S

SAINT (Security Administrator's Integrated

Network Tool), 657 sampling, converting analog signals to digital, 480

scalability (servers)

EIGRP, 449

Enterprise Center networks, 276 integrated IS-IS, 455 OSPF, 452 scanners (vulnerability) MBSA, 657 Nessus, 656

reconnaissance attacks, 656-657 SAINT, 657

scanning (port), 656

scattering (RF), 567

Scavenger class (QoS), 359

SCCP (Skinny Client Control Protocol), voice conversation protocols, 516 schedules, organizational constraints (network design methodologies), 79 scope (network design methodologies)

addressing, 69-70 IPv6 addresses, 408-409

SDM (Security Device Manager), 687, 698 SDSL (Symmetric DSL), 304 SDU (Service Data Units), 857 Secure ACS (Access Control Server), Self-

Defending Networks, 699 secure connectivity (Self-Defending Networks), 691

data integrity, 695-697 encryption, 692-693 IPsec VPN, 693 SSL VPN, 693

transmission confidentiality, 693-695

Secure step (network security policies), 667 secure voice, 701 security, 651

availability (system/data), 655

confidentiality (data), 655

cracking, 653

cryptography, 694-695

DES, Self-Defending Networks, 695

digital signatures, 695

DoS attacks, 655-659

Enterprise Campus network deployments,

706-707 Enterprise Data Center network deployments, 708 Enterprise Edge network deployments,

709-711 integrated security, 699 ASA, 702

catalyst services modules, 703-705

Content Engine Network Module, 701

endpoint solutions, 705

high-performance AIM, 701

IOS AAA, 701

IOS Firewalls, 700

IOS IPS, 700

IOS IPsec, 700

IOS routers, 700-701

IPS, 702-703 NAM, 701 NM-CIDS, 701 PIX security appliances, 702 secure voice, 701 VPN acceleration, 701 VPN concentrators, 702 integrity (data), 655 legislation, 652-653 malware, 654

management (Self-Defending Networks), 697-699

network design considerations, 661, 664 phishing, 654 policies, 662-664

Acceptable Use of Network documents, 667 development of, 667-668 documenting, 666-667 Improve step, 668 Incident Handling Policies, 667 Monitor step, 667

Network Access Control Policies, 667 Secure step, 667

Security Management Policies, 667 Test step, 668 reconnaissance attacks, 654-657 requirements, 652 risk assessments, 663-665 confidentiality attacks, 659-660 indexes, 665

integrity violations, 659-660 Self-Defending Network, 669 access control, 677, 681-682 ACL, 677-679

Adaptive Threat Defense phase, 671 ASA, 670

authentication, 681-682 Cisco Catalyst switches, 670 Collaborative Security Systems phase, 671

firewalls, 678-681

IBNS, 678-680

identity, 674-676, 681-682

IEEE 802.1X, 678-680

Integrated Security phase, 671

NAC, 678-679

routers, 670

secure connectivity, 691-697

secure network platforms, 670 security management, 697-699 Threat Defense System, 683-690 trust, 672-673 social engineering, 654 spam, 654 spyware, 654 Trojan horses, 653

unauthorized system access, 655-657 viruses, 653

WLAN, 580-581, 585-587 Security Management Policies, 667 Security Manager, Self-Defending Networks, 698

Security MARS, Self-Defending Networks, 698

security services (Enterprise Architecture)

external security threats, 166-168 high availability services, 169 internal security, 162-166 segments, 8, 19, 856 selective ACK, 325 Self-Defending Network, 669

access control, 677, 681-682 ACL, 677-679

Adaptive Threat Defense phase, 671 ASA, 670

authentication, 681-682 Cisco Catalyst switches, 670 Collaborative Security Systems phase, 671 firewalls authentication, 681 filtering via ACL, 678-679 IBNS, 678-680 identity, 674

authentication, 675 deployment, 681-682 passwords, 675-676 tokens, 676 IEEE 802.1X, 678, 680 Integrated Security phase, 671 NAC, 678-679 routers, 670

secure connectivity, 691 data integrity, 695-697 encryption, 692-693 IPsec VPN, 693 SSL VPN, 693

transmission confidentiality, 693-695

secure network platforms, 670 security management, 697 ASDM, 698

CiscoWorks Management Center for

Cisco Security Agents, 699 IDM, 699 SDM, 698 Secure ACS, 699 Security Manager, 698 Security MARS, 698 Threat Defense System infrastructure protection, 686-688 physical security, 683-685 threat detection/mitigation, 688-690 trust, 672-673 Self-Defending Networks, two-factor authentication, 676 self-deployed MPLS, WAN, 346 self-healing AP (Access Points), UWN, 613 semi-directional antennas (WLAN), 570 sequencing TCP, 22

serialization delays, voice networks, 523 Server Farm module

Campus Infrastructure module, 180 Enterprise Architecture, 149, 170-172 Enterprise Campus networks, 264-267 server farms, client-server farm applications,

224-225 servers call agents (MGCP), 521 density, Enterprise Data Center networks, 276

proxy servers, SIP, 518 redirect servers, SIP, 518 registrar servers, SIP, 518 scalability, Enterprise Center networks, 276 service-port interfaces (WLC), 591 Service Provider modules (Enterprise Architecture), 155

Frame Relay/ATM module, 156-157 Internet Service Provider module, 156 PSTN module, 156 service providers, 848 service users, 848 services planned services, network design methodologies, 73-74 WAN services, 293 session layer (OSI model), 9, 853

shadow PVC, WAN, 340 shaping traffic (bandwidth) voice networks, 539 WAN design, 330-331 shared WAN, 321-322 show access-lists command, 841-842 show commands, 866-867 show ip access-list command, 842 show ip cache flow command, 100 show processes cpu command, 91 show processes memory command, 92-93 signatures (digital), 695 simulation tools/services, top-down design

