Successfully using Internet technologies requires an increased need to protect valuable data and network resources from corruption and intrusion. Cisco's security solution is comprised of five key elements:

• Identity
  Identity is the accurate and positive identification of network users, hosts, applications, services, and resources. Standard technologies that enable identification include authentication protocols such as RADIUS and TACACS+, Kerberos, and one-time password tools. New technologies such as digital certificates, smart cards, and directory services are beginning to play increasingly important roles in identity solutions.

• Perimeter Security
  This element provides the means to control access to critical network applications, data, and services so that only legitimate users and information can pass through the network. Routers and switches with access control lists and/or stateful firewalling, as well as dedicated firewall appliances provide this control. Complementary tools, including virus scanners and content filters, also help control network perimeters.

• Data Privacy
  When information must be protected from eavesdropping, the ability to provide authenticated, confidential communication on demand is crucial. Sometimes, data separation using tunneling technologies, such as generic routing encapsulation (GRE) or Layer 2 Tunneling Protocol (L2TP), provides effective data privacy. Often, however, additional privacy requirements call for the use of digital encryption technology and protocols such as IPSec. This added protection is especially important when implementing VPNs.

• Security Monitoring
  To ensure that a network remains secure, it's important to regularly test and monitor the state of security preparation. Network vulnerability scanners can proactively identify areas of weakness, and intrusion detection systems can monitor and respond to security events as they occur. Using security monitoring solutions, organizations can obtain unprecedented visibility into both the network data stream and the security posture of the network.

• Policy Management
  As networks grow in size and complexity, the requirement for centralized policy management tools grows as well. Sophisticated tools that can analyze, interpret, configure, and monitor the state of security policy, with browser-based user interfaces, enhance the usability and effectiveness of network security solutions.

Cisco SAFE Solutions for the Enterprise

Standards and Certification

The Cisco Secure Encyclopedia (CSEC)The Cisco Secure Encyclopedia (CSEC) has been developed as a central warehouse of security knowledge to provide Cisco security professionals with an interactive database of security vulnerability information.

Solution Design Guidance
For verified best practice solution design and implementation guidelines for the enterprise, visit http://wwwin.cisco.com/ent/ese/cani/ins/security.shtml.

Cisco PIX 500 Series Firewalls

Managed Security Services

Cisco SAFE Security Framework

Cisco IOS Firewall Feature Set
The Cisco IOS Firewall offers sophisticated perimeter security and policy enforcement for intranets and extranets (between partner networks).

Encryption
Ensures secure private communications over the Internet.

AVVID Partner Program: Security and VPN
The Cisco AVVID Partner Program: Security and VPN is an interoperability testing and co-marketing program developed to deliver comprehensive security solutions for Cisco networks that build on the strengths of the Cisco security product line.

Cisco Secure Consulting Services
Cisco Secure Consulting Services (formerly Cisco Security Consulting Services) provides comprehensive network security analysis and restoration.

Small/Medium Security Solutions
Cisco security solutions support five key elements: Indentity, Perimeter Security, Data Privacy, Security Monitoring, and Policy Management.

Cisco Secure Software

Authentication
Uniquely and accurately identify users, applications, services, and resources.

Product Bulletins

• Cisco 2621 Security Policy, No. 1112
  The IOS IPSec implementation has been certified to meet FIPS 140-1 Level 2 requirements. This document details the security policy that must be followed to maintain compliance with the FIPS 140-1 requirements.

Business Cases

• Protecting IP Communications with Integrated Security Solutions
• Securing Your Business Network: Integrated Network Security
  Describes how Cisco products, services, and integrated network security solutions allow customers to safely take advantage of Internet business opportunities, increase productivity, and gain competitive advantage.

• Network Security--Embedded in Network, Integrated in Product
  This paper discusses network evolution which is driving the need for security functionality integrated in the network infrastructure and embedded throughout the network.

• ARRIS Systems, Inc.
  ARRIS is a world-class software engineering organization that provides mission-critical business information system solutions. ARRIS has implemented Cisco security solutions including Cisco Identity Based Networking Services.

• Network Security Solutions for Health Care: Making HIPAA SAFE
  This white paper describes how the Health Insurance Portability and Accountability Act (HIPAA) affects the health care industry and how Cisco security solutions can help health care entities prepare for related legislation.

• Beginner's Guide to Security
  An overview on network security: why it's important, the threats, and the solutions.

Profiles

• Seowon
  Seowon is a progressive retailer with over 1,000 grocery markets across the South Western region of Korea. The company introduced an e-business strategy and chose a Cisco Virtual Private Network solution based on the Cisco SAFE Blueprint.

White Papers

• SAFE SQL Slammer Worm Attack Mitigation
  Document discusses the recently released SQL Slammer worm, its effects on the network and its hosts, and how numerous technologies available in Cisco products can mitigate the detrimental effects of the worm.

• Service Provider Quality-of-Service Overview
  This white paper provides an overview for deploying quality of service in the service provider network, including information on Cisco AutoQoS, class of service definitions for different traffic groups, and best-practice procedures.

• Combatting Slammer Worms
  20 slide overview of the Slammer Worm, how it works and how to combat it.

• Encryption Ordering