Cisco DNCS System Release 2.7 3.7 4.2 デザインガイド
4000358 Rev B
Security Recommendations for the DBDS Network in a DOCSIS Environment
3-11
DBDS Network Security
Introduction
This section provides a list of recommendations for the cable service provider to use
to implement network security in their DBDS. The cable service provider may decide
to implement packet filtering wherever they choose based on their network
topology.
Because several of the security recommendations relate to each other, we assigned
Because several of the security recommendations relate to each other, we assigned
numbers to each recommendation for ease of reference. The recommendations are
numbered in increments of 10 to allow for growth as new recommendations are
added.
The way the cable service provider implements these recommendations can vary
The way the cable service provider implements these recommendations can vary
because each network topology is different and has its own unique features. This
section provides security recommendations for Data Paths 1 through 10.
Data Path 1: Communication Between End-User Devices and DOCSIS Servers
Cisco recommends the following security measures for Data Path 1.
# 40
Configure Router 2 to allow IP traffic between:
•
# 40
Configure Router 2 to allow IP traffic between:
•
Registered integrated cable modems and DOCSIS servers
•
DHCT CPE and DHCP servers
•
Unsubscribed PC CPE and DOCSIS servers
# 50
Configure Router 2 to deny IP traffic between registered integrated cable modems
Configure Router 2 to deny IP traffic between registered integrated cable modems
and non-DOCSIS servers.