Information Technology Reference
In-Depth Information
This chapter covers security topics that you need to master for the CCDA exam. It begins
with a discussion of the Cisco SAFE architecture and then covers the strategy for identi-
fying and responding to security threats. The next section, “Trust and Identity Technolo-
gies,” discusses the technologies and services used on network security devices such as
routers and firewalls. The section “Detecting and Mitigating Threats” covers the technolo-
gies supporting threat defense, such as network- and host-based intrusion prevention sys-
tems (IPS), Adaptive Security Appliances (ASA), and Cisco Security Monitoring, Analysis,
and Response System (MARS).
The “Security Management Applications” section describes the Cisco security manage-
ment products designed to support the Cisco SAFE architecture. Next, the “Integrating
Security into Network Devices” section covers the security features integrated into Cisco
network devices, such as routers, firewalls, IPS, endpoint security, and Catalyst service
modules. Then, the “Securing the Enterprise” section reviews the locations to deploy se-
curity devices and solutions in the enterprise campus, data center, and WAN edge.
Cisco Security Architecture for the Enterprise (SAFE) is a security reference architecture
that provides detailed design and implementation guidelines to assist in the development
of secure and reliable networks. Part of the SAFE architecture discusses the building
blocks of secure networks that are resilient to well-known and new forms of attack. Be-
cause enterprise networks are key enablers of business, networks must be designed with
integrated security in mind to ensure confidentiality, integrity, and availability of network
resources, especially those networks that support critical business activity.
One key principle of Cisco SAFE architecture relates to the need for deep security and
protection from both the inside and outside of the organization, along with providing
guidelines for analyzing security requirements. The Cisco SAFE approach allows for the
analysis of expected threats and supports the design of the network security strategy. In
addition, the modular nature of Cisco SAFE allows for the security system to be ex-
panded and scaled as the business grows.
Here are the goals of Cisco SAFE:
Mitigation of threats and security based on policy
■
Secure management tools and the development of reports
■
Authentication, authorization, and accounting (AAA) for network equipment
■
Use of security mechanisms for all network devices
■
Intrusion detection for network devices and IP subnets
■
Here are the benefits of Cisco SAFE:
SAFE is the basis for the design of highly available secure networks.
■
SAFE provides for an open, modular, and expandable structure.
■
