The three planes which are defined by Cisco NFP (Network Foundation Protection) are Management plane, Control plane and Data plane. Management plane, Control plane and Data plane must be well protected to ensure business continuity and prevent external attacks to the organization's network infrastructure devices. Cisco NFP (Network Foundation Protection) framework provides the technologies and tools which are required to secure Management plane, Control plane and Data plane. Following list are the important Tools and Technologies to protect Management Plane.
Password and access policy: Proper Access and password policies must be implemented. Restrict the network device access only to the required personals. Insecure network protocols like telnet must be disabled.
RBAC (Role-based Access Control): RBAC (Role-based Access Control) is an authentication method for regulating access to network infrastructure devices based on the roles of individual users within an enterprise. RBAC (Role-based Access Control), access must be given only to the authenticated users. Cisco AAA (Authentication, Authorization, and Accounting) based technologies provide better mechanisms to effectively authenticate access.
Authorization: After authentication, all the actions of a user inside the network infrastructure devices must authorized. Cisco AAA (Authentication, Authorization, and Accounting) based technologies provide better mechanisms to effectively authorization.
Accounting: After authentication authorization, all the actions of a user must be accounted. Accounting create records for who accessed the device, what occurred, and when it occurred.
Confidentiality of data: All the network traffic (moving data) and stored data must be protected from unauthorized access. Always remember to disable unsecure network protocols for management (Example telnet). Always use management protocols with strong authentication to prevent confidentiality attacks. Example of secure network management protocol is Secure Shell (SSH). Enable Secure Shell (SSH) in all network devices.