CCDA 640-864 Official Cert Guide - Chapter 13 Summary

Cisco SAFE Architecture

Cisco SAFE Architecture

Total Visibility and Complete Control are two of main components of SCF (Security Control Framework). Network security is a function of visibility and control. Without visibility, there is a lack of control, and without control, you are missing key elements of security. The success of a security policy depends on solid visibility and control. Within SCF, there are 6 security actions used to enforce security policy and allow for visibility and control. Visibility is improved with identify, monitor, and correlate security actions; and control is enhanced through the harden, isolate, and enforce security actions. Each of these security actions is further defined in the SCF model.

Trust and Identity Technologies:

ACL

Firewall

Cisco Network Admission Control (NAC) Appliance

802.1X

Cisco Identity-Based Network Services (IBNS)

802.1X and EAPoL

Detecting and Mitigating Threats

Endpoint protection

Application security and content security defense

Infection containment

Inline IPS and anomaly detection

Threat Detection and Mitigation Technologies

Here are some examples of Cisco threat-detection and threat-mitigation technologies:

• FWSM: Catalyst 6500 Firewall Services Module
• ASA: Adaptive Security Appliance (Robust firewall or NIPS)
• IOS firewall: Cisco IOS software feature set
• IPS sensor appliance: NIPS
• IPS: Intrusion prevention system (IOS feature)
• NAC: Cisco NAC Appliance
• Cisco Traffic Anomaly Detector Module: Detects high-speed DoS attacks
• Cisco IronPort Web Security Appliance (Cisco WSA)
• Cisco IronPort Email Security Appliance (Cisco ESA)
• Network management protocols and solutions
• NetFlow: Stats on packets flowing through router (IOS feature)
• Syslog: Logging data (IOS feature)
• SNMP: Simple Network Management Protocol (IOS feature)
• Cisco MARS: Monitoring, Analysis, and Response System
• Remote Monitor (RMON) events
• CPU and interface statistic
• Cisco Security Manager
• Cisco NAC Manager

Threat Detection and Mitigation

Security Management Applications

Security Platform Solutions:

Cisco has a variety of security management products and technologies that allow scalable administration and enforcement of security policy for the Cisco SCF architecture. These solutions reduce the operational management and automate many of the common tasks, including configuration, analysis, incident response, and reporting. Security management platforms include the following:

• Cisco Security Manager (CSM) is an integrated solution for GUI configuration management of firewall, VPN, and IPS policies on Cisco security appliances, firewalls, routers, and switch modules. CSM has capabilities for security policies to be deployed by device, by group, or globally for all devices.
• Cisco Secure Access Control Server (ACS) provides centralized control for administrative access to Cisco devices and security applications. ACS provides for AAA security services and supports routers, switches, VPN services, ASAs, and Cisco NAC clients. In addition, Cisco ACS also supports back-end directory integration with Lightweight Directory Access Protocol (LDAP) and Microsoft Active Directory (AD) for authentication services.
• Cisco Security Monitoring, Analysis, and Response System (Cisco Security MARS) tor, identify, isolate, and respond to security threats. MARS understands the network topology and device configurations from routers, switches, firewalls, and IPS devices. MARS also can model packet flows on the network.
• Cisco NAC Manager is an appliance that manages the Cisco NAC servers. NAC Manager has a web-based interface for managing security policies and online users that are part of the NAC infrastructure. Cisco NAC Manager acts as an authentication proxy using Cisco ACS or Microsoft AD.
• System Administration Host provides a centralized host used to stage configuration, software images, and implement network changes.
• Network Time Protocol (NTP) server provides time synchronization to NTP clients such as routers and switches. Time synchronization is crucial in the analysis of event correlations.
• Configuration and Software Archive Host serves as a repository to backup device configurations and software images.

SAFE Management Network: In-Band and Out-of-Band

Integrated Security for Cisco IOS

Cisco IOS Integrated	Security Description
Cisco IOS firewall	Stateful multiservice application-based filtering
Cisco IOS IPS	Cisco IOS IPS Inline deep packet inspection
Cisco IOS IPsec	Data encryption at the packet level
Cisco IOS Trust and Identity	AAA, PKI, SSH, SSL

 Securing the Enterprise

Implementing Security in the Campus

Cisco Security Category	Security Solutions
Identity and access control	802.1X, NAC, ACLs, and firewalls
Threat detection and mitigation	NetFlow, syslog, SNMP, RMON, CS-MARS, and NIPS
Infrastructure protection	AAA, TACACS, RADIUS, SSH, NMPv3, IGP/EGP MD5, and Layer 2 security features
Security management	CSM, CS-MARS, and ACS

Enterprise Campus Security

Security in the Data Center

Cisco Security Category	Security Solutions
Identity and access control	802.1X, ACLs, and firewalls (FWSM
Threat detection and mitigation	NetFlow, syslog, SNMP, RMON, CS-MARS, and NIPS
Infrastructure protection	AAA, TACACS, RADIUS, SSH, SNMPv3, IGP/EGP MD5, and Layer 2 security features
Security management	CSM, CS-MARS, and ACS

Enterprise Data Center Security

Security in the Enterprise Edg

Cisco Security Category	Security Solutions
Identity and access control	Firewalls, IPsec, SSL VPN, and ACLs
Threat detection and mitigation	NetFlow, syslog, SNMP, RMON, IDS modules, CS-MARS, and NIPS
Infrastructure protection	AAA, CoPP, TACACS, RADIUS, SSH, SNMP v3, IGP/EGP MD5, RFC 2827 ingress filtering and Layer 2 security features
Security management	CSM, CS-MARS, and ACS

Enterprise Edge and WAN Security