Information Technology Reference
In-Depth Information
The following sections discuss device security integration in more detail.
IOS Security
Cisco has developed many security features that are integrated into the IOS base software
or security-specific feature sets. Here are some of the major areas of security focus that
have been included with IOS releases:
Cisco IOS firewall
is a security-specific option that provides stateful firewall func-
tionality for perimeter IOS routers. Cisco IOS firewall provides effective control of
application traffic flowing through the network. Key benefits of IOS firewall include
protecting networks from network and application layer attacks, improving uptime,
and offering policy enforcement for internal and external connections.
■
Cisco IOS IPS
offers inline deep packet inspection to successfully diminish a wide
range of network attacks. IOS IPS can identify, classify, and block malicious traffic in
real time. IOS IPS operates by loading attack signatures on the router and then match-
ing the attacks based on signatures. Cisco also provides prebuilt signature definition
files (SDF) that contain high-fidelity signatures that are based on the memory avail-
able on the router.
■
Cisco IOS IPsec
encrypts data at the IP packet level using a set of standards-based
protocols. IPsec provides data authentication, anti-replay, and data confidentially, and
is the preferred method of securing VPNs.
■
Cisco IOS Trust and Identity
is a set of core technologies that enables network traf-
fic security. Technologies include the following:
■
AAA:
Framework and mechanisms for controlling device access
■
Secure Shell (SSH):
Used for encrypted access between applications and routers
■
Secure Socket Layer (SSL):
Secure web application access
■
PKI (Public Key Infrastructure):
Strong authentication for e-commerce
applications
■
Ta ble 1 3 - 3 describes the Cisco IOS integrated security features.
Ta b l e 1 3 - 3
Integrated Security for Cisco IOS
Key
To p i c
Cisco IOS Integrated Security
Description
Cisco IOS firewall
Stateful multiservice application-based filtering
Cisco IOS IPS
Inline deep packet inspection
Cisco IOS IPsec
Data encryption at the packet level
Cisco IOS Trust and Identity
AAA, PKI, SSH, SSL
