Self Defending Network Phases

The Self-Defending Network has three network phases that function together to provide a strong, secure network from the network layer up to the application layer. Here is some more information about each of the network phases:

■ Integrated security—Security throughout the existing infrastructure in which each network device acts as a point of defense. Hardware devices include routers, switches, wireless, and security appliances supporting firewalling, SSL VPN, IPsec VPN, and encrypted WAN communications.

■ Collaborative security—Security components that work together with an organization's security policies. Network Admission Control is an example of a control that allows access to endpoints only after they have passed authentication based on security policies.

■ Adaptive threat defense—Tools used to defend against security threats and varying network conditions. Application awareness defends against Internet-based attacks, and behavioral recognition defends against viruses, spyware, and DoS attacks. Network control provides monitoring functions and manages the security infrastructure, enabling tools for audits and analysis.

Additionally, other security services are contained in this framework, such as Cisco Security Agent, Cisco Trust Agent, NAC, and intrusion prevention. These Self-Defending Network products can be deployed independently or merged to allow for a more complete security solution.

Figure 14-2 illustrates the three Cisco Self-Defending Network phases and where various security technologies, mechanisms, and applications reside.

Figure 14-2 Self-Defending Network Phases

Figure 14-2 Self-Defending Network Phases

ADAPTIVE THREAT DEFENSE

IPsec VPN

ADAPTIVE THREAT DEFENSE

IvQl

SSL VPN

IPsec VPN

DDoS Mitigation

ASA and IPS

SSL VPN

Encrypted WAN Communications

INTEGRATED SECURITY

KHll toil

Encrypted WAN Communications

INTEGRATED SECURITY

AV Agent

AV Agent

ISR Routers

KHll toil

ISR Routers

Cisco Trust Agent

Cisco Security Agent

Network Access Control

COLLABORATIVE SECURITY

Cisco Trust Agent

Cisco Security Agent

Was this article helpful?

0 0

Post a comment