Pointing at the Internet and indicating that as the point in
time when security had to become a part of everyone’s computing strategy is
easy. Business and individuals alike were faced with protecting their computing
resources from the many possible dangers that lurked in the Net. The Internet
opened a large door onto a busy street filled with seemingly unlimited
commercial and intellectual opportunities. Unfortunately, within that busy
street reside the same opportunists we fear in our noncyber lives.
Another way the Internet impacts security is its worldwide reach
as a reference library for security experts and, unfortunately, the hacker
community as well. In a few minutes, a search for hack, crack, phreak, or spam
yields many sites, some with many links to other links.
But blaming the Internet is somewhat unfair. The Internet simply
happened to be the first attractive new service with strong mass appeal that
brought with it significant security risks. Others that followed include
wireless communications and connectivity, instant messaging, and enhanced e-mail
services, and undoubtedly more will follow. Increased security awareness and
implementation is, by necessity, one of the prices that must be paid for new
services that connect people.
Unfortunately, all organizations aren’t alike and, therefore, a
one-plan-fits-all approach to security won’t work. Many factors—from internal
company policies to topologies and services supported—impact the decisions about
the proper security strategy. Even within an organization, the security
requirements can require many different solutions. A single LAN branch location
has different security issues than a WAN link or a campus VLAN environment.
Even after the organization assesses its security risks and starts
to develop a plan, problems often exist in knowing whether various multivendor
tools will work together and be supportable in the long term. One common problem
with any multivendor environment (not only networking) is the inevitable
finger-pointing when things go wrong. So often, a decision about single vendor
or multivendor solutions must be made. Cisco is a big believer in single-vendor,
end-to-end solutions—the company was built through acquisitions and R&D to
that end, but it’s also a solid supporter of standards-based technologies.
Standards-based solutions can at least reduce some of the interoperability
issues involved in a multivendor solution.
Cisco network and security products are developed under Cisco’s
AVVID and SAFE strategies to ensure solid standards-based implementations. Both
strategies are covered later in this chapter in the “Cisco AVVID and SAFE Strategies”
section.
|
Note |
Multivendor implementations require more than just knowing
that the technologies will work together. There can also be a significant
support commitment and cost in maintaining resident experts on multiple vendor
products. In addition to having to know how to install and provide production
support, someone must be a security expert on each vendor line to keep on top of
security announcements, vulnerabilities, patches, upgrades, and so forth. The
future can change the balance completely. While products from two vendors might
“play well together” initially, what happens in the future when a new technology
develops and one vendor chooses a standards-based approach while the other
chooses a proprietary solution, or maybe not to play at all? |
Sections
Comments (0 posted)
Syndication
