Thursday, 5 August 2010

SAFE Blueprint: Security Blueprint for Enterprise and Smaller Networks


SAFE blueprint is a network s ecurity framework developed by Cisco Systems. SAFE is intended to be a flexible and dynamic blueprint for network security that is based on the Cisco Architecture for Voice, Video, and Integrated Data (AVVID). The original SAFE blueprint was introduced by Cisco in 2000 in the white paper "SAFE: A Security Blueprint for Enterprise Networks", which applied only to enterprise networks. Cisco has continued to expand and develop the SAFE blueprint to cover other network architectures such as small, medium-sized, and remote-user networks; IP telephony networks; wireless networks; and IPSec-based VPNs.
The original SAFE blueprint for enterprise divides the network into various modules based on the common function of the devices. The focus of the design is the concept of "separation of duties and trust". Where there are different levels of trust, the devices for that function are segregated and isolated in their own module to help mitigate any possible vulnerabilities and attacks that may occur through those devices. The SAFE blueprint for e nterprise suggests that network designers should follow security-oriented objectives when designing a network. These design objectives are:
  • Security and attack mitigation based on policy
  • Security implementation throughout the infrastructure
  • Secure management and reporting
  • Authentication and authorization of users and administrators to critical network resources
  • Intrusion detection for critical resources and subnets
  • Support for emerging network application
The SAFE blueprint for midsize network follows similar objectives . However, in this blueprint, the complexity of the Corporate Internet Module is significantly less than in the Enterprise network blueprint. This blueprint includes network intrusion detection systems (NIDSs) as part of the overall security strategy.
The SAFE blueprint for small network emphasis the application of the SAVE blueprint to a small business network. The redundancy in device functionality in the SAFE Enterprise blueprint is removed to achieve cost-effective deployment of security throughout the network.
The SAFE blueprint for VPN (IPsec based) is discussed in detail in the Cisco White pager "SAFE VPN : IPSec Virtual Private Networks in Depth". The paper includes specific design considerations and best-practice recommendations for enterprise IPSec VPN deployment. The design objectives used in the SAFE VPN include :
  • The need for secure connectivity
  • Reliability, performance, and scalability of the design
  • Options for high availability
  • Authentication of users and devices in the VPN
  • Secure management of the VPN and devices attached
  • Security and attack mitigation before and after IPSec tunnels
The SAFE blueprint for Wireless LAN implementation is discussed in another Cisco white paper "SAFE : Wireless LAN Security in Depth (Version 2)". This white paper describes the following design objectives, listed in order of priority:
  • Security and attack mitigation based on policy
  • Authentication and authorization of users to wired network resources
  • Wireless data confidentiality
  • User differentiation
  • Access point management
  • Authentication of users to network resources
  • Options for high availability (large enterprise only)
The SAFE blueprint for VOIP implementation is discussed in the Cisco white paper "SAVE : IP Telephony Security in Depth". The basic principle of the white paper is that the IP telephony deployment must provide secure, ubiquitous IP telephony services to the locations and users that require it. The following design objectives, listed in order of priority, guided the decision-making process:
  • Security and attack mitigation based on policy
  • Quality of service
  • Reliability, performance, and scalability
  • Authentication of users and devices (identity)
  • Options for high availability (some designs)
  • Secure management
SAFE Blueprint for Enterprise Large Network
SAFE Blueprint for Enterprise Large Network
SAFE Blueprint for Enterprise Large Network
SAFE Blueprint for Middle Size Network
SAVE Blueprint for Middle Size Network
SAFE Blueprint for Middle Size Network
SAFE Blueprint for Small Size Network
SAVE Blueprint for Small Size Network

No comments:

Post a Comment