Control Plane Protection - Cisco NFP (Network Foundation Protection)
The three planes which are defined by Cisco NFP (Network Foundation Protection) are Management plane, Control plane and Data plane. Management plane, Control plane and Data plane must be well protected to ensure business continuity and prevent external attacks to the organization's network infrastructure devices. Cisco NFP (Network Foundation Protection) framework provides the technologies and tools which are required to secure Management plane, Control plane and Data plane. Following list are the important Tools and Technologies to protect Control Plane.
Cisco AutoSecure: Cisco AutoSecure can be used to lock a device by using one-step device lockdown to protect all the planes. One-step lockdown can be initiated by using device IOS CLI or by or CCP (Cisco Configuration Professional).
Routing Protocol Authentication: Routing Protocol Authentication is a security mechanism which can prevent an attacker from injecting fraudulent routes. RIPv2, EIGRP and OSPF support Routing Protocol Authentication
CoPP (Control Plane Policing): CoPP (Control Plane Policing) is another security mechanisms which is designed to prevent unnecessary traffic from reducing the processing power of a router. CoPP (Control Plane Policing), CPPr (Control Plane Protection) and Control Plane Logging can together protect the Control Plane in a better way. Using CoPP network administrators can configure Quality of Service (QoS) filters to manages the traffic flow of Control Plane traffic. CPPr (Control Plane Protection) can be used to filter and limit the Control Plane traffic flow. Control Plane Logging can be used to log CoPP actions.