Security is a critical attribute of networking devices. Security features are split into two main areas:
Control path—protects the access to the device from a management perspective.
Data path—protects the network from malicious users by controlling access authorization to the network resources (such as servers and stations). This protection is primarily accomplished by using filters or access lists.
You can protect the control path using the following mechanism:
logon and passwords
access policies to specify the network and address that can use a service or daemon
secure protocols, such as Secure Shell (SSH), Secure Copy (SCP), and the Simple Network Management Protocol version 3 (SNMPv3)
the Message Digest 5 Algorithm (MD5) to protect routing updates, Open Shortest Path First (OSPF), and Border Gateway Protocol (BGP)
You can protect the data path using the following mechanism
Media Access Control (MAC) address filtering
Layer 3 filtering, such as Internet Protocol (IP) and User Datagram Protocol (UDP)/Transmission Control Protocol (TCP) filtering
routing policies to prevent users from accessing restricted areas of the network
mechanisms to prevent denial-of-service (DOS) attacks