Control plane hardening is a critical aspect of securing infrastructure devices. Recommended measures include:
A. Routing protocol authentication: Prevents unauthorized devices from injecting false routes by requiring secure key-based authentication (e.g., MD5 or SHA for OSPF/BGP).
B. SNMPv3: Provides secure management through authentication and encryption, preventing interception or modification of SNMP traffic.
C. Control Plane Policing (CoPP): Enforces rate limits and filtering for traffic directed to the device's CPU, protecting against DoS and control plane overloads.
Why other options are incorrect:
D. Redundant AAA servers support authentication resilience but are more about access control than direct control plane protection.
E. Warning banners are a legal and administrative best practice, not a technical control plane defense.
F. Enabling unused services is the opposite of best practices and increases the attack surface.
These control-plane protections are emphasized in CCDE v3.1 design guidance for resilient and secure infrastructure designs.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit