Cisco Self-Defending Network Best CCNP Bootcamp Training Center in Gurgaon

Network Bulls
www.networkbulls.com
Best Institute for CCNA CCNP CCSP CCIP CCIE Training in India
M-44, Old Dlf, Sector-14 Gurgaon, Haryana, India
 Call: +91-9654672192

The Self-Defending Network is Cisco's strategy for securing an organization's business by identifying, preventing, and adapting to security threats. This level of protection allows organizations to make better use of their network resources, thus improving business processes and increasing revenue.

Operational management and policy control serves as a component of the Self-Defending Network to establish security policies that in turn enforce security access levels. In addition, this serves as the basis for the secure transport of data communications throughout the network.

Security must be fully integrated into all components of the network using advanced technologies and services to protect assets, respond to threats, and ensure confidentiality. The Cisco Self-Defending Network has defined three critical components:

• Trust and identity management— Securing critical assets
• Threat defense— Responding to the effects of security outbreaks
• Secure connectivity— Ensuring privacy and confidentiality of data communications

The underlying foundation of the Cisco Self-Defending Network is the secure network. The Cisco SDN provides transport for all the far-reaching security features and services. These feature and service elements are controlled by the operational management, and the policy control is governed by the organization.

Figure 14-1 shows the Cisco Self-Defending Network framework and how the three critical components tie to management, policy, and the secure network foundation.

Network Security Platforms

Network security starts with having a secure underlying network. The underlying network provides an ideal place to implement core and advanced security solutions. The center of these secure network solutions includes the Adaptive Security Appliances (ASA), Integrated Services Routers (ISR), and Cisco Catalyst switches that have integrated security embedded in them. These are highly intelligent network security devices with many built-in security features that provide a framework for incorporating security throughout the network. Here is a description of some important security device platforms:

• Adaptive Security Appliance (ASA) is a high-performance firewall appliance with intrusion prevention system (IPS), antivirus, IPsec, and SSL VPN technologies integrated into a single unified architecture. ASA also has embedded Network Admission Control (NAC) capabilities.
• Integrated Services Router (ISR) combines IOS firewall, VPN, and IPS services across the router portfolio, which enables new security features on existing routers. ISR routers also have NAC enabled.
• Cisco Catalyst switches include denial of service (DoS) and man-in-the-middle attack mitigations, integrate the use of service modules for high protection, and provide for secure connectivity.

Self-Defending Network Phases

The Self-Defending Network has three network phases that function together to provide a strong, secure network from the network layer up to the application layer. Here is some more information about each of the network phases:

• Integrated security— Security throughout the existing infrastructure in which each network device acts as a point of defense. Hardware devices include routers, switches, wireless, and security appliances supporting firewalling, SSL VPN, IPsec VPN, and encrypted WAN communications.
• Collaborative security— Security components that work together with an organization's security policies. Network Admission Control is an example of a control that allows access to endpoints only after they have passed authentication based on security policies.
• Adaptive threat defense— Tools used to defend against security threats and varying network conditions. Application awareness defends against Internet-based attacks, and behavioral recognition defends against viruses, spyware, and DoS attacks. Network control provides monitoring functions and manages the security infrastructure, enabling tools for audits and analysis.

Additionally, other security services are contained in this framework, such as Cisco Security Agent, Cisco Trust Agent, NAC, and intrusion prevention. These Self-Defending Network products can be deployed independently or merged to allow for a more complete security solution.

Figure 14-2 illustrates the three Cisco Self-Defending Network phases and where various security technologies, mechanisms, and applications reside.