Information Technology Reference
In-Depth Information
Cisco Easy VPN, Dynamic Multipoint VPN (DMVPN), and SSL VPN. ISRs can also
be NAC enabled.
Cisco Catalyst switches
include denial of service (DoS) and man-in-the-middle attack
mitigations and integration with service modules that provide firewall and VPN capa-
bilities providing for secure connectivity. Unique security zones can be set up along
with the virtualization of firewalls.
■
Cisco Security Control Framework
The Cisco Security Control Framework (SCF) is a security framework that provides a
foundat ion for s ec ur ing net work s bas ed on proven indu st r y be st prac t ice s and s ec ur it y ar -
chitecture principles. Cisco SCF is designed to address current threats and threats that are
still evolving by using common and comprehensive security solutions. The Cisco SAFE ar-
chitecture uses SCF to develop secure network designs that ensure high availability of
network services. Cisco SCF influences security product selection and helps guide net-
work implementations to allow for better visibility and control.
SCF assumes the presence of security policies derived from threat and risk assessments
that complement the goals of the business. Security policies and guidelines define the ac-
ceptable-use policy for the secure use of network services and devices in the organiza-
tion. The security policies should also determine the process and procedures for handling
security events, which help define the security operations. To achieve business goals, it is
critical to businesses that security policy and procedures empower the business rather
than prevent access.
To t a l V i s i b i l i t y a n d C o m p l e t e C o n t r o l a r e t w o o f t h e m a i n c o m p o n e n t s o f S C F. Ne t w o r k
security is a function of visibility and control. Without visibility, there is a lack of control,
and without control, you are missing key elements of security. The success of a security
policy depends on solid visibility and control. Within SCF, there are 6 security actions
used to enforce security policy and allow for visibility and control. Visibility is improved
with
identify
,
monitor
, and
correlate
security actions; and control is enhanced through
the
harden
,
isolate,
and
enforce
security actions. Each of these security actions is further
defined in the SCF model.
Key
To p i c
Figure 13-2 describes of components of the Cisco SCF model.
Tr u st and identity technologies are security controls that enable network traffic security.
The follow ing are examples of technologies used to support trust and identity management:
Key
To p i c
Access control lists (ACL):
ACLs are used on routers, sw itches, and firewalls to
control access. For example, ACLs are commonly used to restrict traffic on the
ingress or egress of an interface by a wide variety of methods, such as using IP ad-
dresses and TCP or User Datagram Protocol (UDP) ports.
■
Firewall:
A security device designed to permit or deny network traffic based on
■
rity by using the access and authorization policy to determine what is trusted and
