Service Provider Security Best Practices assist service providers as they protect and secure the Internet Infrastructure through the design and deployment of security and operational practices, techniques, and capabilities.
DNS Best Practices, Network Protections, and Attack Identification
Learn about general best practices, network protections, and attack identification techniques that operators and administrators can use for implementations of the DNS protocol.
Expert Recommendations
Unicast RPF for IPv6 on the Cisco 12000 Series
Configuring the BGP Maximum-Prefix Feature
Configuring NetFlow v9 for IPv6
Cisco Security Blog: Possible Exploit Vector for DarkLeech Compromises
Unicast RPF for IPv6 on the Cisco 12000 Series
Configuring the BGP Maximum-Prefix Feature
Configuring NetFlow v9 for IPv6
Cisco Security Blog: Possible Exploit Vector for DarkLeech Compromises
Interface Access Control Lists
Protecting Your Core: Infrastructure Protection Access Control Lists
Access List Performance Improvements for Cisco 12000 Gigabit Switch Routers
Cisco IOS IPv6 Access Control List
Implementing Access Lists and Prefix Lists on Cisco IOS XR Software
Interface QoS Policies
Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.4
Implementing QoS for IPv6 - Cisco IOS IPv6 Configuration Guide, Release 12.4
Catalyst 6500 Release 12.2SXH and Later Software Configuration Guide - Configuring PFC QoS
Unicast Reverse Path Forwarding
Understanding Unicast Reverse Path Forwarding
Unicast Reverse Path Forwarding in Strict Mode on the Cisco 12000 Series Internet Router
Unicast RPF for IPv6 on the Cisco 12000 Series
Unicast Reverse Path Forwarding Enhancements for the Internet Service Provider-Internet Service Provider Network Edge
URPF MIB
CISCO-IP-URPF-MIB Support
IPv4 Options Handling
Cisco IOS 12.0S - IP Options Selective Drop
IP Options Selective Drop
Creating an IP Access List to Filter IP Options, TCP Flags, Noncontiguous Ports, or TTL Values
IPv6 Extension Headers
IPv6 Extension Headers Review and Considerations
Countermeasures for the Malicious Use of IPv6 Type 0 Routing Headers
ICMPv6 Packet Types and Codes
Flexible Packet Matching
Catalyst 6500 - Cisco IOS Software Security: Flexible Packet Matching
Cisco IOS Flexible Packet Matching Deployment Guide
Flexible Packet Matching XML Configuration
Remotely Triggered Black Hole Filtering
Remotely Triggered Black Hole Filtering in IPv6 for Cisco IOS, Cisco IOS XE, and Cisco IOS XR Software
Remotely Triggered Black Hole Filtering - Destination Based and Source Based
Protecting Your Core: Infrastructure Protection Access Control Lists
Access List Performance Improvements for Cisco 12000 Gigabit Switch Routers
Cisco IOS IPv6 Access Control List
Implementing Access Lists and Prefix Lists on Cisco IOS XR Software
Interface QoS Policies
Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.4
Implementing QoS for IPv6 - Cisco IOS IPv6 Configuration Guide, Release 12.4
Catalyst 6500 Release 12.2SXH and Later Software Configuration Guide - Configuring PFC QoS
Unicast Reverse Path Forwarding
Understanding Unicast Reverse Path Forwarding
Unicast Reverse Path Forwarding in Strict Mode on the Cisco 12000 Series Internet Router
Unicast RPF for IPv6 on the Cisco 12000 Series
Unicast Reverse Path Forwarding Enhancements for the Internet Service Provider-Internet Service Provider Network Edge
URPF MIB
CISCO-IP-URPF-MIB Support
IPv4 Options Handling
Cisco IOS 12.0S - IP Options Selective Drop
IP Options Selective Drop
Creating an IP Access List to Filter IP Options, TCP Flags, Noncontiguous Ports, or TTL Values
IPv6 Extension Headers
IPv6 Extension Headers Review and Considerations
Countermeasures for the Malicious Use of IPv6 Type 0 Routing Headers
ICMPv6 Packet Types and Codes
Flexible Packet Matching
Catalyst 6500 - Cisco IOS Software Security: Flexible Packet Matching
