Which four techniques can you use for IP data plane security? (Choose four.)
The IP data plane is responsible for forwarding data packets through the network. To secure this plane, there are various techniques that can be employed to ensure that the packets are delivered to the correct destination and that they have not been tampered with or compromised in any way. The four techniques that can be used for IP data plane security are:
A. Control Plane Policing (CoPP): This technique is used to protect the control plane from denial of service (DoS) attacks. CoPP is a feature that enables the router to differentiate between control plane traffic (management traffic) and data plane traffic (user traffic). Once traffic is identified as control plane traffic, policing can be applied to limit the amount of traffic that can be received by the router. This technique can prevent attackers from overloading the router's control plane and causing it to fail.
B. Interface ACLs: This technique involves the use of access control lists (ACLs) on interfaces to permit or deny traffic. These ACLs can be used to filter traffic based on source and destination IP addresses, protocols, and ports. By using interface ACLs, you can restrict traffic to only what is required for the network to function properly, while blocking unnecessary traffic and known threats.
C. Unicast Reverse Path Forwarding (uRPF): This technique is used to prevent spoofed IP packets from entering the network. uRPF checks the source IP address of incoming packets against the routing table to verify that the packet arrived on the expected interface. If the packet arrived on a different interface than expected, it is considered to be spoofed and is dropped. This technique can prevent attackers from sending packets with a false source IP address to bypass security measures.
D. MD5 authentication: This technique is used to authenticate routing protocol updates to prevent unauthorized updates from being accepted. MD5 authentication generates a hash value for the routing updates, which is sent along with the update. The receiving router then calculates the hash value and compares it to the value sent with the update. If the values match, the update is accepted. If the values do not match, the update is dropped. This technique can prevent attackers from injecting false routing updates into the network.
E. Flexible Packet Matching (FPM): This technique is used to classify and mark packets for QoS and other purposes. FPM allows the router to match on more than just the traditional IP header fields, including Layer 4 protocol and application-specific fields. This technique can be used to identify and prioritize traffic based on its characteristics, such as VoIP traffic or video traffic.
F. Quality of Service (QoS): This technique is used to ensure that critical traffic is given priority over non-critical traffic. QoS can be used to control network congestion, reduce packet loss, and ensure that traffic meets performance requirements. This technique can be used to ensure that business-critical applications, such as VoIP or video, receive the necessary bandwidth and priority they need to function properly.
In summary, the four techniques that can be used for IP data plane security are Control Plane Policing, Interface ACLs, Unicast Reverse Path Forwarding, and MD5 authentication. FPM and QoS are also important techniques for network security, but they are not specifically related to IP data plane security.