Information Technology Reference
In-Depth Information
Ta ble 1 2 - 9 lists the steps for continuous security.
Ta b l e 1 2 - 9
Steps for Continuous Security
Key
To p i c
Process Description
Process
Name
Identification, authentication, ACLs, stateful packet inspection (SPI), encryp-
tion, and VPNs
Secure
Intrusion and content-based detection and response
Monitor
Assessments, vulnerability scanning, and security auditing
Te s t
Assessments, vulnerability scanning, and security auditing
Improve
Integrating Security Mechanisms into Network Design
To d a y 's n e t w o r k d e s i g n s d e m o n s t r a t e a n i n c r e a s e d u s e o f s e c u r i t y m e c h a n i s m s a n d h a v e
become more tightly integrated with network design. Many security services such as
IDS/IPS, firewalls, and IPsec virtual private network (VPN) concentrators now reside
within the internal network infrastructure. It is recommended that you incorporate net-
work security during the network design planning process. This requires close coordina-
tion between the various engineering and operation teams.
Tr u st and ident it y management is par t of the Cis co S ec ur it y A rchitec t ure for the Enter-
prise (SAFE) security reference architecture that is crucial for the development of a secure
network system. Trust and identity management defines who and what can access the net-
work, and when, where, and how that access can occur. Access to the business applica-
tions and network equipment is based on the user-level rights that are granted and
assigned by the administrators. Trust and identity management also attempts to isolate
and keep infected machines off the network by enforcing access control. The three main
components of trust and identity management are trust, identity, and access control, as
shown in Figure 12-8. The following sections cover these components in detail.
Trust
Trust and
Identity
Management
Identity
Access Control
Figure 12-8
Tr u s t a n d Id e n t i t y Ma n a g e m e n t
