Home > Articles > Cisco Network Technology > Security > IP Network Traffic Plane Security Concepts

IP Network Traffic Plane Security Concepts

Chapter Description

This chapter introduces the concepts of defense in depth and breadth as applied to IP traffic plane security.

Review Questions

  1. Briefly describe the meaning of depth as referred to by the concept of defense in depth and breadth as applied to network security.

  2. Briefly describe the meaning of breadth as referred to by the concept of defense in depth and breadth in network security.

  3. True or False: Adding additional layers of defense always improves the overall security of the network.

  4. True or False: To protect a service, protection may be required both within the services plane and in protection of the services plane to fully mitigate the risk of attacks against a service.

  5. Which of the following interfaces are defined as logical interfaces?

    1. Loopback interface
    2. Receive interface
    3. Out-of-band (OOB) interface
    4. Null0 interface
    5. Tunnel interface
  6. True or False: In an enterprise environment, the IGP carries all network reachability information, including user address space and network infrastructure address space.

  7. Briefly describe how the security policies for the enterprise edge and SP Internet edge differ.

  8. True or False: In an SP default route-free core, transit traffic can never impact the internal network interfaces.

  9. True or False: In an MPLS VPN core network, PE routers isolate the core P routers from direct attack by hiding core addresses from customer traffic through VRF separation.

6. Further Reading | Next Section Previous Section