Networks today run mission-critical business services that need protection from both external and internal threats.
While internal threats should not be minimized, you need to be cognizant of the threats to your wide-area network (WAN). Consider the following issues as they relate to WAN security: secure connectivity, data and identity protection, secure voice and wireless, and business continuity.
- Migrating to VPNs: Many companies are migrating from leased lines or frame relay for cost savings and increased performance. They often see a 100% ROI within a year. As a backup link, VPN over DSL is cheaper and quicker to deploy than ISDN, and is faster and more reliable. Many companies also use VPNs within their LANs to add encryption protection between segments, buildings, or groups where information security and uptime are critical.
- Information Privacy Legislation: Healthcare, finance, retail, and government sectors are now required by law to encrypt data. Compliance requires that companies use authentication standards and solutions (such as NAC and 802.1x) and auditing practices, and are advised to encrypt data that is transmitted over their existing WANs. Adding these capabilities as part of initial router implementation is easier and far less expensive than adding the required security later.
- Secure Remote Access: Many companies have sales staff and telecommuters who need remote access to networked applications such as e-mail, sales tools, and shared folders. Some organizations also have outsourced staffs or remote partners that need limited and secured network access.
Data and Identity Protection
- Worms, Viruses, and Trojans: Most of today's worms and viruses use the network to spread throughout an organization. A secure WAN stops malicious traffic at the perimeter and contain the spread of infections.
- Security Posture for Network Devices: Make sure your IT administrators can centrally control the admission policy for laptops and PCs, including guest systems.
- Internet Use Policy and Web Filtering: URL filtering is one way to implement and enforce an Internet usage policy for your network, from headquarters to branch offices. It helps protect your organization from possible legal issues.
- Security Architecture Evaluation: Understanding the differences between how you secure headquarter assets and equipment versus how you secure branch office locations can help you identify needs in both areas. Security threats at the WAN level can quickly spread to your LAN without proper defense. You need an in-depth defense policy at all network locations to prevent worm and virus outbreaks, distributed denial of service (DDoS) attacks, and unauthorized traffic.
Secure Voice and Wireless
If you have plans to implement voice over IP (VoIP), build a network that securely implements both the voice- and video-enabled VPN (V3PN) standard and the Secure Real-Time Transport Protocol (SRTP).
Network downtime due to disasters affects uninterrupted access to mission-critical business applications. WAN link backups and secured remote access are typically core components of a business-continuity plan. Many customers use IP VPN as a WAN backup for its flexibility and cost-effectiveness. Some businesses continue to invest in ISDN and dialup to keep them as backup links.
Cisco Secure WAN is a program offers the ability to add security functions to your integrated services router in a simple, manageable bundle.
There are four Cisco Secure WAN bundles for Cisco integrated services routers:
- Baseline for basic security
- High-performance for added performance
- Secure voice for combined security and IP communications
- Secure wireless for integrated security and wireless LAN access
These bundles are designed to simplify branch security, while making those offices as secure as a headquarters location; centralize management; and facilitate compliance with data and network privacy laws. They include the following functionality:
- Site-to-site VPN security
- IPsec generic routing encapsulation
- Remote-access VPN
- Intrusion prevention system (IPS)
- URL filtering
- WAN and dynamic routing
- Network Admission Control
- Cisco Router and Security Device Manager
- Added memory