Cisco IOS Flexible Packet Matching Deployment Guide
Flexible Packet Matching XML Configuration
Remotely Triggered Black Hole Filtering
Remotely Triggered Black Hole Filtering in IPv6 for Cisco IOS, Cisco IOS XE, and Cisco IOS XR Software
Remotely Triggered Black Hole Filtering - Destination Based and Source Based
Receive Access Control Lists
Cisco IOS Software Releases 12.0 S IP Receive ACL
GSR: Receive Access Control Lists
Control Plane Policing
Understanding Control Plane Protection
Control Plane Policing Implementation Best Practices
Control Plane Policing
Configuring Control Plane Policing
Cisco Nexus 7000 Series NX-OS Security Configuration Guide, Release 4.1 - Configuring Control Plane Policing
Cisco IOS Software Releases 12.2 SB Control Plane Policing
Local Packet Transport Services
Implementing LPTS on Cisco IOS XR Software
LPTS Commands on Cisco IOS XR Software
Selective Packet Discard
Understanding and Using Selective Packet Discard
Troubleshooting Input Drops on the Cisco 12000 Series Internet Router
Routing Protocol Security - BGP
Neighbor Router Authentication: Overview and Guidelines
BGP Neighbor Router Authentication
BGP Support for TTL Security Check
Cisco IOS Software Releases 12.2 S BGP Support for TTL Security Check
Cisco IOS Software Releases 12.0 S - BGP Enforce the First Autonomous System Path
How to Block One or More Networks From a BGP Peer
BGP Prefix-Based Outbound Route Filtering
Configuring the BGP Maximum-Prefix Feature
Routing Protocol Security - IS-IS
Configuring IS-IS Authentication
Cisco IOS XR Routing Command Reference, Release 3.7 IS-IS Authentication (Hello-Password)
IS-IS HMAC-MD5 Authentication and Enhanced Clear Text Authentication
IPv6 Multi-Topology IS-IS
Cisco IOS Software Releases 12.0 S IS-IS Mechanisms to Exclude Connected IP Prefixes from LSP Advertisements
Overview of IS-IS Fast Convergence
Setting Best Practice Parameters for IS-IS Fast Convergence
Routing Protocol Security - OSPF
Cisco IOS XR Routing Command Reference, Release 3.7 OSPF Authentication
Sample Configuration for Authentication in OSPF
Cisco IOS XR Software - Configuring Generalized TTL Security Mechanism (GTSM) for OSPF
Routing Protocol Security - OSPFv3
Cisco IOS XR Routing Command Reference, Release 3.7 OSPFv3 Authentication
Routing Protocol Security - Keychain Management
Implementing Keychain Management on Cisco IOS XR Software
Keychain Management Commands on Cisco IOS XR Software
Label Distribution Protocol Security
MPLS LDP - Lossless MD5 Session Authentication
MPLS LDP Session Protection
MPLS LDP MD5 Global Configuration
MPLS LDP - Local Label Allocation Filtering
Resource Reservation Protocol Security
Deploying RSVP in Multiple Security Domains Networks: Securing Application Quality of Service
RSVP Message Authentication
Cisco IOS Software Releases 12.0 S RSVP Message Authentication
Cisco IOS XR MPLS Command Reference, Release 3.7 RSVP Authentication
Cisco IOS Software Releases 12.0 S IP Receive ACL
GSR: Receive Access Control Lists
Control Plane Policing
Understanding Control Plane Protection
Control Plane Policing Implementation Best Practices
Control Plane Policing
Configuring Control Plane Policing
Cisco Nexus 7000 Series NX-OS Security Configuration Guide, Release 4.1 - Configuring Control Plane Policing
Cisco IOS Software Releases 12.2 SB Control Plane Policing
Local Packet Transport Services
Implementing LPTS on Cisco IOS XR Software
LPTS Commands on Cisco IOS XR Software
Selective Packet Discard
Understanding and Using Selective Packet Discard
Troubleshooting Input Drops on the Cisco 12000 Series Internet Router
Routing Protocol Security - BGP
Neighbor Router Authentication: Overview and Guidelines
BGP Neighbor Router Authentication
BGP Support for TTL Security Check
