Cisco IOS XR Security Guide
This introduction contains the following:
• Definition of security and the role of security in the larger context of high network availability
• A preview of the modules in the Cisco IOS XR Security Guide
This guide describes many aspects of the system security that Cisco IOS XR software provides on the Cisco CRS-1 routers and Cisco 12000 Series Router.
Internet attacks occur every day, and these attacks can include core routers as targets—usually with some form of denial of service (DoS) attack. Fortunately, the Cisco CRS-1 router and Cisco 12000 Series Router come with a highly robust, built-in security structure. These routers can withstand attacks and remain in service until the necessary responses have been completed. This guide describes the software architecture and the hardware support for addressing these attacks. It also provides guidance on how you can further protect your investment in these products. Our security goal for the Cisco CRS-1 router and the Cisco 12000 Series Router is to neutralize attacks and recover quickly from any degradation of service. The point is to keep the router always operating, regardless of even a distributed denial of service (DDoS) attack. We developed the systems that run Cisco IOS XRsoftware so that an attack on one process, service, or plane does not compromise any other process, service, or plane. For example, a process that is shut down automatically restarts, and when needed, a patch can be applied without restarting the router. Essentially, these mechanisms are:
• Modularity of services
• Separation and isolation of management, control, and data (or forwarding) planes
• Multiple layers of increasingly stringent defense
• Convenient upgradability
Get pdf Cisco IOS XR Security Guide