Security is a top consideration whenever planning a network. In the past, the one device that would come to mind for network security was the firewall. A firewall by itself is no longer adequate for securing a network. An integrated approach involving firewall, intrusion prevention, and VPN is necessary.
An integrated approach to security, and the necessary devices to make it happen, follows these building blocks:
Threat control-Regulates network access, isolates infected systems, prevents intrusions, and protects assets by counteracting malicious traffic, such as worms and viruses. Devices that provide threat control solutions are:
Cisco ASA 5500 Series Adaptive Security Appliances
Secure communications-Secures network endpoints with VPN. The devices that allow an organization to deploy VPN are Cisco ISR routers with Cisco IOS VPN solution, and the Cisco 5500 ASA and Cisco Catalyst 6500 switches.
Network admission control (NAC)-Provides a roles-based method of preventing unauthorized access to a network. Cisco offers a NAC appliance.
Cisco IOS Software on Cisco Integrated Services Routers (ISRs)
Cisco provides many of the required security measures for customers within the Cisco IOS software. Cisco IOS software provides built-in Cisco IOS Firewall, IPsec, SSL VPN, and IPS services.
Cisco ASA 5500 Series Adaptive Security Appliance
At one time, the PIX firewall was the one device that a secure network would deploy. The PIX has evolved into a platform that integrates many different security features, called the Cisco Adaptive Security Appliance (ASA). The Cisco ASA integrates firewall, voice security, SSL and IPsec VPN, IPS, and content security services in one device.
Cisco IPS 4200 Series Sensors
For larger networks, an inline intrusion prevention system is provided by the Cisco IPS 4200 series sensors. This sensor identifies, classifies, and stops malicious traffic on the network.
Cisco NAC Appliance
The Cisco NAC appliance uses the network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources.
Cisco Security Agent (CSA)
Cisco Security Agent software provides threat protection capabilities for server, desktop, and point-of-service (POS) computing systems. CSA defends these systems against targeted attacks, spyware, rootkits, and day-zero attacks.
In-depth coverage of these appliances is beyond the scope of this course. Refer to the CCNP: Implementing Secure Converged Wide-area Networks and the Network Security 1 and 2 courses for more information.
An integrated approach to security, and the necessary devices to make it happen, follows these building blocks:
Threat control-Regulates network access, isolates infected systems, prevents intrusions, and protects assets by counteracting malicious traffic, such as worms and viruses. Devices that provide threat control solutions are:
Cisco ASA 5500 Series Adaptive Security Appliances
- Integrated Services Routers (ISR)
- Network Admission Control
- Cisco Security Agent for Desktops
- Cisco Intrusion Prevention Systems
Secure communications-Secures network endpoints with VPN. The devices that allow an organization to deploy VPN are Cisco ISR routers with Cisco IOS VPN solution, and the Cisco 5500 ASA and Cisco Catalyst 6500 switches.
Network admission control (NAC)-Provides a roles-based method of preventing unauthorized access to a network. Cisco offers a NAC appliance.
Cisco IOS Software on Cisco Integrated Services Routers (ISRs)
Cisco provides many of the required security measures for customers within the Cisco IOS software. Cisco IOS software provides built-in Cisco IOS Firewall, IPsec, SSL VPN, and IPS services.
Cisco ASA 5500 Series Adaptive Security Appliance
At one time, the PIX firewall was the one device that a secure network would deploy. The PIX has evolved into a platform that integrates many different security features, called the Cisco Adaptive Security Appliance (ASA). The Cisco ASA integrates firewall, voice security, SSL and IPsec VPN, IPS, and content security services in one device.
Cisco IPS 4200 Series Sensors
For larger networks, an inline intrusion prevention system is provided by the Cisco IPS 4200 series sensors. This sensor identifies, classifies, and stops malicious traffic on the network.
Cisco NAC Appliance
The Cisco NAC appliance uses the network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources.
Cisco Security Agent (CSA)
Cisco Security Agent software provides threat protection capabilities for server, desktop, and point-of-service (POS) computing systems. CSA defends these systems against targeted attacks, spyware, rootkits, and day-zero attacks.
In-depth coverage of these appliances is beyond the scope of this course. Refer to the CCNP: Implementing Secure Converged Wide-area Networks and the Network Security 1 and 2 courses for more information.
1 comments:
Nice reivue to sharing about the cisco(common security appliances applications).CSA CNAC good topic to learning,web hosting review
Post a Comment