staff aaa
DESCRIPTION
Staff AAA. Radius is not an ISP AAA Option. RADIUS TACACS+ Kerberos. What to Configure?. Simple Staff Authentication and Failsafe. Simple Staff Authentication and Failsafe. Simple Staff Authentication and Failsafe. Staff Authentication. Staff Accountability & Audit. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/1.jpg)
Staff AAA
![Page 2: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/2.jpg)
Radius is not an ISP AAA Option
![Page 3: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/3.jpg)
RADIUS TACACS+ Kerberos
![Page 4: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/4.jpg)
What to Configure?
![Page 5: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/5.jpg)
Simple Staff Authentication and Failsafe
![Page 6: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/6.jpg)
Simple Staff Authentication and Failsafe
![Page 7: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/7.jpg)
Simple Staff Authentication and Failsafe
![Page 8: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/8.jpg)
Staff Authentication
![Page 9: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/9.jpg)
Staff Accountability & Audit
![Page 10: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/10.jpg)
Checkpoint with Authentication and Accounting
![Page 11: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/11.jpg)
Limit Authority – Authorize Commands
![Page 12: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/12.jpg)
Set Privileges
![Page 13: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/13.jpg)
Checkpoint with default Authorization
![Page 14: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/14.jpg)
Note on Privilege Levels and Authorization
![Page 15: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/15.jpg)
One Time Password – Checking the ID
![Page 16: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/16.jpg)
What is One Time Password
![Page 17: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/17.jpg)
DoS the AAA Infrastructure
![Page 18: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/18.jpg)
How to protect the AAA Servers?
![Page 19: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/19.jpg)
Source Routing
![Page 20: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/20.jpg)
ICMP Unreachable Overload
![Page 21: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/21.jpg)
ICMP Unreachable Overload
![Page 22: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/22.jpg)
ICMP Unreachable Overload
![Page 23: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/23.jpg)
ICMP Unreachable Rate-Limiting
![Page 24: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/24.jpg)
Tip: scheduler allocate
![Page 25: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/25.jpg)
Introducing a New Router tothe Network
![Page 26: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/26.jpg)
Introducing a New Router tothe Network
![Page 27: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/27.jpg)
Secure Template Sources
![Page 28: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/28.jpg)
Input Hold Queue
![Page 29: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/29.jpg)
Input Hold Queue
![Page 30: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/30.jpg)
Input Hold Queue
![Page 31: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/31.jpg)
What Ports Are open on the Router?
![Page 32: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/32.jpg)
What Ports Are open on the Router?
![Page 33: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/33.jpg)
What Ports Are open on the Router?
![Page 34: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/34.jpg)
Receive ACL - Overview
![Page 35: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/35.jpg)
Receive Adjacencies
![Page 36: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/36.jpg)
Receive ACL Command
![Page 37: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/37.jpg)
Receive ACL
![Page 38: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/38.jpg)
Receive Path ACL
![Page 39: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/39.jpg)
Packet Flow
![Page 40: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/40.jpg)
Receive ACL – Traffic Flow
![Page 41: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/41.jpg)
rACL Processing
![Page 42: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/42.jpg)
rACL – Required Entries
![Page 43: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/43.jpg)
rACL – Required Entries
![Page 44: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/44.jpg)
rACL – Building Your ACL
![Page 45: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/45.jpg)
Filtering Fragments
![Page 46: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/46.jpg)
rACL – Iterative Deployment
![Page 47: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/47.jpg)
Classification ACL Example
![Page 48: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/48.jpg)
rACL – Iterative Deployment
![Page 49: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/49.jpg)
rACL – Iterative Deployment
![Page 50: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/50.jpg)
rACL – Iterative Deployment
![Page 51: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/51.jpg)
rACL – Sample Entries
![Page 52: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/52.jpg)
rACL – Sample Entries
![Page 53: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/53.jpg)
rACL – Sample Entries
![Page 54: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/54.jpg)
Use Detailed Logging
![Page 55: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/55.jpg)
Core Dumps
![Page 56: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/56.jpg)
Core Dumps
![Page 57: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/57.jpg)
Routing Protocol Security Why to Prefix Filter and Overview? (Threats) How to Prefix Filter? Where to Prefix Filter? Prefix Filter on Customers Egress Filter to Peers Ingress Filter from Peers Protocol Authentication (MD5) BGP BCPs that help add Resistance
![Page 58: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/58.jpg)
Routing Protocol Security
![Page 59: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/59.jpg)
Malicious Route InjectionPerceive Threat
![Page 60: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/60.jpg)
Malicious Route InjectionReality – an Example
![Page 61: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/61.jpg)
Garbage in – Garbage Out: What is it?
![Page 62: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/62.jpg)
Garbage in – Garbage Out: Results
![Page 63: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/63.jpg)
Garbage in – Garbage Out: Impact
![Page 64: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/64.jpg)
Garbage in – Garbage Out: What to do?
![Page 65: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/65.jpg)
Malicious Route InjectionAttack Methods
![Page 66: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/66.jpg)
Malicious Route InjectionImpact
![Page 67: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/67.jpg)
What is a prefix hijack?
![Page 68: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/68.jpg)
Malicious Route InjectionWhat can ISPs Do?
![Page 69: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/69.jpg)
Malicious Route InjectionWhat can ISPs Do?
![Page 70: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/70.jpg)
Malicious Route InjectionWhat can ISPs Do?
