Cisco Cisco Catalyst 6500 Series Firewall Services Module Guía De Información
All contents are Copyright © 1992–2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 5
EXECUTIVE SUMMARY
Harvard University Information Systems
(UIS), and prominent northern California-
and Georgia-based universities (names
withheld per the universities’ requests)
(UIS), and prominent northern California-
and Georgia-based universities (names
withheld per the universities’ requests)
●
Education and research
BUSINESS CHALLENGE
●
Protect the university community against
network-borne threats without obstructing open
communications and research
communications and research
●
Adapt security policies to the needs of
individual groups
●
Maintain network performance, avoid
management complexity, and contain costs
NETWORK SOLUTION
●
Firewall modules deployed in existing Cisco
switches
●
Each group given its own security context
●
Transparent firewall enables quick deployment
BUSINESS RESULTS
●
Provides strong, comprehensive security
●
Maintains high network performance levels
●
Simplifies security implementations and
management
●
Helps reduce manpower requirements and
expenses
Customer Case Study
Cisco Integrated Firewall Services Modules Safeguard Diverse
Academic Resources
Academic Resources
Switch-Based Firewall Modules Enforce Wide-Ranging Security Policies at Three Leading U.S. Universities.
BUSINESS CHALLENGE
Each of the many academic departments, schools, research institutes, laboratories,
business offices, classrooms, dormitories, and other campus facilities that make up a
world-class university has its own unique computing and networking requirements. And
a university’s need to protect information resources from externally and internally
generated threats has never been greater. But network expertise can vary greatly among
the individual groups, and users’ exposure to security risks also varies depending on the
sort of work that they do and the type and amount of information that they exchange.
Adding to the challenge are the university’s independent-minded faculty, staff, and
students, who often voice concerns that a stronger security profile could limit their
research or discourage collaboration.
“In a corporate environment, the IT group might install central firewalls that strictly
control the network border, but this university campus wanted a border that is more open
to encourage information interchange,” says David Paul Zimmerman, senior network
architect for Information Services and Technology (IST) at a prominent northern
California university. “Initially network-level firewalls were installed by individual
departments, with IST providing architectural guidance and network services. We needed
to help ensure that departments continued to have the functionality that they wanted, but
we also wanted to make sure that central network management would not be impeded.”
Many academic groups within a university are capable of running their own firewalls,
and indeed may have been doing so for years. But there are dangers to this independent
approach. “At our university there were a lot of security ‘entrepreneurs’ doing their own thing, some better than others,” says the director
of academic research and research technologies at a prestigious Georgia-based university. “What really worried us was when systems got
infected or compromised and caused problems for other groups. That required a huge expenditure of resources. In addition, we needed to
design a security infrastructure that would preserve the high performance and bandwidth that users had come to expect from the network.”
Besides their diversity, the sheer magnitude of some academic networks presents daunting challenges. “Some access control lists (ACLs)
were exceeding 3000 lines and we were running into resource walls,” says Jay Tumas, Harvard UIS’s network operations manager. “Even
though there was plenty of processing power, the size and complexity of what people wanted to do with ACLs was not working for us. We
needed a way to let the individual departments manage the lists locally.”
NETWORK SOLUTION
To help implement stringent yet flexible network security, all three universities chose to install Cisco
®
Firewall Services Modules
(FWSMs) on their existing Cisco Catalyst
®
6500 Series switches.