Cisco
Threat Defense System Guide
How to Provide
Effective Worm Mitigation
Contributed by Cisco
Systems, Inc.
The network today is a critical business asset. It not only allows the smooth
running of business applications, it also enables the easy delivery of data,
voice, and video. As a result, companies are increasingly concerned with keeping
their network running andapplications online while protecting one of their most
critical assets — their information. In order to protect your business, you need
to protect your network. In recent years, not only has the number of
network and computer attacks been on the rise, but also the level of complexity
and sophistication with which they strike. The most commonplace and perhaps most
damaging of these attacks are called “worms.”
Building a Self-Defending Network
Contributed by Cisco
Systems, Inc.
Increasingly,
mission-critical business applications and services are deployed on open
networks with substantial connections to the public Internet. Without
appropriate security policies, processes, and products, Internet connectivity
can compromise the very gains in productivity that help make todayâs
companies more profitable and that enable them to serve a larger and more
diverse customer base. Security
enables enterprises to confidently extend the network to customers, partners,
and remote/mobile employees, thus increasing revenues sources, efficiency of
business processes and employee productivity.
In
some industries, data privacy and the threat of litigation has become a
government mandate. U.S. healthcare providers must comply with the Health
Insurance Portability and Accountability Act (HIPAA), U.S. financial services
providers are governed by the Gramm-Leach-Bliley Act, and U.K. companies must
adhere to the Turnbull Report on Internal Control for public companies, as
well as the Data Protection Act of 1995.
Technology Best
Practices for Endpoint Security
Contributed by Cisco
Systems, Inc.
As technologies such as high-speed networks,
switching, and end-to-end encryption are more widely adopted, providing desired
security at the network level becomes a major challenge. One important place to
enforce security is at the endpoint, where data resides and the potential for
damage is greatest. Today, businesses are confronted with the availability of
several point products, each attempting to solve a part of the endpoint security
problem. These include distributed personal firewalls for protection against
network-borne threats, antivirus scanners for detection of file-based threats,
and audit or integrity products for detection of malicious configuration
activity. These technologies do not address new attacks that are carried over
existing protocols to attack applications, or new content-based attacks that
attack systems before vendors are able to release and distribute signatures and
other responses. This document outlines the technology best practices for
endpoint security solutions, to help organizations make informed decisions when
choosing endpoint security products.
Network Admission Control
Contributed by Cisco Systems, Inc.
Network
Admission Control (NAC), an industry initiative sponsored by Cisco Systems, uses
the network infrastructure to enforce security policy compliance on all devices
seeking to access network computing resources, thereby limiting damage from
viruses and worms.
Using NAC,
organizations can provide network access to endpoint devices such as PCs, PDAs,
and servers that are verified to be fully compliant with established security
policy. NAC can also identify noncompliant devices and deny them access, place
them in a quarantined area, or give them restricted access to computing
resources.
NAC is part of
the Cisco Self-Defending Network. Its goal is to create greater intelligence in
the network to automatically identify, prevent, and adapt to security threats.
Intrusion Protection
for Remote Corporate Users
Contributed by Cisco
Systems, Inc.
Increasingly, employees are working remotely from
corporate offices. Some of these users are mobile workers accessing corporate
applications like e-mail from hotel rooms, airports, or customer offices. Others
are tele-workers working from home. Often, these users access the corporate
network through the Internet instead of using a dialup modem. All of these users
are exposed to probes or attacks from the Internet, and none are protected by
the central corporate firewall. Remote users whose computers are compromised
provide attackers with a point of entry into the corporate network.
A Security Blueprint
for Enterprise Networks
Contributed by Cisco Systems, Inc.
The SAFE
Blueprint from Cisco Systems® is a secure blueprint for enterprise networks.
Its principle goal is to provide best practices information on designing and
implementing secure networks. SAFE takes a defense-in-depth approach to
network security design, serving as a guide to network designers considering
the security requirements of their networks. This type of design focuses on
expected threats and their methods of mitigation, resulting in a layered
approach to security where the failure of one security system is not likely
to lead to the compromise of the rest of the network. Although this white
paper is a product-agnostic document, the SAFE proof-of-concept lab is based
on products from Cisco and its partners.
This document
begins with an overview of the blueprintâs architecture, and then details the
specific modules that make up the actual network design. When discussing each
module, the first three sections describe the traffic flows, primary devices,
and expected threats, with basic mitigation diagrams. Detailed technical
analysis of the design follows, along with more detailed threat mitigation
techniques and migration strategies.