Information Technology Reference
In-Depth Information
for firewall, IP S, ant i-v ir u s, and VPN. The ASA is a c r it ic al component of the Cis co
SAFE architecture that provides proactive threat mitigation, controls application data
flows, and delivers flexible VPN and IPS services. In addition, the ASA is very cost-
effective and easy to manage, and offers advanced integration modules that enhance
the processing capabilities.
ASAs for VPNs:
The Cisco ASAs provide businesses with IPsec and SSL VPN con-
nectivity. ASAs are flexible and offer many deployment scenarios. Although they are
commonly used to terminate VPN sessions for remote-access connections, ASAs can
also be used to terminate site-to-site tunnels with other ASAs, routers, or even non-
Cisco firewalls. The centralized architecture and web-based management ease the ad-
ministrative burden and consolidate the VPN connectivity for the enterprise.
■
NAC Appliance:
The Cisco NAC Appliance support both wired and wireless envi-
ronments and can provide posture assessments for both network environments. The
Cisco NAC Appliance can integrate with Cisco NAC Guest Server and Cisco NAC
Profiler to enhance the NAC implementation.
■
Intrusion Prevention
The Cisco IPS solution integrates passive intrusion detection, inline prevention services,
and new technologies to increase accuracy and keep legitimate traffic from being af-
fec ted. The Cis co IP S 4200 s er ie s s en s or s offer s ig nific ant protec t ion by detec t ing and
stopping threats from attacking your network. Cisco IPS Sensor Software Version 7.0 sup-
ports inline (IPS) capabilities with improved accuracy to stop more threats and reduce the
number of false positives. The IPS appliances support multivector threat identification
through detailed inspection of data flows in Layers 2 through 7. Multivector identification
secures the network from policy violations, vulnerability exploits, and abnormal recon-
naissance activities. The following IPS sensors support bandwidth requirements ranging
from 250 Mbps to 4 Gbps:
IPS 4240
monitors traffic and provides protection up to 250 Mbps in environments
with multiple T3 WAN, gigabit, and fully saturated 10/100 Mbps interfaces. The IPS
4240 has support for multiple 10/100/1000 interfaces. IPS 4240-DC supports DC
power and is Network Equipment Building Standards (NEBS) Level 3 compliant.
■
IPS 4255
delivers up to 600 Mbps of performance and can be used to protect par-
tially utilized gigabit-connected subnets.
■
IPS 4260
delivers up to 2 Gbps of performance and can be used on Gigabit subnets
with copper or fiber network connections, providing additional flexibility.
■
IPS 4270
delivers up to 4 Gbps of intrusion prevention performance and has fiber
and copper interfaces expansion options for up to 16 interfaces that can be used to
monitor and protect multiple network segments.
■
Catalyst 6500 Service Modules
The Catalyst 6500 switching platform supports additional security services and function-
Key
To p i c
bilities of security-related services with the Cisco Catalyst 6500 platform. Many
