Self-Defending Network ---System's Approach to Information Security
With a Cisco Self-Defending Network, security is integrated into the network, throughout the infrastructure and protecting each endpoint. This approach is:
- Integrated: Every element in the network acts as a point of defense
- Adaptive: Innovative behavioral methods automatically recognize and adapt to new types of threats as they arise
- Collaborative: Various network components work together to provide new means of protection
Multifunction Security management
At Perimeter
Cisco ASA 5500 services Adaptive Security Appliances
Cisco ASA 5500 Series Adaptive Security Appliances are easy-to-deploy solutions that integrate world-class firewall, Unified Communications (voice/video) security, SSL and IPSec VPN, intrusion prevention (IPS), and content security services in a flexible, modular product family. Designed as a key component of the Cisco Self-Defending Network, the Cisco ASA 5500 Series provides intelligent threat defense and secure communications services that stop attacks at the perimeter before they impact business continuity.
Anti-X Services
The CSC SSM module which fits in a ASA provides comprehensive antivirus, anti-spyware, file blocking, anti-spam, anti-phishing, url filtering and content filtering.
Intrusion Prevention System (IPS)
An integral part of the Cisco Self-Defending Network and Cisco Threat Control solutions, the Cisco Intrusion Prevention System (IPS) provides end-to-end protection for your network. This inline, network-based defense can identify, classify, and stop known and unknown threats, including worms, network viruses, application threats, system intrusion attempts, and application misuse. The appliances provide a range of performance, from 80 Mbps up to 8 Gbps, IPS works on latest signature database and these signatures refer to malicious traffic patterns. The signature updates is and yearly subscription service covered by cisco contract. The above can be achieved in two ways
IPS Module within ASA firewall
IPS features can also be available with ASA by using the AIP-SSM. .It monitors and prevents the malicious traffic passing through ASA to the internal network.
IPS Appliance
It is an appliance suitable to handle one or more networks with its ports configurable as inline pair. If anti-X (CSC –SSM) is deployed in ASA then IPS module can’t be deployed and one has to rely on IPS appliance for the Intrusion Prevention.
Note: Future versions of ASA will support Anti-X & IPS functionality.
Iron-port
The world’s leading email security appliance covered under Cisco security Portfolio. It is ideally placed between firewall and email server so that it acts as an ‘shock absorber” for all incoming mails.
Iron Port Email security appliances uses multi-layer filtering technology which includes reputation and context based filtering.
At Core
6500 chassis based FWSM module
The Cisco Catalyst 6500 Series Firewall Services Module (FWSM) which fits in the 6500 chassis allowing customers to benefit from industry-leading innovations, including:
- Leading scalability and performance
100,000 connections/sec and 2.8 million pps
- Unprecedented security protection at Layers 2–7
Private VLAN integration between the FWSM and the Cisco Catalyst 6500 Series for ease of policy deployment
Advanced firewall capabilities, including application and protocol inspections
- Every port within the chassis becomes a security port
Every FWSM works in tandem with other modules in the chassis to deliver robust security throughout the entire chassis. - New services can be deployed with minimal operational complexity.The integrated approach of the Cisco FWSM integrates virtualization and high availability. Solutions are enhanced through complementary functions.
End point security
Cisco Security agent
Cisco Security Agent It is the first endpoint security solution that combines zero-update attack protection, data loss prevention, and signature-based anti-virus in a single agent. This unique blend of capabilities defends servers and desktops against sophisticated day-zero attacks, and enforces acceptable-use and compliance policies within a simple management infrastructure. Cisco Security Agent also comes with clam antivirus, to provide protection against virus.
Network Admission Control
NAC provides us complete control over the network. Cisco Network Admission Control (NAC) allows only compliant and trusted endpoint with predefined security postures, such as PCs, servers, and PDAs, onto the network, restricting the access of noncompliant devices, and thereby limiting the potential damage from emerging security threats and risks
Monitoring, Analysis and Response System (MARS)
An appliance-based solution that correlates data from across the enterprise and uses your existing network and security investments to identify, isolate, and recommend precision removal of offending elements. MARS, when used in conjunction with Cisco IPS Sensor software v5, provides a total collaborative solution, protecting your entire network infrastructure from attacks, viruses, worms, and other malicious traffic.
Cisco Security Manager
Cisco Security Manager is an enterprise-class management application designed to configure firewall, VPN, and intrusion prevention (IPS) security services on Cisco network and security devices. Cisco Security Manager can be used in networks of all sizes—from small networks to large networks consisting of thousands of devices—by using policy-based management techniques. Cisco Security Manager works in conjunction with the Cisco Security Monitoring, Analysis, and Response System (MARS). Used together, Computech Engineers provide a comprehensive security management solution that addresses configuration management, security monitoring, analysis, and mitigation.
More Network Security Info and Tips: http://blog.router-switch.com/category/networking-2/