The original SAFE blueprint for enterprise divides the network into various modules based on the common function of the devices. The focus of the design is the concept of "separation of duties and trust". Where there are different levels of trust, the devices for that function are segregated and isolated in their own module to help mitigate any possible vulnerabilities and attacks that may occur through those devices. The SAFE blueprint for e nterprise suggests that network designers should follow security-oriented objectives when designing a network. These design objectives are:
- Security and attack mitigation based on policy
- Security implementation throughout the infrastructure
- Secure management and reporting
- Authentication and authorization of users and administrators to critical network resources
- Intrusion detection for critical resources and subnets
- Support for emerging network application
The SAFE blueprint for small network emphasis the application of the SAVE blueprint to a small business network. The redundancy in device functionality in the SAFE Enterprise blueprint is removed to achieve cost-effective deployment of security throughout the network.
The SAFE blueprint for VPN (IPsec based) is discussed in detail in the Cisco White pager "SAFE VPN : IPSec Virtual Private Networks in Depth". The paper includes specific design considerations and best-practice recommendations for enterprise IPSec VPN deployment. The design objectives used in the SAFE VPN include :
- The need for secure connectivity
- Reliability, performance, and scalability of the design
- Options for high availability
- Authentication of users and devices in the VPN
- Secure management of the VPN and devices attached
- Security and attack mitigation before and after IPSec tunnels
- Security and attack mitigation based on policy
- Authentication and authorization of users to wired network resources
- Wireless data confidentiality
- User differentiation
- Access point management
- Authentication of users to network resources
- Options for high availability (large enterprise only)
- Security and attack mitigation based on policy
- Quality of service
- Reliability, performance, and scalability
- Authentication of users and devices (identity)
- Options for high availability (some designs)
- Secure management
SAFE Blueprint for Enterprise Large Network
SAFE Blueprint for Middle Size NetworkSAFE Blueprint for Middle Size Network
SAFE Blueprint for Small Size Network
No comments:
Post a Comment