Security
7705 SAR OS System Management Guide Page 43
• multiple options
• option present
• source IP
• source port
•TCP ACK
•TCP SYN
To avoid DoS-like attacks overwhelming the control plane while ensuring that critical
control traffic such as signaling is always serviced in a timely manner, the 7705 SAR has
three queues (High, Low, and Ftp) for handling packets addressed to the CSM:
• High – handles all important messaging, such as network management and signaling
links
• Low – handles lower-importance messages, such as pings
• Ftp – handles bulk file transfers, such as new software image downloads
These queues are fixed use (each queue handles a certain type of traffic, which is not user-
configurable) and fixed configuration (each queue is configured for particular rates and
buffering capacity and is not user-configurable).
Exponential Login Backoff
A malicious user can gain CLI access via a dictionary attack: using a script to try "admin"
with any password.
The 7705 SAR increases the delay between login attempts exponentially to mitigate attacks.
It is applied to the console login. SSH and Telnet sessions terminate after four attempts.
Encryption
Data Encryption Standard (DES) and Triple DES (3DES) are supported for encryption.
• DES is a widely used method of data encryption using a private (secret) key. Both
the sender and the receiver must know and use the same private key.
• 3DES is a more secure version of the DES protocol.
To Next Page
Loading...
