The Cisco Self-Defending Network is based on a secure network platform that is a strong, secure, flexible base from which the self-defending network solution is built. With security integrated into the very fabric of the network, security becomes an integral and fundamental network feature. Advanced technologies and security services use the secure network platform to provide the critical elements of security—where and when they are needed. These elements are controlled by security policies and security management applications providing efficient security management, control, and response.
Because the network touches all parts of the infrastructure, it is the ideal location to implement core and advanced security services. The nucleus of secure network infrastructure solutions include adaptive security appliances (ASA) and routers and switches with security integrated and embedded both in and between them, as follows:
■ Routers: Routers such as Cisco Integrated Services Routers (ISR) incorporate Cisco IOS firewall, IPS, IPsec VPN (including Cisco Easy VPN and Dynamic Multipoint VPN [DMVPN]), and SSL VPN services into the routing infrastructure, in addition to features that protect the router if it should be the target of an attack. New security features can be deployed on existing routers using updated Cisco IOS software. Routers can also participate in the Network Admission Control (NAC) process. NAC is a multivendor effort that admits endpoints to the network only after they have demonstrated their compatibility with various network security policies.
■ Cisco Catalyst switches: Cisco Catalyst switches incorporate firewall, IPS, SSL VPN, IPsec VPN, DDoS and man-in-the-middle attack mitigation, and virtualization services allowing unique policies for each security zone. Integrated security services modules are available for high-performance threat protection and secure connectivity.
■ Cisco ASAs: Cisco ASAs consolidate all the foundation security technologies (including high-performance firewall, IPS, network antivirus, and IPsec and SSL VPNs) in a single easily managed unified platform. Device consolidation reduces the overall deployment and operations costs and complexity. ASAs can also be NAC-enabled.
Was this article helpful?