Cisco recommends multiple layers of security technologies to prevent a single configuration error from jeopardizing the security of the network. Cisco also recommends operational processes that ensure prompt application of software patches, timely installation of new security technologies, and performance of regular security audits and assessments.
As you begin to design your network, rank the importance of your network assets and services by considering these factors:
•What keeps you in business?
•How do you make money?
•Does loss of data or privacy equal lost money?
•What about regulatory compliance?
•How do you protect your critical data?
•Where does voice fit?
Then consider the potential threats to your business, which may include:
•Toll fraud
•Eavesdropping
•Address spoofing
•Fake caller identity
•Media tampering
•Denial of service
•SPAM, SPIT (SPAM over IP telephony), and SPIM (SPAM over Instant Messaging)
In addition to the operational processes, advanced security technologies should be reviewed and considered. Security technologies can be categorized as follows:
•Network security
–Virtual LANs (VLANs)
–Access control lists (ACLs),
–Stateful firewalls with protocol aware inspection
–Virtual Private Networks (VPNs)
–QoS
–Dynamic Address Resolution Protocol (ARP) inspection
–Dynamic Host Configuration Protocol (DHCP) snooping
–Port security
–Network intrusion prevention
•Host security
–Cisco Security Agent
–Third-party anti-virus software
–Host-based firewalls
–Hardened operating systems
•User authentication, authorization, and accounting security
–Phone image authentication
–Multilevel administration privileges
–Call detail reporting
For more information about Cisco end-to-end security designs, see the SAFE Blueprint . For more details about Cisco integrated network security solutions, see the following resources:
•Security Solutions and Products
•Enhanced Security for Unified Communications