Cisco IOS Software Releases 12.2 S BGP Support for TTL Security Check
Cisco IOS Software Releases 12.0 S - BGP Enforce the First Autonomous System Path
How to Block One or More Networks From a BGP Peer
BGP Prefix-Based Outbound Route Filtering
Configuring the BGP Maximum-Prefix Feature
Routing Protocol Security - IS-IS
Configuring IS-IS Authentication
Cisco IOS XR Routing Command Reference, Release 3.7 IS-IS Authentication (Hello-Password)
IS-IS HMAC-MD5 Authentication and Enhanced Clear Text Authentication
IPv6 Multi-Topology IS-IS
Cisco IOS Software Releases 12.0 S IS-IS Mechanisms to Exclude Connected IP Prefixes from LSP Advertisements
Overview of IS-IS Fast Convergence
Setting Best Practice Parameters for IS-IS Fast Convergence
Routing Protocol Security - OSPF
Cisco IOS XR Routing Command Reference, Release 3.7 OSPF Authentication
Sample Configuration for Authentication in OSPF
Cisco IOS XR Software - Configuring Generalized TTL Security Mechanism (GTSM) for OSPF
Routing Protocol Security - OSPFv3
Cisco IOS XR Routing Command Reference, Release 3.7 OSPFv3 Authentication
Routing Protocol Security - Keychain Management
Implementing Keychain Management on Cisco IOS XR Software
Keychain Management Commands on Cisco IOS XR Software
Label Distribution Protocol Security
MPLS LDP - Lossless MD5 Session Authentication
MPLS LDP Session Protection
MPLS LDP MD5 Global Configuration
MPLS LDP - Local Label Allocation Filtering
Resource Reservation Protocol Security
Deploying RSVP in Multiple Security Domains Networks: Securing Application Quality of Service
RSVP Message Authentication
Cisco IOS Software Releases 12.0 S RSVP Message Authentication
Cisco IOS XR MPLS Command Reference, Release 3.7 RSVP Authentication
Simple Network Management Protocol
Securing Simple Network Management Protocol
How to Configure SNMP Community Strings
SNMPv3
Implementing SNMP on Cisco IOS XR Software
Syslog
Implementing Logging Services on Cisco IOS XR Software
SSH
Secure Shell Version 2 Support
Configuring Secure Shell on Routers and Switches Running Cisco IOS
Cisco IOS XR System Security Configuration Guide, Release 3.7 Implementing Secure Shell on Cisco IOS XR Software
Secure Copy
Secure Sockets Layer
Cisco IOS XR System Security Configuration Guide, Release 3.7 Implementing Secure Socket Layer on Cisco IOS XR Software
TACACS+
Authentication Protocols - TACACS+ and RADIUS Comparison
Basic TACACS+ Configuration Example
Configure a Cisco Router with TACACS+ Authentication
How to Assign Privilege Levels with TACACS+ and RADIUS
Cisco IOS XR System Security Configuration Guide, Release 3.7 Configuring a TACACS+ Server
Cisco Discovery Protocol
Configuring Cisco Discovery Protocol on Cisco Routers and Switches Running Cisco IOS
Configure the Cisco Discovery Protocol
Configuring Cisco Discovery Protocol
Cisco IOS XR System Management Configuration Guide, Release 3.7 Implementing CDP on Cisco IOS XR Software
Management Plane Protection
Cisco IOS XR System Security Command Reference, Release 3.7 Management Plane Protection Commands on Cisco IOS XR Software
Authentication, Authorization, and Accounting
Cisco IOS XR System Security Configuration Guide, Release 3.7 Configuring AAA Services on Cisco IOS XR Software
Cisco AAA Implementation Case Study
Security Baseline Checklist--Infrastructure Device Access
IP Backscatter Traceback
Service Provider Infrastructure Security Techniques - Backscatter Traceback
Securing Simple Network Management Protocol
How to Configure SNMP Community Strings
SNMPv3
Implementing SNMP on Cisco IOS XR Software
Syslog
Implementing Logging Services on Cisco IOS XR Software
SSH
Secure Shell Version 2 Support
Configuring Secure Shell on Routers and Switches Running Cisco IOS
Cisco IOS XR System Security Configuration Guide, Release 3.7 Implementing Secure Shell on Cisco IOS XR Software
Secure Copy
