Information Technology Reference
In-Depth Information
Infection containment: The Cisco ASA, Firewall Services Module (FWSM), and
IOS firewalls protect the network by creating security zones that partition the net-
work into separate segments. The firewall services provide perimeter network secu-
rity but do not eliminate the need for continuous network monitoring. As part of the
Cisco SAFE architecture, NAC can be used in the perimeter to perform policy-based
admission control, thus reducing potential threats.
Inline IPS and anomaly detection: Cisco has innovated in the area of NIDS by be-
ing the first to incorporate NIDS into the IOS on routing and switching platforms. In
addition, IPS solutions have inline filtering features that can remove unwanted traffic
with programmable features that classify traffic patterns. The Cisco IPS 4200 sensor
appliances, Cisco Catalyst 6500 IDSM-2, and the Cisco IOS IPS can identify, analyze,
and stop unwanted traffic from flowing on the network. Another set of tools used to
prevent distributed DoS (DDoS) attacks and ensure business continuity is the Cisco
Traffic A nomaly Detec tor XT and Gu ard XT appliance s, along w ith the Cis co Cata-
lyst 6500 Traffic Anomaly Detector Module and Cisco Anomaly Guard Module.
Firewall and Router
Access Control Lists
Enterprise Campus
Enterprise Edge
Internet/WAN
802.1 X Wireless Authentication
DMZ/E-Commerce
ISP 1
VPN Authentication
Wireless Access
Internet
ISP 2
Remote Access VPN
PSTN
LAN Access
Authentication
Databases
WAN/MAN
Frame/TDM/
ATM/MPLS
SSH Authentication
WAN Peer Authentication
802.1 X Wireless Authentication
Figure 13-5
Identity and Access Control
Threat Detection and Mitigation Technologies
Here are some examples of Cisco threat-detection and threat-mitigation technologies:
FWSM: Catalyst 6500 Firewall Services Module
ASA: Adaptive Security Appliance (Robust firewall or NIPS)
 
Search WWH ::




Custom Search