar 2010 09:00 AM PDT The volume of spam being sent by the notorious Rustock botnet using TLS encryption has surged in recent weeks, establishing an important new trend in botnet behaviour, security companies have said.

Police ask internet cafes to snoop on users Posted: 26 Mar 2010 09:00 AM PDT Internet café owners are being asked to snoop on online activities of its customers in a bid to combat terrorism in the UK.

Victorinox’s £100,000 challenge for secure USB stick Posted: 26 Mar 2010 09:00 AM PDT Victorinox today launched its range of Victorinox secure data storage devices in Europe. The Victorinox Secure Pro is a USB flash drive using fingerprint biometric security to authenticate AES256 encryption technology.

WA government bureaucrats slapped down for laptop losses Posted: 26 Mar 2010 09:00 AM PDT Woeful security measures in place in Western Australian government agencies are failing to protect sensitive staff and taxpayer information, according to an official security audit.

Protect your Facebook privacy Posted: 26 Mar 2010 09:00 AM PDT Whether you're a committed telly addict, a tabloid aficionado or a web surfer extraordinaire, every couple of days seems to bring another security scare. Here, we show you how to protect your privacy in Facebook.

Protecting Sensitive Business Data on the iPad Posted: 26 Mar 2010 09:00 AM PDT The Apple iPad is coming, and--thanks primarily to the iPhone revolution--it is guaranteed to break out of its consumer-oriented shackles and start showing up at work. A quote from Star Trek: The Next Generation comes to mind: "Resistance is futile." Your business data will be assimilated.

GSMA launches SMS spam reporting service Posted: 25 Mar 2010 09:00 AM PDT The falling cost of text messaging is making mobile-phone users a more attractive target for spammers, according to the GSM Association. To counter this, it wants its mobile-network-operator members to "crowd-source" spam reports from their customers to help them identify and cut off spammers abusing SMS (Short Message Service).

China's Great Firewall spreads overseas Posted: 25 Mar 2010 09:00 AM PDT A networking error has caused computers in Chile and the U.S. to come under the control of the Great Firewall of China, redirecting Facebook, Twitter, and YouTube users to Chinese servers.

20 years for notorious TJX hacker Gonzalez Posted: 25 Mar 2010 09:00 AM PDT Hacker mastermind Albert Gonzalez was sentenced Thursday in U.S. District Court to two concurrent 20-year stints in prison for his role in what prosecutors called the "unparalleled" theft of millions of credit card numbers from major U.S. retailers.

Security in the Cloud Posted: 25 Mar 2010 09:00 AM PDT When evaluating cloud computing, organisations are of course concerned about security issues. Information is hosted elsewhere, often offshore. Legal aspects are important for wider security considerations, although reputational risk of a security breach can be more significant.

You are subscribed to email updates from "Cisco" via ehsan in Google Reader To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google Inc., 20 West Kinzie, Chicago IL USA 60610