Earlier releases of Cisco NX-OS Software may not include all features or capabilities discussed here.
The guidance in this document is based on Cisco NX-OS Release 5.1. There are no specific requirements for this document. PrerequisitesĮngineers and administrators should possess a conceptual understanding of the Cisco Nexus operating system (Cisco NX-OS) and the basic configuration options available. Where possible and appropriate, this document contains recommendations that, if implemented, help secure a network. However, in cases where it does not, the features are explained in such a way that you can evaluate whether additional attention to a feature is required. The discussion of security features in this document provides the essential details for engineers and administrators to configure the respective features. The data plane does not include traffic that is sent to the local Cisco NX-OS device. Data plane: The data plane forwards data through a network device.The control plane consists of applications and protocols between network devices, including Border Gateway Protocol (BGP) and Interior Gateway Protocols (IGPs) such as Enhanced Interior Gateway Routing Protocol (EIGRP) and Open Shortest Path First (OSPF). Control plane: The control plane of a network device processes the traffic that is important to maintaining the functions of the network infrastructure.This plane consists of applications and protocols such as Secure Shell (SSH) and Simple Network Management Protocol (SNMP). Management plane: The management plane is the flow path that traffic uses when it is sent to a Cisco NX-OS device.Each provides functions that need to be protected. The three functional planes of a network are the management plane, control plane, and data plane. It provides an overview of each security feature included in Cisco NX-OS and includes references to related documentation. The document is organized according to the three planes into which functions of a network device can be categorized. This document contains information to help you secure, or harden, your Cisco NX-OS Software system devices, which increases the overall security of your network. Limiting the Effect of Data-Plane Traffic on the CPUįeatures and Traffic Types That Affect the CPUĪppendix A: Cisco NX-OS Hardening Checklist Limiting the Effect of Control-Plane Traffic on the CPUĭisabling or Limiting IP Directed Broadcasts Securing the Console Port, Auxiliary Port, and Connectivity Management Processorĭo Not Log to Console or Monitor SessionsĬonfiguration Checkpoint and Configuration RollbackĬonfiguration Change Notification and Logging Limiting Access to the Network with Infrastructure ACLsįiltering Internet Control Message Protocol Packets Recommendations for Creating Strong Passwords Use Authentication, Authorization, and Accounting Monitor Cisco Security Advisories and Responses
0 kommentar(er)