![Page 71: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/71.jpg)
What can ISPs Do?Containment Egress Prefix Filters
![Page 72: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/72.jpg)
What can ISPs Do?Containment Egress Prefix Filters
![Page 73: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/73.jpg)
What can ISPs Do?Containment Egress Prefix Filters
![Page 74: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/74.jpg)
Malicious Route InjectionWhat can ISPs Do?
![Page 75: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/75.jpg)
How to Prefix Filter?Ingress and Egress Route Filtering
![Page 76: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/76.jpg)
Ingress and Egress Route Filtering
![Page 77: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/77.jpg)
Ingress and Egress Route Filtering
![Page 78: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/78.jpg)
Ingress and Egress Route Filtering
![Page 79: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/79.jpg)
Ingress and Egress Route Filtering
![Page 80: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/80.jpg)
Two Filtering Techniques
![Page 81: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/81.jpg)
Ideal Customer Ingress/Egress Route Filtering ….
![Page 82: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/82.jpg)
BGP Peering Fundamental
![Page 83: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/83.jpg)
Guarded Trust
![Page 84: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/84.jpg)
Where to Prefix Filter?
![Page 85: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/85.jpg)
Where to Prefix Filter?
![Page 86: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/86.jpg)
What to Prefix Filter? Documenting Special Use Addresses (DUSA) and Bo
gons
![Page 87: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/87.jpg)
Documenting Special Use Addresses (DUSA)
![Page 88: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/88.jpg)
Documenting Special Use Addresses (DUSA)
![Page 89: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/89.jpg)
Documenting Special Use Addresses (DUSA)
![Page 90: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/90.jpg)
Bogons
![Page 91: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/91.jpg)
Ingress Prefix Filter Template
![Page 92: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/92.jpg)
Ingress Prefix Filter Template
![Page 93: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/93.jpg)
Prefix Filters on Customers
![Page 94: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/94.jpg)
BGP with Customer Infers Multihoming
![Page 95: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/95.jpg)
Receiving Customer Prefixes
![Page 96: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/96.jpg)
Receiving Customer Prefixes
![Page 97: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/97.jpg)
Excuses – Why providers are not prefix filtering customers.
![Page 98: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/98.jpg)
What if you do not filter your customer?
![Page 99: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/99.jpg)
What if you do not filter your customer?
![Page 100: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/100.jpg)
Prefixes to Peers
![Page 101: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/101.jpg)
Prefixes to Peers
![Page 102: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/102.jpg)
Egress Filter to ISP Peers - Issues
![Page 103: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/103.jpg)
Policy Questions
![Page 104: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/104.jpg)
Ingress Prefix Filtering fromPeers
![Page 105: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/105.jpg)
Ingress Routes from Peers or Upstream
![Page 106: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/106.jpg)
Receiving Prefixes from Upstream & Peers (ideal case)
![Page 107: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/107.jpg)
Receiving Prefixes — Cisco IOS
![Page 108: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/108.jpg)
Net Police Route Filtering
![Page 109: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/109.jpg)
Net Police Route Filtering
![Page 110: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/110.jpg)
Net Police Filter Technique #1
![Page 111: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/111.jpg)
Technique #1 Net Police Prefix List
![Page 112: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/112.jpg)
Net Police Prefix List Deployment Issues
![Page 113: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/113.jpg)
Technique #2 Net Police Prefix List Alternative
![Page 114: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/114.jpg)
Technique #2 Net Police Prefix List Alternative
![Page 115: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/115.jpg)
Net Police Filter – Technique #3
![Page 116: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/116.jpg)
Technique #3 Net Police Prefix List
![Page 117: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/117.jpg)
Net Police Filter – Technique #3
![Page 118: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/118.jpg)
Bottom Line
![Page 119: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/119.jpg)
Secure RoutingRoute Authentication
![Page 120: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/120.jpg)
Plain-text neighbor authentication
![Page 121: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/121.jpg)
MD-5 Neighbor Authentication: Originating Router
![Page 122: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/122.jpg)
MD-5 Neighbor Authentication: Originating Router
![Page 123: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/123.jpg)
Peer Authentication
![Page 124: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/124.jpg)
Peer Authentication
![Page 125: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/125.jpg)
OSPF Peer Authentication
![Page 126: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/126.jpg)
OSPF and ISIS Authentication Example
![Page 127: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/127.jpg)
BGP Peer Authentication
![Page 128: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/128.jpg)
BGP Peer Authentication
![Page 129: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/129.jpg)
BGP MD5’s Problem
![Page 130: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/130.jpg)
BGP BCPs That Help Build Security Resistance
![Page 131: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/131.jpg)
BGP Maximum Prefix Tracking
![Page 132: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/132.jpg)
BGP Maximum Prefix Tracking
![Page 133: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/133.jpg)
BGP Maximum Prefix Tracking
![Page 134: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/134.jpg)
Avoid Default Routes
![Page 135: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/135.jpg)
Network with Default Route – Pointing to Upstream A
![Page 136: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/136.jpg)
Network with Default Route – But not Pointing to Upstream
![Page 137: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/137.jpg)
Network with No Default Route
![Page 138: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/138.jpg)
Default Route and ISP Security - Guidance
![Page 139: Staff AAA](https://reader036.vdocument.in/reader036/viewer/2022062519/56814df9550346895dbb6789/html5/thumbnails/139.jpg)
Default to a Sink-Hole Router/Network