SAFE

SAFE
SAFE is Cisco’s Secure Blueprint for Enterprise Networks, the stated aim of which is to provide
information on the best practice for designing and implementing secure networks. Recently, the
issue of security in networking has been receiving a huge amount of attention. As part of this
attention, Cisco has been at the forefront of developing this process, which is based upon the
products of Cisco and its partners.
The SAFE methodology involves creating a layered approach to security, such that a failure
at one layer does not compromise the whole network. Instead, it operates like a military
“defense in depth.”
Defense in depth is a concept that explains how it is expected that an enemy
will be able to penetrate your defensive perimeter, but that it will take time
and effort. Multiple lines of defense slow down an attacker and give you more
time to discover and stop them. Additionally, each line of defense can have
its own procedures, in the hope that the attacker may not be skilled in all
countermeasures.
One of the main features of this new set of principles is that it defines a slightly different modular
concept from the original core, distribution, and access layers. That is not to say that these
original layers are no longer used in design; rather, the SAFE approach is to use an alternative.
In practice, designers see both methods as useful and may appropriate features from each. The
basis for the new modular design concept is shown in Figure 12.12.