Catalyst Services Modules

The following are various security-related modules for the Cisco Catalyst 6500 Series switching platform (and some are also for the Cisco 7600 Series routers):

■ Cisco Catalyst 6500 Series FWSM: The Cisco FWSM is a high-speed, integrated firewall module for Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers. Up to four Cisco FWSMs can be installed in a single chassis, providing scalability up to 20 Gbps per chassis. The Cisco FWSM includes many advanced features, such as multiple security contexts at both the routed level and in bridging mode, helping reduce cost and operational complexity while managing multiple firewalls from the same management platform.

■ Cisco Catalyst 6500 Series Intrusion Detection System Services module 2 (IDSM-2): The

Cisco IDSM-2 is part of the Cisco IPS that works in concert with the other components to efficiently protect the data infrastructure. It supports both inline (IPS) mode and passive operation (IDS). Up to 500 Mbps of IDS and IPS inspection provides high-speed packet examination and allows for protection of a wider variety of networks and traffic.

■ Cisco Catalyst 6500 Series SSL Services module: The Cisco SSL Services module is an integrated services module for the Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers. It offloads processor-intensive tasks related to securing traffic with SSL, increases the number of secure connections supported by a website, and reduces the operational complexity of high-performance web server farms. Up to four Cisco SSL Services modules can be installed in each chassis.

■ Cisco IPsec VPN Shared Port Adapter (SPA): The Cisco IPsec VPN SPA delivers scalable and cost-effective VPN performance for Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers. Using the Cisco Services SPA Carrier-400, each slot of the Cisco Catalyst 6500 switch or Cisco 7600 router can support up to two Cisco IPsec VPN SPAs. Although the Cisco IPsec VPN SPA does not have physical WAN or LAN interfaces, it takes advantage of the breadth of LAN and WAN interfaces of each of the platforms.

■ Cisco Catalyst 6500/Cisco 7600 Traffic Anomaly Detector module: The Cisco Traffic Anomaly Detector module uses behavioral analysis and attack recognition technology to proactively detect and identify all types of online assaults. By constantly monitoring traffic destined for a protected device, such as a web or e-commerce server, the Cisco Traffic Anomaly Detector module compiles detailed profiles that indicate how individual devices behave under normal operating conditions. If the Cisco Traffic Anomaly Detector module detects any per-flow deviations from the profile, it considers the anomalous behavior a potential attack and responds based on user preference—by sending an operator alert to initiate a manual response, by notifying a management system, or by launching the Cisco Anomaly Guard Module to immediately begin mitigation services.

■ Cisco Catalyst 6500/Cisco 7600 Anomaly Guard module: A single Cisco Anomaly Guard module allows the platform to process attack traffic at gigabit-per-second line rates. The Cisco Anomaly Guard module employs a unique on-demand deployment model, diverting and scrubbing only traffic addressed to targeted devices or zones without affecting other traffic. Within the module, integrated multiple layers of defense enable it to identify and block malicious attack traffic while allowing legitimate transactions to continue flowing to their original destinations.

■ Cisco Catalyst 6500 Series NAM: The Cisco NAM provides visibility into all layers of network traffic by using Remote Monitoring 2 and other advanced management information bases. The Cisco NAM accesses the built-in Remote Monitoring (mini-RMON) features of the Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers to provide port-level traffic statistics at the MAC (data link) layer. It also delivers the intelligence required to analyze traffic flows for applications, hosts, conversations, and network-based services, such as QoS and VoIP.

Was this article helpful?

0 0

Post a comment