FastTrack Training. "Network Basics." "Cisco Security Products." Eddie Martin December 2012
- Tutorial
About a year ago, I noticed an interesting and fascinating series of lectures by Eddie Martin, which is incredibly intelligible, thanks to its history and real life examples, as well as colossal experience in teaching, which allows us to gain an understanding of rather complex technologies.
We continue the cycle of 27 articles based on his lectures:
01/02: “Understanding the OSI Model” Part 1 / Part 2
03: “Understanding the Cisco Architecture”
04/05: “The Basics of Switching or Switches” Part 1 / Part 2
06: “ Switches from Cisco ”
07: “ The area of use of network switches, the value of Cisco switches ”
08/09:“ Basics of a wireless LAN ” Part 1/ Part 2
10: “Products in the area of wireless LANs”
11: “The value of Cisco wireless LANs”
12: “The basics of routing”
13: “The structure of routers, routing platforms from Cisco”
14: “The value of Cisco routers”
15/16: “Basics of data centers” Part 1 / Part 2
17: “Equipment for data centers”
18: “The value of Cisco in data centers”
19/20/21: “Fundamentals of telephony” Part 1 / Part 2 / Part 3
22: Cisco Collaboration Products
23:“Cisco Collaboration Product Value”
24: “Security Essentials”
25: “Cisco Security Software Products”
26: “Cisco Security Product Value”
27: “Understanding Cisco Architectural Games (Overview)”
And here's the twenty-fifth of them.
So, we have email protection software in the form of an Ironport cloud solution or physical device that runs on your site.
Perhaps a hybrid solution when you use both cloud security and a physical device to protect your site.
Further, we have an intrusion prevention system based on the ASA 5500 series and IPS protection modules - these are the latest IPS 4300 and 4500 series. IPS
devices transmit up to 5 Gb / s and are used to update SIO. There is also a non-self-contained Oracle Java software component used on sites that lack other technical support, and we are constantly updating it for our customers using the Cisco ASA series of hardware firewalls.
The ASA range is represented by devices from the smallest to the largest. The smallest is the 5505, a hardware PIX firewall.
The ASA 5540 PIX firewall has a throughput of 175 Mbps per firewall, and starts at $ 3,000. ASA 5505 is designed for 150 Mbps and costs only $ 545. Thanks to this pricing policy, people can choose the most suitable equipment for the cost. We have various models for every need: for small offices, for large companies and for data centers.
If you see the letter X in the model designation, this means that you have next-generation equipment with an updated hardware architecture. It provides increased productivity by the number of connections per second, which is today a necessary requirement. Each such device is equipped with IP SEC VPN.
For large companies, the 5550 X series is recommended; it has various capabilities that allow you to use these devices in accordance with your network needs.
For data centers, hardware firewalls are recommended that provide protection of up to 1 million connections per second. Cisco is # 1 on the email security market.
Protection of a network of branches is usually quite good, but it should be noted that a switch cannot act as a firewall. But if you send streaming data or a large amount of traffic in several portions and at the same time about 5% of the traffic disappears, which is completely abnormal, you must interrupt the broadcast, disable this port and report it to SIO.
We have DHCP snooping - a switch function designed to protect against attacks using the DHCP protocol. When you contact someone, the switch sees you and the IP address of the device with which you have contacted via the DHCP server, and remembers them. And if someone tries to get into the network between you and tries to replace the server address or your address, it will be stopped. This is the security feature that is used in our switches. So a firewall is only a small part of the overall network security architecture.
ASA checks the switch traffic and in case of danger or disabling the firewall will not give you access to the network. There are just a few things that we cannot do with switches, especially with level 3 switches.
To protect branches, a solution with a router that is connected via WAN to our ASA is perfect. As I already said, the 5500 series of devices is ideally suited as an ASA.
AnyConnect mobile security client is used as part of the ASA and VPN and is optimal for the company's headquarters, it can be located in the Cloud. This is software that can be downloaded to any fixed or mobile device.
Cisco ISE is a universal platform that can be used to provide security for a wide variety of architectures, as an example is this illustration for a local network.
ISE is used to manage security policies that automate and implement secure access to network resources and provide monitoring of users and devices to support and control corporate mobile access. It uses 802.1x or AnyConnect protocol. The platform allows you to configure ISE guest portals for access from mobile and desktop devices and quickly provide guest access, optimize BYOD and mobile access.
How does security affect collaboration? How can a conversation about collaboration work be discussed with a discussion of a security problem and vice versa? For example, when you talk about BYOD, it is both related to collaboration and security. You want people and devices within our network to interact safely with people and devices outside it. We must adhere to the same security policy in relation to external Web resources and in relation to internal traffic in the process of collaboration. Remember that you want to place some solutions in the Cloud, you can do it.
Continuation:
FastTrack Training. "Network Basics." "The Value of Cisco Security Products." Eddie Martin December, 2012
Thank you for staying with us. Do you like our articles? Want to see more interesting materials? Support us by placing an order or recommending it to your friends, a 30% discount for Habr users on a unique analogue of entry-level servers that we invented for you: The whole truth about VPS (KVM) E5-2650 v4 (6 Cores) 10GB DDR4 240GB SSD 1Gbps from $ 20 or how to divide the server? (options are available with RAID1 and RAID10, up to 24 cores and up to 40GB DDR4).
Dell R730xd 2 times cheaper? Only we have 2 x Intel Dodeca-Core Xeon E5-2650v4 128GB DDR4 6x480GB SSD 1Gbps 100 TV from $ 249 in the Netherlands and the USA!Read about How to Build Infrastructure Bldg. class using Dell R730xd E5-2650 v4 servers costing 9,000 euros for a penny?
