Chapter 5. Security Recommendations

In this chapter, you learn about the following:

  • Security recommendations for network elements

  • General router security measures

  • Security recommendations for the core network

  • IGP routing security recommendations

  • Operational considerations for MPLS over IP

In this chapter, we recommend security measures for every router and progress to customer edge, core infrastructure, and provider edge security mechanisms. The reader will find a full provider edge configuration example in Appendix A with a clarification of key security explanations.

In any network, security considerations devolve into essentially two areas of focus, this first area being compromises that can be either accidental or deliberate. Accidental compromises can occur as a result of misconfigurations or by anticipated changes in the network. Alternatively, compromises can be deliberate, such as attacks by some miscreant entity determined to cause havoc. In either case, the risk vectors are either external, such as issues driven by events external to the network in question, or internal, such as problems that are sourced from within the network itself.

The methods used to accomplish the compromises are the second area of focus. Most security-related problems fall into the categories of Denial of Service (DoS) or intrusion in any network. Security considerations devolve into essentially two sets of two types of issues. Compromises are either of the following:

  • Accidental? Problems that occur due to misconfigurations or anticipated changes in the network

  • Deliberate? Attacks by some entity bent on causing havoc

The risk factors of these compromises are either external (issues driven by events external to the network in question) or internal (problems sourced from within the network itself). Additionally, most security-related problems fall into two categories:

  • Denial of Service (DoS)? These events may be intentional or accidental.

  • Reconnaisance? These issues by definition are intentional.

It is essential to harden the network components and the entire system to minimize the likelihood of any of these scenarios. However, as with all resource-consuming features, you must strike a balance between maximizing security and offering the performance and usability the service is intended to provide. Clearly, a completely disconnected host or router has total security; however, its ability to forward data or provide services is substantially compromised.

The state of the network from an availability and security viewpoint may also differ with respect to the perspective of the interested party. That is, the concerns of the service provider and the customer intersect, but they do not completely overlap. Indeed, the perspective of the current status of the network may not be identical for the two parties.