per http://www.infosecurityproductsguide.com/features/622006011601.html ........
"Each router plane requires its own protective tools:
"Data plane protection requires detecting traffic anomalies and responding to attacks in real time. Some of the tools associated with securing the data plane are NetFlow, IP Source Tracker, access control lists (ACLs), Unicast Reverse Path Forwarding (uRPF), Remotely Triggered Blackhole (RTBH) Filtering, and quality-of-service (QoS) tools.
Control plane protection calls for a defense-in-depth approach to routing control. Some of the tools for securing the control plane are Receive ACL (rACL) and Control Plane Policing (CoPP).
Management plane protection allows secure, continuous management of Cisco IOS Software-based network infrastructure. Among the tools for securing the management plane are CPU and memory thresholding and dual export syslog. "
You may also want to look into the following:
http://csrc.nist.gov/checklists/docs/ios-sample-resolved.html
http://aharp.ittns.northwestern.edu/papers/copp.html
http://www.cisco.com/en/US/products/ps6642/prod_white_papers_list.html
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s18/gtrtlimt.htm
http://www.cisco.com/en/US/products/ps6642/products_ios_protocol_group_home.html