T t

Cisco Security Agent

Identity and access control technologies include the following:

■ 802.1X port security

■ ACLs on Cisco IOS devices

■ Firewalls (for example, Cisco FWSM)

Threat detection and mitigation technologies include the following:

■ HIPS (for example, the Cisco Security Agent)

■ Cisco Security MARS

■ Cisco Security Manager

Infrastructure protection technologies include the following:

■ IGP or EGP MD5 routing protocol security

■ Layer 2 security features

Security management technologies include Cisco Security MARS and Cisco Security Manager.

Deploying Security in the Enterprise Edge

The enterprise edge modules provide WAN connectivity among various parts of the enterprise network. Security is important whenever data is transferred between locations. For example, some specific risks in the WAN module include the following:

■ Data transmission confidentiality and integrity violations, in which an attacker who obtains physical access to the network media or to a service provider WAN switch can intercept WAN traffic and might eavesdrop or change data in transit.

■ Accidental or deliberate misconfiguration of the WAN network, which can result in the interconnection of different enterprises. Some WAN protocols might establish automatic peering, and unwanted connectivity could become possible.

To provide security, the organization implements identity and access control solutions, threat detection and mitigation solutions, infrastructure protection, and security management. Figure 10-23 illustrates where various security technologies might be deployed within the Enterprise Edge.

Figure 10-23 Security in the Enterprise Edge

Figure 10-23 Security in the Enterprise Edge

Internet

Identity and access control technologies include the following:

■ ACLs on Cisco IOS devices

■ Firewalls (such as Cisco PIX Security appliances)

■ NAC appliances

■ ASA appliances

Threat detection and mitigation technologies include the following:

■ HIPS (for example, the Cisco Security Agent)

■ Cisco Security MARS

■ Cisco Security Manager

Infrastructure protection technologies include the following:

■ IGP or EGP MD5 routing protocol security

Security management technologies include Cisco Security MARS and Cisco Security Manager.

Was this article helpful?

0 0

Post a comment