Secure Sockets Layer
Cisco IOS XR System Security Configuration Guide, Release 3.7 Implementing Secure Socket Layer on Cisco IOS XR Software
TACACS+
Authentication Protocols - TACACS+ and RADIUS Comparison
Basic TACACS+ Configuration Example
Configure a Cisco Router with TACACS+ Authentication
How to Assign Privilege Levels with TACACS+ and RADIUS
Cisco IOS XR System Security Configuration Guide, Release 3.7 Configuring a TACACS+ Server
Cisco Discovery Protocol
Configuring Cisco Discovery Protocol on Cisco Routers and Switches Running Cisco IOS
Configure the Cisco Discovery Protocol
Configuring Cisco Discovery Protocol
Cisco IOS XR System Management Configuration Guide, Release 3.7 Implementing CDP on Cisco IOS XR Software
Management Plane Protection
Cisco IOS XR System Security Command Reference, Release 3.7 Management Plane Protection Commands on Cisco IOS XR Software
Authentication, Authorization, and Accounting
Cisco IOS XR System Security Configuration Guide, Release 3.7 Configuring AAA Services on Cisco IOS XR Software
Cisco AAA Implementation Case Study
Security Baseline Checklist--Infrastructure Device Access
IP Backscatter Traceback
Service Provider Infrastructure Security Techniques - Backscatter Traceback
Network Design
Cisco IOS and NX-OS Software Reference Guide
Network Security Baseline
Bandwidth, Packets Per Second, and Other Network Performance Metrics
Understanding 4-Byte AS Support in C12K and CRS-1
A Security-Oriented Approach to IP Addressing
Secure Network Infrastructure: Protect Video over IP Services
Secure Multivendor Networks
Cisco IPv6 Solutions Integration & Co-Existence
Service Provider Quality of Service Design Guide
VPN Architectures - Comparing MPLS and IPSec
Fixed Mobile Convergence for Integrated-Service Providers
Migration Guide for Explaining 4-Byte Autonomous System
Protecting Border Gateway Protocol for the Enterprise
Operations Security
Understanding Operational Security
Cisco IOS Image Verification
CVSS Usage Within Cisco
Embedded Event Manager in a Security Context
Understanding Access Control List Logging
Identifying Incidents Using Firewall and IOS Router Syslog Events
TTL Expiry Attack Identification and Mitigation
Protect Against Worms
Network Management System: Best Practices White Paper
Cisco IOS XR System Management Configuration Guide, Release 3.7
Cisco XR 12000 Manageability
Operational Best Practices for the Cisco Catalyst 6500 Series
Device Manageability Instrumentation (DMI)
Service Provider Security Best Practices
Cisco Guide to Harden Cisco IOS XR Devices
Cisco Guide to Harden Cisco IOS Devices
Service Provider Infrastructure Security Techniques
Securing Tool Command Language on Cisco IOS
Infrastructure Protection on Cisco IOS Software-Based Platforms
Cisco IOS XR System Security Configuration Guide, Release 3.7
Protecting the Cisco Catalyst 6500 Series Switches Against Denial-Of-Service Attacks
Cisco CRS-1 Carrier Routing System Security Application Note
Cisco IOS and NX-OS Software Reference Guide
Data Center Security
Data Center Security
Cisco Service Delivery Center Infrastructure 2.1 Design Guide
Service Module Design with ACE and FWSM
Data Centers: Best Practices For Security And Performance
Multiprotocol Label Switching
Multiprotocol Label Switching Security Overview
Security of the MPLS Architecture
MPLS Security - Multiprotocol Label Switching for the Federal Government
RFC 4381: Analysis of the Security of BGP/MPLS IP Virtual Private Networks (VPNs)
Managed VPN - Analysis and Comparisons of MPLS-Based IP VPN Security
Analysis of MPLS-Based IP VPN Security: Comparison to Traditional L2VPNs such as ATM and Frame Relay, and Deployment Guidelines
Cisco IOS XR MPLS Configuration Guide, Release 3.7 - Implementing IPv6 VPN Provider Edge Transport over MPLS on Cisco IOS XR Software
MPLS VPN - Inter-AS Option AB
