Cisco Cisco ASA 5585-X with No Payload Encryption 백서

 

 

- 4 - 

©Nemertes Research 2008 

In order to address such challenges, organizations must adopt security 

technologies that are able to protect the upper reaches of the network stack in the 

same way that firewalls protect the lower levels.  

The security architecture of the emerging dynamic data center has to 

address both the mutability of the infrastructure and the fact that so much 
function will be channeled through standards-based, upper-layer formats such as 

XML  and  SIP.    It  must  itself  be  dynamic  and  virtual,  identity  aware,  and  both 

format- and content-sensitive.  

Dynamic security will match servers and applications in its mobility, 

tracking them through their production lifecycles: encrypted VPNs, access 

control lists, or even complete virtualized security appliances will come into 
existence when the servers and services they need to protect do, and will 
disappear again when those servers or services disappear. Some of this dynamic 
security will be based within the virtual servers or dynamically-instantiated 

applications themselves.  Some will exist within virtual environments, some at 
the hypervisor level.  The parts outside these virtual environments will be aware 
of what has happened inside them and adapt as components come and go. 

(Please see Figure 1:  Security in Dynamic, Virtualized Environments, below.) 

Identity becomes central to security in this new data center, the base for 

defining security around data and among systems.  Identity management will 
encompass, not just users, but also these dynamic, transient components and