ccamp-9----Page:7
1 2 3 4 5 6 7 8 9 10
|
7 Changes in 01 draft (2) Structure change: in defensive techniques, discussed Authentication before Cryptographic techniques. Refer to the recent work in ISMS WG (Integrated Security Model for SNMP WG) to define how to use SSH to secure SNMP (due to the limited deployment of SNMPv3) Handling DoS attacks has become increasingly important. Useful guidelines include the following: 1. Perform ingress filtering everywhere. Upstream prevention is better. 2. Be able to filter DoS attack packets at line speed. 3. Do not allow oneself to amplify attacks. 4. Continue processing legitimate traffic. Over-provide for heavy loads. Use diverse locations, technologies, etc. Editorial changes No changes in scope |