« Day #20 – #23 – Slacking off!
Day #25 – Boy! Was i wrong! :) »

Day #24 – The final frontier.


Let me clarify! :) I call this the final frontier , not because of i’m almost done with the CCIE-sec studies, but because i only have 1 section left in the ccie-sec v3.0 blueprint. That section being “Control and Management Plane security”.

Here are the topics that must be covered :

Implement Control Plane and Management Plane Security

A. Implement routing plane security features (protocol authentication, route filtering)
B. Configure Control Plane Policing
C. Configure CP protection and management protection
D. Configure broadcast control and switchport security
E. Configure additional CPU protection mechanisms (options drop, logging interval)
F. Disable unnecessary services
G. Control device access (Telnet, HTTP, SSH, Privilege levels)
H. Configure SNMP, Syslog, AAA, NTP
I. Configure service authentication (FTP, Telnet, HTTP, other)
J. Configure RADIUS and TACACS+ security protocols
K. Configure device management and security

1. IOS Login Enhancements
2. IP Source Tracker
3. Role Based CLI
4. IOS Resilient Configuration
5. Buffer Overflow Detection and correction
6. Additional CPU protection mechanisms (options drop, logging interval)

So as usual i planned to make a structured approach towards this : Starting from the basics and heading towards advanced configs. So this lead me into the DocCD where i spent time searching for the right documentation to go through . I found 2 configuration guides, one for Control plane security and the other for Management plane. The control plane guide is very well written and it’s easily understandable. However the management plane configuration guide is “SUPER” big and it’s not feasible to read and remember everything.

So what i did today was i went through the configuration guide for control plane security and made notes. This was very helpful and i now feel confident that i can tackle the tasks i might encounter in the Vol 1 labs for this section. You can find the notes HERE!

Tomorrow i’m going to figure out a way to read through the management plane configuration guide efficiently  and i’ll definitely share the experience/notes with you all! :)

Hope you find the notes useful. Please feel free to point out any mistakes/comments that you might find/have in the comments section. I’m really lucky to have a medium through which i can interact with people and learn so much!

Thanks you readers! :)

Cheers,

TacACK

This entry was posted on Tuesday, December 15th, 2009 and is filed under 90 Day countdown. You can follow any responses to this entry through RSS 2.0. You can leave a response, or trackback from your own site.

  1. No comments yet.
(will not be published)

  1. No trackbacks yet.