Which three basic security measures are used to harden MSDP? (Choose three.)
Click on the arrows to vote for the correct answer
A. B. C. D. E.ABC.
MSDP (Multicast Source Discovery Protocol) is used to distribute information about active multicast sources between PIM-enabled (Protocol Independent Multicast) routers in different multicast domains. To harden MSDP, the following three basic security measures can be used:
A. MSDP SA filters: MSDP SA (Source Active) filters are used to filter multicast source information that is received from MSDP peers. By implementing MSDP SA filters, only the specific multicast sources that are allowed in the filter list will be received from the peer. This measure prevents unauthorized multicast traffic from entering the network.
B. MSDP state limitation: MSDP state limitation is used to limit the amount of multicast source information that is stored in the MSDP state table. By limiting the number of multicast sources, the router's processing and memory resources are conserved, and the risk of Denial of Service (DoS) attacks is reduced.
C. MSDP MD5 neighbor authentication: MSDP MD5 neighbor authentication is used to authenticate the MSDP neighbor routers. By implementing MD5 authentication, only authenticated peers are allowed to exchange MSDP messages, and it prevents unauthorized peers from spoofing the MSDP messages.
D. MSDP neighbor limitation: MSDP neighbor limitation is used to limit the number of MSDP neighbors that a router can have. By limiting the number of MSDP neighbors, the router's processing and memory resources are conserved, and the risk of DoS attacks is reduced.
E. Loopback interface as MSDP originator-ID: MSDP originator-ID is used to identify the source of the multicast information that is received from MSDP peers. By configuring the loopback interface as the MSDP originator-ID, the source of the multicast information can be identified even if the physical interface fails or changes.
In conclusion, the three basic security measures used to harden MSDP are MSDP SA filters, MSDP state limitation, and MSDP MD5 neighbor authentication. MSDP neighbor limitation and using loopback interface as MSDP originator-ID are also important measures to conserve the router's processing and memory resources and identify the source of multicast information.