Implementing Security in the Enterprise Edge and WAN

The Enterprise Edge and WAN provide connectivity to other parts of your network over both private and public networks. It is important to consider the available security options when transferring data between locations and over WAN and Internet transports.

Here are some potential risk areas to keep in mind when moving data between locations:

■ Attackers obtain access to the network and compromise the confidentiality and integrity of sensitive information with eavesdropping or data manipulation.

■ Misconfiguration of the WAN network could cause inappropriate WAN configuration and unwanted connectivity.

Figure 14-8 Enterprise Data Center Security

Figure 14-8 Enterprise Data Center Security

To provide adequate security protection between locations, organizations can implement the following:

■ Identity and access control—Firewalls, IPsec, SSL VPN, ACLs, and Unicast RPF

■ Threat detection and mitigation—NetFlow, Syslog, SNMP, RMON, NAM modules, IDS modules, CS-MARS NIPS, and HIPS

■ Infrastructure protection—AAA, TACACS, RADIUS, SSH, SNMP v3, IGP/EGP MD5, RFC 2827 ingress filtering, and Layer 2 security features

■ Security management—CSM, CS-MARS, IDM, and ACS

Figure 14-9 illustrates the use of Enterprise Edge and WAN Security, and where security technologies, protocols, and mechanisms can be deployed in the Enterprise Edge and WAN.

Figure 14-9 Enterprise Edge and WAN Security

Figure 14-9 Enterprise Edge and WAN Security

Was this article helpful?

0 0

Post a comment