Deploying Security in the Enterprise Campus

Consider an organization that has experienced several incidents in which laptop users on the campus network have brought in viruses from home, some users have attempted to intercept network traffic, and some interns have tried to hack the network infrastructure. To manage the risks, the organization implements identity and access control solutions, threat detection and mitigation solutions, infrastructure protection, and security management. Figure 10-21 illustrates where various security technologies might be deployed within the Enterprise Campus.

Figure 10-21 Security in the Enterprise Campus

Cisco Security Agent

Cisco Security Agent

802.1X

Layer 2 Security

Appliance

II I

! ■

( < ' i m

1

Ell

i 1

II I

Cisco Security Manager

Cisco Security MARS

Cisco Security Manager

Cisco Security MARS

802.1X

Layer 2 Security

ACLs

Cisco FWS Cisco IDSM NetFlow, Syslog, SNMPv3

Identity and access control technologies include the following:

■ 802.1X port security and/or NAC for user endpoints

■ NAC appliances

■ ACLs on Cisco IOS devices

■ Firewalls (for example, Cisco FWSM) provide stateful inspection and application inspection Threat detection and mitigation technologies include the following:

■ HIPS (for example, the Cisco Security Agent)

■ Cisco Security MARS

■ Cisco Security Manager

Infrastructure protection technologies include the following:

■ IGP or EGP MD5 routing protocol security

■ Layer 2 security features

Security management technologies include Cisco Security MARS and Cisco Security Manager.

Deploying Security in the Enterprise Data Center

The organization's data center hosts servers for the main campus network and branch offices. These servers contain the enterprise's most sensitive information and are available to a large number of users. Network performance is a critically important issue, which sometimes limits the choice of protection mechanisms. Some specific risks in the data center include direct compromise of exposed applications and unauthorized access to data, and compromise of other hosts from compromised servers in this module.

To provide security, the organization implements identity and access control solutions, threat detection and mitigation solutions, infrastructure protection, and security management. Figure 10-22 illustrates where various security technologies might be deployed within the Enterprise Data Center.

Figure 1D-22 Security in the Enterprise Data Center

Cisco Security Manager

Cisco Security MARS

Cisco Security Manager

Cisco Security MARS

ACLs

Cisco FWSM Cisco IDSM NetFlow, Syslog,

Layer 2 Security

Was this article helpful?

0 0
Project Management Made Easy

Project Management Made Easy

What you need to know about… Project Management Made Easy! Project management consists of more than just a large building project and can encompass small projects as well. No matter what the size of your project, you need to have some sort of project management. How you manage your project has everything to do with its outcome.

Get My Free Ebook


Post a comment