Summary

Cisco offers a wide range of security solutions that span the layers of the OSI model and security threat categories. They include perimeter security (firewalling), secure connectivity (VPNs), intrusion detection and mitigation (IDS), security management platform (VMS), and identity services (AAA). A comprehensive approach to network security is referred to as an end-to-end security solution.

Cisco is commonly thought of as a networking company, but it is a security company as well, given the range and sophistication of security products that it offers. Although product lines like routers or firewalls retain their dominant purpose of offering routing or firewall services, they also have become multipurpose integrated security appliances that offer VPN, IDS, firewall, and routing capability in a single unit.

The flexibility in design that this cross-pollination of functionality offers is unprecedented, but it also makes your job more challenging because of the large number of choices. Adherence to the design principles as outlined in Chapter 1 and understanding the primary purpose of each device, as well as its performance characteristics, should facilitate the process of positioning appropriate products for any given deployment scenario and budget that might arise in SMB environments.