Border Gateway Protocol or BGP, is a gateway protocol that enables the Internet to exchange routing information between AS or Autonomous Systems. It is used by Large Enterprise and Service Providers. Here are the recommended Best Security Practices that need to be implemented on your Juniper Routers. Authentication need to be set for all peering using MD5 set protocols bgp group <group_name> authentication-key <MD5 key> There are few supported authentication that you can use aes-128-cmac-96 Cipher-based Message Authentication Code (AES128)…
Tag: <span>security</span>
As per Cisco website definition: Control Plane Policing (CoPP) is a Cisco IOS-wide feature designed to allow users to manage the flow of traffic handled by the route processor of their network devices. CoPP is designed to prevent unnecessary traffic from overwhelming the route processor that, if left unabated, could affect system performance. Here’s a sample configuration in applying Control Plane Policing (CoPP) in Cisco IOS Routers Step1: Create necessary ACLs a. Important services,e.g.NTP,SSH,SNMP ip access-list extended SSH-ACL permit…
Here’s sample firewall configuration in protecting the box and its services. ICMP: ICMP message types are essential for network administration and troubleshooting. There are quite a number of ICMP parameters, you can refer to IANA ICMP Parameters for the list or if you want to learn more details about ICMP can refer to RFC792. Here’s the 4 types I consider useful for troubleshooting and need to be allowed.Type 0 — Echo Reply –> response from target to host Type 8 — Echo Request–>…
As per Cisco official site definition of FPD: An FPD refers to any programmable hardware device on a router, which includes a Field Programmable Gate Array (FPGA) and Read Only Memory Monitor (ROMMON). Cisco IOS® XR routers use a number of FPDs that are crucial for the function of route processors, line cards, shared port adapters (SPAs), SPA Interface Processors (SIPs), and fan trays.Sample of upgrading fpd in ASR9000 running in IOS-XR. Linecard used is 24x10GE Tomahawk linecard.A. Check first…
Nmap, or short for Network Mapper, is a free and pen-source tool for scanning vulnerabilities and can also be used for network discovery. It can help identify what devices are running on their systems, discovering hosts that are available and the services they running. To see the open ports or running daemon/services in your routers or switches, you can use nmap to test your routers. where: 192.168.1.1 is your router IP Sample1: To scan using default safe scripts nmap -sV…
Leave a Comment