Configuring Multicast VPN Inter-AS Support
Cisco IOS Software Releases 12.0 S BGP Multicast Inter-AS (IAS) VPN
Cisco IOS Software Releases 12.0 S - MPLS-aware NetFlow
Cisco IOS Software Releases 12.0 S - SNMP Notification Support for VPNs
Cisco IOS Software High-Availability Enhancements for IP/MPLS Provider Edge
Cisco Multiprotocol Label Switching Management Strategy
Multicast
The Multicast Security Tool Kit
Securing IP Multicast Services in Triple-Play and Mobile Networks
DNS
DNS Best Practices, Network Protections, and Attack Identification
Geographic Implications of DNS Infrastructure Distribution
NetFlow Instrumentation Techniques
Introduction to Cisco IOS NetFlow - A Technical Overview
NetFlow and Security
NetFlow Performance Analysis
Configuring NetFlow BGP Next Hop Support for Accounting and Analysis
Network Management Case Study: How Cisco IT Uses NetFlow to Capture Network Behavior, Security, and Capacity Data
Configuring MPLS-aware NetFlow
Cisco IOS NetFlow Features Roadmap
NetFlow Layer 2 and Security Monitoring Exports
NetFlow Version 9 Instrumentation Techniques
NetFlow Version 9 Flow-Record Format
NetFlow v9 Export Format
NetFlow v9 for IPv6
Getting Started with Configuring NetFlow and NetFlow Data Export
Flexible NetFlow Instrumentation Techniques
Cisco IOS Flexible NetFlow Technology White Paper
Embedded Event Manager Instrumentation Techniques
Embedded Event Manager in a Security Context
Understanding Cisco IOS Software Embedded Self-Management Capabilities
Cisco IOS XR System Monitoring Configuration Guide, Release 3.7 - Configuring and Managing Embedded Event Manager Policies on Cisco IOS XR Software
Cisco IOS XR System Monitoring Configuration Guide, Release 3.7 - Implementing Performance Management on Cisco IOS XR Software
Cisco IOS Software Releases 12.0 S - Component Outage On-Line (COOL) Measurement for the Cisco 12000
SNMP Instrumentation Techniques
CISCO-IP-URPF-MIB Support
URPF MIB
Network Management System: Best Practices White Paper
Syslog Instrumentation Techniques
Identifying Incidents Using Firewall and IOS Router Syslog Events
Lawful Intercept Instrumentation Techniques
Lawful Interception for 3GPP: Cisco Service Independent Intercept in the GGSN
Lawful Intercept Architecture
Cisco Service Independent Intercept Architecture Version 3.0
Cisco IOS Software Releases 12.0 S - Lawful Intercept on Cisco 12000 Series Router, ISE Line Cards
Cisco IOS Software Releases 12.2 SB - Lawful Intercept Architecture
Cisco 7600 Lawful Intercept Configuration Guide
Cisco IOS and NX-OS Software Reference Guide
Network Security Baseline
Bandwidth, Packets Per Second, and Other Network Performance Metrics
Understanding 4-Byte AS Support in C12K and CRS-1
A Security-Oriented Approach to IP Addressing
Secure Network Infrastructure: Protect Video over IP Services
Secure Multivendor Networks
Cisco IPv6 Solutions Integration & Co-Existence
Service Provider Quality of Service Design Guide
VPN Architectures - Comparing MPLS and IPSec
Fixed Mobile Convergence for Integrated-Service Providers
Migration Guide for Explaining 4-Byte Autonomous System
Protecting Border Gateway Protocol for the Enterprise
Operations Security
Understanding Operational Security
Cisco IOS Image Verification
CVSS Usage Within Cisco
Embedded Event Manager in a Security Context
Understanding Access Control List Logging
Identifying Incidents Using Firewall and IOS Router Syslog Events
TTL Expiry Attack Identification and Mitigation
Protect Against Worms
Network Management System: Best Practices White Paper
Cisco IOS XR System Management Configuration Guide, Release 3.7
Cisco XR 12000 Manageability
Operational Best Practices for the Cisco Catalyst 6500 Series
Device Manageability Instrumentation (DMI)
Service Provider Security Best Practices
Cisco Guide to Harden Cisco IOS XR Devices
