Article

Cisco Networking Simplified: Security

Paul Della Maggiora and Jim Doherty

Cisco Networking Simplified


Chapter 9: Security

This excerpt is reprinted with permission from Cisco Press. For more information or to order the book, visit the Cisco Press Web site.

    Requires Free Membership to View

The following sections describe the different categories of network security.

Identity
Identity is the identification of network users, hosts, applications, services, and resources. Examples of technologies that enable identification include Remote Authentication Dial-In User Service (RADIUS), Kerberos, one-time passwords, digital certificates, smart cards, and directory services.

Perimeter Security
Perimeter security controls access to critical network applications, data, and services so that only legitimate users and information can access these assets. Examples include access lists on routers and switches, firewalls, virus scanners, and content filters.

Data Privacy
The ability to provide secure communication is crucial when you must protect information from eavesdropping. Digital encryption technologies and protocols such as Internet Protocol Security (IPSec) are the primary means for protecting data, especially when implementing virtual private networks (VPNs).

Security Monitoring
Regardless of how security is implemented, it is still necessary to monitor a network and its components to ensure that the network remains secure. Network-security monitoring tools and intrusion detection systems (IDSs) provide visibility to the security status of the network.

Policy Management
Tools and technologies are worthless without well-defined security policies. Effective policies balance the imposition of security measures against the productivity gains realized with little security. Centralized policy-management tools that can analyze, interpret, configure, and monitor the state of security policies help consolidate the successful deployment of rational security policies.

A company's network is like any other corporate asset: It is valuable to the success and revenue of that company. More than ever, the corporate computer network is the most valuable asset of many companies. Therefore, it must be protected. Generally, middle- to large-size companies appoint a chief security officer, whose job is to develop and enforce corporate security policies.

Security threats present themselves in many forms:

  • A hacker breaking into the network to steal confidential information or destroy corporate data
  • A natural disaster such as a fire, tornado, or earthquake destroying computer and network equipment
  • A disgruntled employee intentionally trying to modify, steal, or destroy corporate information and devices
  • A computer virus
  • An act of war or terrorism

Common security threats introduced by people include the following:

  • Network packet sniffers
  • IP spoofing
  • Password attacks
  • Distribution of sensitive internal information to external sources
  • Man-in-the-middle attacks

Internet security is also a big concern given the exposure of corporate data resources to the publicly accessible Internet. Traditionally, you could achieve security by physically separating corporate networks from public networks. However, with corporate web servers and databases—and the desire to provide access to corporate resources to employees over the Internet—companies must be especially diligent in protecting their networks.

Another recent area for security concern is wireless networking. Traditional networking occurred over physical wires or fibers. However, the current trend is to provide networking services over radio frequencies. Companies are installing wireless networking in their buildings so employees can link to the corporate network from conference rooms and other shared locations from their laptop computers. Additionally, service providers are now offering public wireless Internet services.

This chapter is posted in full as a pdf file. To continue reading, click here.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: