Presentation - Cisco Knowledge Network
Presentation - Cisco Knowledge Network
Presentation - Cisco Knowledge Network
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Enhanced Router Authentication / ConfidentialityProblems today:• MD5 Authentication is dated, soft,control plane intensive and rarely used.• More powerful algorithms available• IPSec deployment is limitedSolutions:• TCP-AO: TCP Authentication Object• TCP-AO extends The md5 technology to support timebasedkey rollover and multiple hashing algorithms.• The goal is to use the update the key that is used tocreate a message digest for each TCP segment.• Based upon the perceived threat level the operator canselect the hashing algorithm to create the messagedigest.ISP3 ISP2 ISP1ISP4RoutingAuthenticationapprovedRoutingAuthenticationdenied!Attack© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. 29