Chapter 5. Cisco Security Solutions

An effective security solution should counter one or more of the security threats that have been identified in a security policy as having the potential to impact the operations of the small-medium business (SMB) in a drastic, adverse manner. All of the security solutions presented in this chapter can be used either standalone or in a complementary manner to oppose one or more of these threats.

Ideally, the choice of a solution should result from the process of defining a security policy and should depend on the type of threats (see Chapter 4, “Overview of the Network Security Issues”) and their damage potential to the SMB's network resources and information assets. But if the ideal of having a well-defined security policy cannot be realized, you still need to find a security solution.

Firewalling an SMB's internal network, which is also connected to the Internet, is a given, even if the SMB chooses not to engage in a formal process of formulating a security policy. As the security solutions become more versatile, easier to deploy, and counter more and more of the common threats in a single integrated security appliance, securing a network of the future might eventually become a “plug-and-play” operation. Everyone involved in the development of security solutions should aim for that goal.

Meanwhile, existing security solutions, even if they are getting easier to deploy, require a degree of design and configuration planning. The solutions presented in this chapter include the following:

• Virtual private networks (VPNs)

• Firewalls

• Intrusion detection systems (IDSes)

• Router security features

These security solutions offer effective antidotes for many of the specific threats in all of the security threat categories discussed in Chapter 4. They facilitate the enforcement of information confidentiality through multiple encryption algorithms while data is in transit across the network. They also secure the network parameter and prevent outsiders from gaining access to the internal network and its resources through stateful firewalling. In addition, they detect hundreds of network intrusion signatures—including denial of service, worms, and application attacks—and either alert a security administrator to a possible intrusion or mitigate it. They also facilitate consistency of configuration, network monitoring, and traffic analysis, and, consequently, the enforcement of security policies through integrated management platforms and individual device managers.

In addition, identity services in the form of user Authentication, Authorization, and Accounting (AAA) are integrated with the security solutions either at a local device level or in a centralized manner via dedicated servers. Collectively, and especially when deployed in a complementary manner, Cisco security solutions facilitate a flexible modular end-to-end approach to securing a network that raises the bar for network access to include only those who are indeed authorized to have it. In turn, secure network access and communication in today's dynamic business environment translates into enabling new sources of revenue and productivity gains by eliminating the traditional distance and time boundaries between the SMB's partners, customers, and employees. Now, let's consider each solution in more detail.