Header
Home | Set as homepage | Add to favorites
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey, 

Home : Intrusion Detection System : The Network Campus Area

The Network Campus Area

image


 

The Network Campus Area

The SAFE blueprint includes security architectural information specific to the size of the networks and includes details for small, medium, and enterprise-sized networks. Regardless of size, however, the Campus Area includes security services directed primarily to the internal, corporate user. Common security infrastructure within the Campus Area includes packet filtering and VLAN-capable switch devices, virus scanning systems, intrusion detection, and security management solutions to name a few.

Let's look a little closer at what each sized campus module provides within the SAFE blueprint.

The Small Campus Module

The Small Campus Module provides security infrastructure sized appropriately for budget-conscious and small organizations. Included within the Small Campus Module are intrusion detection systems, virus scanning servers, proxy devices, and security management systems. Within the Small Campus Module design, users are trusted more internally due to budget and size. For example, internal firewalls to separate Accounting from Engineering may not be practical based on cost.

The Medium Campus Module

The Medium Campus Module is similar to the Small Campus Module, yet includes more security infrastructure to provide protection for an increased number of people and services. For instance, in addition to the security implemented in the Small Campus Module, the Medium Campus Module includes switches capable of separating users via VLANs and filtering based on Layer 3 and 4 attributes. Critical services such as Call Management or Accounting Servers are separated by stateful inspection firewalls. Intrusion detection systems are more capable in the Medium Campus Module and can provide focused analysis in Layers 4 through 7. As in the Small Campus Module, the Medium Campus Module includes network management systems, virus scanning gateways, and proxy devices.

The Enterprise Campus

The Enterprise Campus Area within the SAFE blueprint is targeted at large organizations that may span several geographical locations and provide a multitude of user-focused internal services. The Enterprise Campus is large enough to warrant the creation of several modules, each addressing specific security requirements within the Campus. Let's look at these modules, starting from the user edge and working towards the services.

The Building Module

The Building Module might best be thought of as the Access Layer in the traditional tiered network architecture model. It is where the users are connected to the network and includes virus scanning software, personal firewalls, and VLAN-separated user space.

The Distribution Module

Within the SAFE blueprint, there are two types of Distribution Modules, a Building Distribution Module and an Edge Distribution Module. As they both contain similar security infrastructure and largely provide the same type of network services, we'll discuss both of them in this section.

From the Building Module, the user traffic is directed through the Building Distribution Module. This module acts as a transport area to quickly provide access to the core networks. Within the Building Distribution Module, security features include RFC 2827 filtering to prevent DoS attacks and address spoofing and continued VLAN separation. Layer 3 separation may also exist if routing occurs in the Building Distribution Module.

The Edge Distribution Module serves as the security handoff to the Network Edge Area, which we'll discuss in a moment. Like the Building Distribution Module, the Edge Distribution Module also includes RFC 2827 filtering and, potentially, Layer 3 access control.

The Core Module

As is traditional in core networks, very little security infrastructure is included so as to not impede high-speed transport across the campus. While the Core Module does not call for security features, there are an increasing number of security devices, such as IDS and firewalls, that can potentially exist within the Core based on their high-speed performance.

The Server Module

The Server Module specifically addresses the needs of server farm or other service areas. Many security capabilities are present in the Server Module to protect enterprise assets such as directory services, messaging servers, DHCP, VoIP Call Management services, and the like. Included within the Server Module are stateful inspection firewalls and packet-filtering devices, IDS in the form of HIDS and NIDS, and VLAN-capable switches.

The Management Module

The Management Module exists as the command and control module for the entire SAFE blueprint. It is within this module that security support infrastructure resides. The Management Module can include the following services and capabilities:

  • AAA services such as Cisco Secure ACS for network device access control

  • SNMP-based network monitoring and control services, such as CiscoWorks

  • Syslog servers for comprehensive error and event data capture

  • Out-of-band (OOB) network access and infrastructure

  • Two-factor authentication systems such as SecurID servers

  • Device configuration management systems for revision control

  • VPN termination systems for remote, secure management

In addition to these services, the Management Module is itself protected by focused Layer 4–7 IDS analysis, various traffic filtering mechanisms such as router filters and stateful inspection firewalls, and, as in other modules, VLAN-capable switches for Layer 2 separation.

63 times read

Related news
» Enterprise SAFE block diagram
by alperen posted on Dec 02,2008
» The Network Edge Area
by admin posted on Nov 24,2008
» Using Gigabit Ethernet in the Enterprise
by alperen posted on Dec 03,2008
» The Internet Service Provider Area
by admin posted on Nov 24,2008
» Exam Topics
by alperen posted on Mar 24,2010
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

admin

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
Website Statistics
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.