Presentation is loading. Please wait.
Published byJordan Claver Modified over 8 years ago
SAFE Blueprint and the Security Ecosystem
2 Chapter Topics SAFE Blueprint Overview Achieving the Balance Defining Customer Expectations Design Objectives Security Ecosystem
3 SAFE To see the entire SAFE Blueprint http://www.cisco.com/en/US/netsol/ns340/ns 394/ns171/ns128/networking_solutions_pa ckage.html
4 SAFE Blueprint Overview Cisco document – not a standard Use as a guide to design and implement network security based on Cisco and partner products uses a defense-in-depth and modular approach to security design
5 SAFE White Papers
6 SAFE Overview Cisco describes SAFE as a defense- in-depth approach a system has multiple security measures in place if one defense is breached, another is in place to prevent further damage SAFE blueprint discourages having only one device performing a security function mitigate threats throughout the network
7 SAFE Overview Security capabilities can be hosted on Dedicated appliances, such as firewalls Incorporated in the Cisco IOS on routers and switches Running in the background on end systems Blueprint guidelines encourage you to make security decisions based on the dangers to be avoided, rather than solely on security devices
8 Achieving The Balance It is commonly thought that a network cannot be totally secure So why try? SAFE is not an absolute answer, but a guide to help designers develop workable solutions achieving an acceptable balance between accessibility and usability The network security policy defines this balance
9 Security Policy Develop the security policy with the participation and agreement of the highest levels of an organization’s management Helps to build the required support for the creation, acceptance, and adaptation of the security design
10 Defining Customer Expectations Organizations have different requirements for security Separate segments on the network can have different security requirements SAFE assumes that a security policy is already in place One may not be in place Therefore you must start by creating one
11 Complete Security Is Not Achievable A key expectation Company must adapt a proactive regime to keep the security systems robust
12 Where Most Breaches Occur (or Not) Commonly accepted that network- security breaches occur inside the network A firewall that protects a network from the outside is not sufficient Need security measures that also can detect and reduce risks that begin on a “secured” segment
13 Design Objectives Approach focuses on how vulnerabilities are exploited Assess the existing network to understand the nature of threats Determine how to mitigate these threats
14 Design Objectives Design objectives of the SAFE blueprint: Security and attack mitigation based on policy Security implementation throughout the infrastructure (not just on specialized security devices) Secure management and reporting Authentication and authorization of users and administrators to critical network resources Intrusion detection for critical resources and subnets Support for emerging networked applications
15 Design Objectives SAFE blueprint emphasizes the defining modules within a network first level of modules are functional areas
16 Design Objectives Second layer are the modules within the functional areas Table 16-3, page 413
17 Included Modules
18 Design Objectives Not all actual enterprise networks have specific devices, blades, cards, or ports clearly assigned to all the modules mentioned Still is useful to the designer to identify where all the functions occur and the interactions between the functions
19 Design Objectives
20 Significance of Areas and Modules Helps to layer the protection A different security measure in place at different points in the network Makes the security solution more resilient and scalable Modules become templates for the modifications to the network required by the addition of users and applications
21 Significance of Areas and Modules Modularization also reduces security issues caused by growth security capabilities are considered in the module implementation
22 Benefits of Using SAFE Benefits of using SAFE in network design and implementation: Provides a proven, detailed blueprint to securely compete in the Internet economy Provides the foundation for migrating to secure, cost-effective converged networks Enables organizations to stay within their budgets by deploying a modular, scalable security framework in stages Delivers integrated network protection by offering best-in-class security products and services
23 Security Ecosystem Cisco envisions a community dedicated to providing customers the best solution by giving them access to the following resources: Best-of-breed consulting and vendor partners SAFE blueprint-based solutions such as managed services and vulnerability assessments
24 Security Ecosystem includes solutions from vendors of supplemental products partners to provide assessment, planning, and integration capabilities providers of monitoring and management services
25 Essential Elements for Comprehensive Network Security Five elements Identity—Ensure the accurate and positive identification of network users, hosts, applications, services, and resources. Perimeter security—Control access to critical network applications, data, and services Firewalls, virus scanners and content filters.
26 Essential Elements for Comprehensive Network Security Secure connectivity—Protect confidential information by implementing VPNs Security monitoring—Proactively identify areas of weakness with Policy management—Specify, manage, and audit the state of a security policy
27 Summary SAFE is a layered model defense-in-depth approach If one system is compromised, other security systems protect the network There are six objectives of the SAFE Blueprint The Blueprint focuses on five key areas Cisco is trying to establish a “Security Ecosystem” of partners, vendors and service providers
© 2023 SlidePlayer.com Inc.
All rights reserved.