Information Technology Reference
In-Depth Information
may contain sensitive information that is crucial to the business and therefore cannot be-
come compromised. Therefore, it needs to be highly secured. Network performance is an-
other area that is critically important, which can limit the choice of protection
mechanisms and technologies. Here are some of the risks inherent with enterprise data
centers:
Compromised applications and unauthorized access to critical information
■
Exploiting different servers in the business by launching an attack from the compro-
mised servers
■
To p r o v i d e a d e q u a t e s e c u r i t y p r o t e c t i o n , o r g a n i z a t i o n s c a n i m p l e m e n t t h e n e t w o r k s e c u -
rity solutions described in Table 13.5.
Ta b l e 1 3 - 5
Security in the Data Center
Key
To p i c
Cisco Security
Category
Security Solutions
Identity and access
control
802.1X, ACLs, and firewalls (FWSM)
Threat detection and
mitigation
NetFlow, syslog, SNMP, RMON, CS-MARS, and NIPS
Infrastructure protec-
tion
AAA, TACACS, RADIUS, SSH, SNMPv3, IGP/EGP MD5, and
Layer 2 security features
Security management
CSM, CS-MARS, and ACS
Figure 13-9 illustrates an enterprise data center security scenario and shows where security
technologies, protocols, and mechanisms can be deployed in the enterprise data center.
Implementing Security in the Enterprise Edge and WAN
The enterprise edge and WAN provide connectivity to other parts of your network over
both private and public networks. It is important to consider the available security options
when transferring data between locations and over WAN and Internet transports.
Keep in mind the following potential risk areas when moving data between locations:
Attackers obtain access to the network and compromise the confidentiality and in-
tegrity of sensitive information with eavesdropping or data manipulation.
■
Misconfiguration of the WAN could cause inappropriate WAN configuration and un-
wanted connectivity.
■
To p r o v i d e a d e q u a t e s e c u r i t y p r o t e c t i o n b e t w e e n l o c a t i o n s , o r g a n i z a t i o n s c a n i m p l e m e n t
the security solutions described in Table 13.6.
