Chapter 14: Network security
The information in this section helps you to design and implement a secure network.
You must provide security mechanisms to prevent your network from attack. If links become congested
due to attacks, you can immediately halt end-user services. During the design phase, study availability
issues for each layer. For more information, see
redundancy, all services can be brought down.
To provide additional network security, you can use the Avaya Contivity VPN product suite, the Shasta
5000 BSN, or the Ethernet Routing Switch Firewall and Intrusion Sensor. They offer differing levels of
protection against Denial of Service (DoS) attacks through either third party IDS partners, or through their
own high-performance stateful firewalls.
Navigation
•
DoS protection mechanisms
•
Damage prevention
•
Security and redundancy
•
Data plane security
•
Control plane security
•
For more information
DoS protection mechanisms
The Ethernet Routing Switch is protected against Denial-of-Service (DoS) attacks by several
internal mechanisms and features.
DoS protection mechanisms navigation
•
Broadcast and multicast rate limiting
•
Directed broadcast suppression
•
Prioritization of control traffic
Planning and Engineering — Network Design
Redundant network design
on page 249
on page 252
on page 255
on page 255
on page 262
on page 272
on page 250
on page 250
on page 250
on page 55. Without
November 2010
249