www.networkbulls.com
Best Institute for CCNA CCNP CCSP CCIP CCIE Training in India
M-44, Old Dlf, Sector-14 Gurgaon, Haryana, India
Call: +91-9654672192
The Cisco Self-Defending Network provides the most comprehensive security systems for securing the enterprise network from the threats of today and tomorrow.
Each location in the enterprise network has unique security requirements because concerns are different and vary by location. However, in most cases customizing network security solutions by functional area offers the best protection for the enterprise network.
The next sections examine some ways to use Cisco security systems in the campus, data center, and enterprise edge.
Implementing Security in the Campus
Security for the campus begins with remembering that you need to implement security throughout your network. Several technologies, protocols, solutions, and devices work together to provide the secure campus. Network security should be implemented in the core, distribution, and access layers and can be grouped into four broad categories:
- Threat detection and mitigation— NetFlow, Syslog, SNMP, RMON, CS-MARS, NIPS, and HIPS
- Infrastructure protection— AAA, TACACS, RADIUS, SSH, SNMP v3, IGP/EGP MD5, and Layer 2 security features
- Security management— CSM, CS-MARS, ACS
Figure 14-7 illustrates the use of Enterprise Campus Security and shows where security technologies, protocols, and mechanisms can be deployed in the enterprise campus.
Implementing Security in the Data Center
The Enterprise Data Center hosts critical servers and applications for the main campus and the branch offices. Many of the servers require high availability due to the importance of the information and the high volume of users they serve. Several of the servers may contain sensitive information that is crucial to the business and therefore cannot become compromised. Thus, it needs to be highly secured. Network performance is another area that is critically important, which can limit the choice of protection mechanisms and technologies. Here are some of the risks inherent with Enterprise Data Centers:
- Identity and access control— 802.1X, NAC, ACLs, and firewalls (FWSM/PIX)
- Threat detection and mitigation— NetFlow, Syslog, SNMP, RMON, NAM modules, IDS modules, CS-MARS NIPS, and HIPS
- Infrastructure protection— AAA, TACACS, RADIUS, SSH, SNMP v3, IGP/EGP MD5, and Layer 2 security features
- Security management— CSM, CS-MARS, IDM, and ACS
Figure 14-8 illustrates the use of Enterprise Data Center security and shows where security technologies, protocols, and mechanisms can be deployed in the Enterprise Data Center.
Implementing Security in the Enterprise Edge and WAN
The Enterprise Edge and WAN provide connectivity to other parts of your network over both private and public networks. It is important to consider the available security options when transferring data between locations and over WAN and Internet transports.
To provide adequate security protection between locations, organizations can implement the following:
- Identity and access control— Firewalls, IPsec, SSL VPN, ACLs, and Unicast RPF
- Threat detection and mitigation— NetFlow, Syslog, SNMP, RMON, NAM modules, IDS modules, CS-MARS NIPS, and HIPS
- Infrastructure protection— AAA, TACACS, RADIUS, SSH, SNMP v3, IGP/EGP MD5, RFC 2827 ingress filtering, and Layer 2 security features
- Security management— CSM, CS-MARS, IDM, and ACS
Figure 14-9 illustrates the use of Enterprise Edge and WAN Security, and where security technologies, protocols, and mechanisms can be deployed in the Enterprise Edge and WAN.
No comments:
Post a Comment