Cisco® CCNA Security Exam Notes : Securing Routing Protocols

4. Secure Routing and Switching

4.2 Securing routing protocols

telnet and http protocols are insecure, i.e., information is transmitted in plain text. They use TCP port numbers 23 and 80 respectively.

ssh and https are secure protocols, i.e., they carry information in encrypted form. They use TCP port numbers 22 and 443 respectively.

Authenticated Routing Protocol Updates:

Routing protocol authentication options for the most often used routing protocols such as EIGRP, OSPF, RIP and BGP are preferred due to reasons such as route manipulation or poisoning. There are two ways to do this:

  • Using a routing protocol centric solution that configures the passwords or keys to use within the routing protocol configuration, or
  • By using separately configured keys that are able to be used by multiple routing protocols. The configuration of both RIP and EIGRP utilize key chains for their authentication configuration.

The following security measures may be applied to Data Plane:

  • Access Control Lists (ACLs)
  • Private VLANs
  • Spanning Tree Protocol guards
  • IOS IPS, and
  • Zone-based firewall

OSPF authentication can be enabling in two ways:

  • Per interface: Authentication is enabling per interface using the "ip ospf athentication" command.
  • Area authentication: Authentication for area can enable using "area authentication" command.

Types of Authentication : There are three different types of authentication available for OSPF version 2:

  • Null authentication: provides no authentication, this is the default on Cisco routers.
  • Clear text authentication: passwords are exchanged in clear text on the network
  • Cryptographic authentication: uses the open standard MD5 encryption.



Previous   Contents   Next