Cisco Cisco ASA 5555-X Adaptive Security Appliance White Paper
Cisco and Public Sector Cyberdefense
2
On January 8, 2008 President George W. Bush set forth the nation’s
largest cybersecurity initiative to date by signing Presidential Directive
54 and Homeland Security Presidential Directive 23. These executive
directives formally declare the cyberinfrastructure of the United States
a national security asset and its criticality to the diplomatic, intelligence,
military, and economic well-being of the nation. More recently, President
Obama reaffirmed and extended this prioritization of cybersecurity
and announced plans for a new office at the White House led by a
cybersecurity coordinator.
largest cybersecurity initiative to date by signing Presidential Directive
54 and Homeland Security Presidential Directive 23. These executive
directives formally declare the cyberinfrastructure of the United States
a national security asset and its criticality to the diplomatic, intelligence,
military, and economic well-being of the nation. More recently, President
Obama reaffirmed and extended this prioritization of cybersecurity
and announced plans for a new office at the White House led by a
cybersecurity coordinator.
“Protecting this infrastructure will be a national security
priority. We will ensure that these networks are secure,
trustworthy, and resilient.” Obama said. “We will deter,
prevent, detect, and defend against attacks and recover
quickly from any disruptions or damage.”
priority. We will ensure that these networks are secure,
trustworthy, and resilient.” Obama said. “We will deter,
prevent, detect, and defend against attacks and recover
quickly from any disruptions or damage.”
1
As a leader in the area of information security and a trusted advisor
to many agencies within the federal government, Cisco is in a unique
position to help provide the commercial off-the-shelf (COTS) elements
for achieving these cybersecurity goals. Cisco provides an integrated
approach to defense in depth that aligns with the government’s strategy
for information and systems security.
to many agencies within the federal government, Cisco is in a unique
position to help provide the commercial off-the-shelf (COTS) elements
for achieving these cybersecurity goals. Cisco provides an integrated
approach to defense in depth that aligns with the government’s strategy
for information and systems security.
Providing cybersecurity requires a network-level approach, with specific
emphasis on four different areas:
emphasis on four different areas:
• Assessment:
The first task in any comprehensive security
plan requires technology for assessing risk within the existing
infrastructure. The topics in this category address approaches,
methods, technologies, and tools for evaluating, testing, and
measuring security and risk in IT infrastructure components and
systems and in the infrastructure as a whole.
infrastructure. The topics in this category address approaches,
methods, technologies, and tools for evaluating, testing, and
measuring security and risk in IT infrastructure components and
systems and in the infrastructure as a whole.
• Prevention:
This category focuses on the set of security capabilities,
practices, and processes that are targeted at the prevention of well-
known cybersecurity attacks and control of access to resources by
valid consumers.
known cybersecurity attacks and control of access to resources by
valid consumers.
• Detection:
This action focuses on automatically detecting activity
outside the normal bounds of acceptable behavior and activity
violating, or potentially violating, the defined security policy.
violating, or potentially violating, the defined security policy.
• Response and recovery:
The category contains a collection of
capabilities that provide automatic protective actions in the face of an
attack and capabilities for analyzing and assessing damage as a result
of an attack. The capabilities for response are intended to prevent
pending attacks and mitigate the effects of an attack in progress in
order to minimize damage or restore normal system and network
operations. The capabilities for investigation are intended to provide
tools and services for analyzing attacks, assessing attack damage, and
gathering forensic evidence.
attack and capabilities for analyzing and assessing damage as a result
of an attack. The capabilities for response are intended to prevent
pending attacks and mitigate the effects of an attack in progress in
order to minimize damage or restore normal system and network
operations. The capabilities for investigation are intended to provide
tools and services for analyzing attacks, assessing attack damage, and
gathering forensic evidence.
Cybersecurity is not limited to a single portion of the network. An
effective cybersecurity plan must be networkwide. Moreover, certain
portions of the network will have specific security requirements based
on the role the switches and routers play in that security domain.
An access-layer switch, for example, will have different security
requirements than an Internet router. In the remainder of this document,
we will explore the differing places in the network and the security
technologies that can be deployed to achieve the goals of assessment,
prevention, detection, response, and recovery.
effective cybersecurity plan must be networkwide. Moreover, certain
portions of the network will have specific security requirements based
on the role the switches and routers play in that security domain.
An access-layer switch, for example, will have different security
requirements than an Internet router. In the remainder of this document,
we will explore the differing places in the network and the security
technologies that can be deployed to achieve the goals of assessment,
prevention, detection, response, and recovery.
1
Washington Post, “Obama:
Cyber Security Is a National
Security Priority,”
May 29, 2009.
Security Priority,”
May 29, 2009.
Overview
Continue
Previous