We continue the cycle of 27 articles based on his lectures:
01/02: “Understanding the OSI Model” Part 1 / Part 2
03: “Understanding the Cisco Architecture”
04/05: “The Basics of Switching or Switches” Part 1 / Part 2
06: “ Switches from Cisco ”
07: “ The area of use of network switches, the value of Cisco switches ”
08/09:“ Basics of a wireless LAN ” Part 1/ Part 2
10: “Products in the area of wireless LANs”
11: “The value of Cisco wireless LANs”
12: “The basics of routing”
13: “The structure of routers, routing platforms from Cisco”
14: “The value of Cisco routers”
15/16: “Basics of data centers” Part 1 / Part 2
17: “Equipment for data centers”
18: “The value of Cisco in data centers”
19/20/21: “Fundamentals of telephony” Part 1 / Part 2 / Part 3
22: Cisco Collaboration Products
23:“Cisco Collaboration Product Value”
24: “Security Essentials”
25: “Cisco Security Software Products”
26: “Cisco Security Product Value”
27: “Understanding Cisco Architectural Games (Overview)”
And here's the twenty-fifth of them.
FastTrack Training. "Network Basics." "Cisco Security Products." Eddie Martin December 2012
So, we have email protection software in the form of an Ironport cloud solution or physical device that runs on your site.
Perhaps a hybrid solution when you use both cloud security and a physical device to protect your site.
Further, we have an intrusion prevention system based on the ASA 5500 series and IPS protection modules - these are the latest IPS 4300 and 4500 series. IPS
devices transmit up to 5 Gb / s and are used to update SIO. There is also a non-self-contained Oracle Java software component used on sites that lack other technical support, and we are constantly updating it for our customers using the Cisco ASA series of hardware firewalls.
The ASA range is represented by devices from the smallest to the largest. The smallest is the 5505, a hardware PIX firewall.
The ASA 5540 PIX firewall has a throughput of 175 Mbps per firewall, and starts at $ 3,000. ASA 5505 is designed for 150 Mbps and costs only $ 545. Thanks to this pricing policy, people can choose the most suitable equipment for the cost. We have various models for every need: for small offices, for large companies and for data centers.
If you see the letter X in the model designation, this means that you have next-generation equipment with an updated hardware architecture. It provides increased productivity by the number of connections per second, which is today a necessary requirement. Each such device is equipped with IP SEC VPN.
For large companies, the 5550 X series is recommended; it has various capabilities that allow you to use these devices in accordance with your network needs.
For data centers, hardware firewalls are recommended that provide protection of up to 1 million connections per second. Cisco is # 1 on the email security market.
Protection of a network of branches is usually quite good, but it should be noted that a switch cannot act as a firewall. But if you send streaming data or a large amount of traffic in several portions and at the same time about 5% of the traffic disappears, which is completely abnormal, you must interrupt the broadcast, disable this port and report it to SIO.
We have DHCP snooping - a switch function designed to protect against attacks using the DHCP protocol. When you contact someone, the switch sees you and the IP address of the device with which you have contacted via the DHCP server, and remembers them. And if someone tries to get into the network between you and tries to replace the server address or your address, it will be stopped. This is the security feature that is used in our switches. So a firewall is only a small part of the overall network security architecture.
ASA checks the switch traffic and in case of danger or disabling the firewall will not give you access to the network. There are just a few things that we cannot do with switches, especially with level 3 switches.
To protect branches, a solution with a router that is connected via WAN to our ASA is perfect. As I already said, the 5500 series of devices is ideally suited as an ASA.
AnyConnect mobile security client is used as part of the ASA and VPN and is optimal for the company's headquarters, it can be located in the Cloud. This is software that can be downloaded to any fixed or mobile device.
Cisco ISE is a universal platform that can be used to provide security for a wide variety of architectures, as an example is this illustration for a local network.
ISE is used to manage security policies that automate and implement secure access to network resources and provide monitoring of users and devices to support and control corporate mobile access. It uses 802.1x or AnyConnect protocol. The platform allows you to configure ISE guest portals for access from mobile and desktop devices and quickly provide guest access, optimize BYOD and mobile access.
How does security affect collaboration? How can a conversation about collaboration work be discussed with a discussion of a security problem and vice versa? For example, when you talk about BYOD, it is both related to collaboration and security. You want people and devices within our network to interact safely with people and devices outside it. We must adhere to the same security policy in relation to external Web resources and in relation to internal traffic in the process of collaboration. Remember that you want to place some solutions in the Cloud, you can do it.
Continuation:
FastTrack Training. "Network Basics." "The Value of Cisco Security Products." Eddie Martin December, 2012
Thank you for staying with us. Do you like our articles? Want to see more interesting materials? Support us by placing an order or recommending it to your friends, a 30% discount for Habr users on a unique analogue of entry-level servers that we invented for you: The whole truth about VPS (KVM) E5-2650 v4 (6 Cores) 10GB DDR4 240GB SSD 1Gbps from $ 20 or how to divide the server? (options are available with RAID1 and RAID10, up to 24 cores and up to 40GB DDR4).
Dell R730xd 2 times cheaper? Only we have 2 x Intel Dodeca-Core Xeon E5-2650v4 128GB DDR4 6x480GB SSD 1Gbps 100 TV from $ 249 in the Netherlands and the USA!Read about How to Build Infrastructure Bldg. class using Dell R730xd E5-2650 v4 servers costing 9,000 euros for a penny?