Cisco Guide to Harden Cisco IOS Devices
Service Provider Infrastructure Security Techniques
Securing Tool Command Language on Cisco IOS
Infrastructure Protection on Cisco IOS Software-Based Platforms
Cisco IOS XR System Security Configuration Guide, Release 3.7
Protecting the Cisco Catalyst 6500 Series Switches Against Denial-Of-Service Attacks
Cisco CRS-1 Carrier Routing System Security Application Note
Cisco IOS and NX-OS Software Reference Guide
Data Center Security
Data Center Security
Cisco Service Delivery Center Infrastructure 2.1 Design Guide
Service Module Design with ACE and FWSM
Data Centers: Best Practices For Security And Performance
Multiprotocol Label Switching
Multiprotocol Label Switching Security Overview
Security of the MPLS Architecture
MPLS Security - Multiprotocol Label Switching for the Federal Government
RFC 4381: Analysis of the Security of BGP/MPLS IP Virtual Private Networks (VPNs)
Managed VPN - Analysis and Comparisons of MPLS-Based IP VPN Security
Analysis of MPLS-Based IP VPN Security: Comparison to Traditional L2VPNs such as ATM and Frame Relay, and Deployment Guidelines
Cisco IOS XR MPLS Configuration Guide, Release 3.7 - Implementing IPv6 VPN Provider Edge Transport over MPLS on Cisco IOS XR Software
MPLS VPN - Inter-AS Option AB
Configuring Multicast VPN Inter-AS Support
Cisco IOS Software Releases 12.0 S BGP Multicast Inter-AS (IAS) VPN
Cisco IOS Software Releases 12.0 S - MPLS-aware NetFlow
Cisco IOS Software Releases 12.0 S - SNMP Notification Support for VPNs
Cisco IOS Software High-Availability Enhancements for IP/MPLS Provider Edge
Cisco Multiprotocol Label Switching Management Strategy
Multicast
The Multicast Security Tool Kit
Securing IP Multicast Services in Triple-Play and Mobile Networks
DNS
DNS Best Practices, Network Protections, and Attack Identification
Geographic Implications of DNS Infrastructure Distribution
NetFlow Instrumentation Techniques
Introduction to Cisco IOS NetFlow - A Technical Overview
NetFlow and Security
NetFlow Performance Analysis
Configuring NetFlow BGP Next Hop Support for Accounting and Analysis
Network Management Case Study: How Cisco IT Uses NetFlow to Capture Network Behavior, Security, and Capacity Data
Configuring MPLS-aware NetFlow
Cisco IOS NetFlow Features Roadmap
NetFlow Layer 2 and Security Monitoring Exports
NetFlow Version 9 Instrumentation Techniques
NetFlow Version 9 Flow-Record Format
NetFlow v9 Export Format
NetFlow v9 for IPv6
Getting Started with Configuring NetFlow and NetFlow Data Export
Flexible NetFlow Instrumentation Techniques
Cisco IOS Flexible NetFlow Technology White Paper
Embedded Event Manager Instrumentation Techniques
Embedded Event Manager in a Security Context
Understanding Cisco IOS Software Embedded Self-Management Capabilities
Cisco IOS XR System Monitoring Configuration Guide, Release 3.7 - Configuring and Managing Embedded Event Manager Policies on Cisco IOS XR Software
Cisco IOS XR System Monitoring Configuration Guide, Release 3.7 - Implementing Performance Management on Cisco IOS XR Software
Cisco IOS Software Releases 12.0 S - Component Outage On-Line (COOL) Measurement for the Cisco 12000
SNMP Instrumentation Techniques
CISCO-IP-URPF-MIB Support
URPF MIB
Network Management System: Best Practices White Paper
Syslog Instrumentation Techniques
Identifying Incidents Using Firewall and IOS Router Syslog Events
Lawful Intercept Instrumentation Techniques
Lawful Interception for 3GPP: Cisco Service Independent Intercept in the GGSN
Lawful Intercept Architecture
Cisco Service Independent Intercept Architecture Version 3.0
Cisco IOS Software Releases 12.0 S - Lawful Intercept on Cisco 12000 Series Router, ISE Line Cards
Cisco IOS Software Releases 12.2 SB - Lawful Intercept Architecture
Cisco 7600 Lawful Intercept Configuration Guide