(network design methodologies), 114 single-mode fiber cabling, Enterprise Campus networks, 232 single-pair DSL. See SDSL SIP (Session Initiation Protocol), 518-519 site contact forms (network design methodologies), 84-85 site surveys (RF), UWN, 615

defining customer requirements, 616 documenting findings, 621 identifying coverage areas, 617-618 identifying preliminary AP locations, 618-619

identifying user density, 617-618 performing, 619-620 process overview, 616

SLA (Service Level Agreements), WAN, 294 small branch office architectures (Enterprise Branch architectures), WAN architectures, 356

ISR connections, 357 network services, 358 QoS classes, 358-359 switch connections, 357 WAN services, 358 Sniffer mode (lightweight AP), 601 SNMP (Simple Network Management Protocol), 187-188 SNMPv1, 189-190 SNMPv2, 190 SNMPv3, 191

snooping (DHCP), DoS attacks, 658 SOA (Service-Oriented Architectures),

Enterprise Data Center networks, 271 social engineering, 654

software queues

CBWFQ, 328 CQ, 327-328 LLQ, 329 PQ, 327 WFQ, 326 SOHO wireless routers, 685 SONA (Service-Oriented Network Architectures)

applications layer, 62 benefits of, 63 framework of, 60-62 interactive services layer, 62 network intelligence, 58-59 networked infrastructure layer, 61 SONA framework, 141 ANS, 183-186

Enterprise Campus modules, 143, 146 Campus Infrastructure module,

148-149 guidelines for, 150 Server Farm module, 149, 170-172 Enterprise Edge modules, 144, 150 E-commerce module, 152 guidelines for, 154

Internet Connectivity module, 152-153 Remote Access and VPN module, 153 voice network design, 180 WAN and MAN and Site-to-Site VPN module, 144, 154 high availability services link redundancy, 175-176 route redundancy, 173-174 Server Farm modules, 170-172 interactive services, 159-161 redundancy, 170

link redundancy, 175-176 route redundancy, 173-174 Remote Enterprise modules

Enterprise Branch module, 144, 157 Enterprise Data Center module, 144, 158

Enterprise Teleworker module, 145, 158

security services external security threats, 166-168 high availability services, 169 internal security, 162-166 Service Provider modules, 155-157

voice services evaluating data infrastructures, 181

IP telephony, 177-178

voice network design in modular networks, 179-180 VoIP, 177 wireless services, 181-183

SONET/SDH (Synchronous Optical Network/ Synchronous Digital Hierarchy), WAN, 311-312 SP (Service Providers)

MPLS, 346 WAN, 293 spam, 654

Sparse mode (PIM), 241 spear phishing, 654 spoofing (IP), 166, 263 spyware, 654

SS7 digital signaling, 494-495 SSID (Service Set Identifiers), WLAN, 579 SSL VPN (Secure Sockets Layer Virtual Private Networks), Self-Defending Networks, 693 STAC data compression algorithm, WAN, 323 Standalone mode (H-REAP), 640 standard ACL (Access Control Lists), 821 configuring, 824-827 deny statement, 827 example, 827-828 implicit deny any statement, 822 implicit wildcard masks, 826 permit statement, 827 placement of, 828-829 processing order, 822 vty access, restricting, 839-841 wildcard masks, 823

star topologies (packet-switched networks), 297

static IP addressing assignment method,

396-397 static IPv6 addresses assignment, 412 name resolution, 414

static name resolution versus dynamic name resolution, 400-401 static NAT (Network Address Translation), 379

static routes, 29, 338

static routing protocols, 430-431

station lines, voice networks, 488 statistical data compression, 323 STP (Spanning Tree Protocol), 42

blocking state, 46

Cisco STP toolkit, 249

Enterprise Campus networks, managing in,

248-250 forward-delay parameters, 46 learning state, 46 listening state, 46 MISTP, 248 nondesignated ports, 45 PVST, 248

redundancy in Layer 2 switched networks,

42-43 root bridges, 44-45 root ports, 44 RPVST+, 248 RSTP, 47, 133, 248 terminology of, 43-45 VLAN, 49-50

STP Loop Guard (Cisco STP toolkit), 250 strategic analysis tools, top-down design

(network design methodologies), 114 Streaming Video class (QoS), 358 strong authentication, 165, 676 structured design, top-down design (network design methodologies), 112-113 stub areas, OSPF, 452 subnet masks, 37

calculating, 816-819

extending classful addresses, 815-816

FLSM, 390-391

prefixes, 819-820

VLSM, 390-393

subnets, 36-38

summarization groups, IP addressing hierarchical planning, 387-388 summarization plans, example of, 394-395 summarizing routes benefits of, 471

distribution layer, 471-472

IP addressing, 384-385

passive IGP interfaces at access layer, 473

summary reports, network design methodologies, 103-104 supernetting. See route summarization SuperScan, 656 supervision signaling, 490

switched networks, STP redundancy, 42-43 switches, 14

bridges versus, 15

Cisco Catalyst switches, Self-Defending

Networks, 670 Enterprise Campus networks, performance, 267

inline power switches, 178 LAN switches, 15

large branch office architectures (Enterprise

Branch architectures), 361 Layer 2 switching, 38-41, 132-133, 137-138 medium branch office architectures

(Enterprise Branch architectures), 360 MLS, 237-238

multilayer switching, 41-42, 132-133,

137-138 oversubscription, 266 packets, 27

PBX switches, voice networks, 484-485 PSTN, 484-487 routers versus, 16

small branch office architectures (Enterprise Branch architectures), 357

syslog accounting, 207-210 Syslog Analyzer, 210 system availability, 655

Was this article helpful?

0 0

Post a comment