Cisco Cisco ASA 5585-X with No Payload Encryption 백서
- 4 -
©Nemertes Research 2008
In order to address such challenges, organizations must adopt security
technologies that are able to protect the upper reaches of the network stack in the
same way that firewalls protect the lower levels.
Custom Tailored Fit
The security architecture of the emerging dynamic data center has to
address both the mutability of the infrastructure and the fact that so much
function will be channeled through standards-based, upper-layer formats such as
function will be channeled through standards-based, upper-layer formats such as
XML and SIP. It must itself be dynamic and virtual, identity aware, and both
format- and content-sensitive.
Dynamic security will match servers and applications in its mobility,
tracking them through their production lifecycles: encrypted VPNs, access
control lists, or even complete virtualized security appliances will come into
existence when the servers and services they need to protect do, and will
disappear again when those servers or services disappear. Some of this dynamic
security will be based within the virtual servers or dynamically-instantiated
existence when the servers and services they need to protect do, and will
disappear again when those servers or services disappear. Some of this dynamic
security will be based within the virtual servers or dynamically-instantiated
applications themselves. Some will exist within virtual environments, some at
the hypervisor level. The parts outside these virtual environments will be aware
of what has happened inside them and adapt as components come and go.
the hypervisor level. The parts outside these virtual environments will be aware
of what has happened inside them and adapt as components come and go.
(Please see Figure 1: Security in Dynamic, Virtualized Environments, below.)
Identity becomes central to security in this new data center, the base for
defining security around data and among systems. Identity management will
encompass, not just users, but also these dynamic, transient components and
encompass, not just users, but also these dynamic, transient components and
Figure 1: Security in Dynamic, Virtualized Environments
Virtual
Security
Appliance
Virtual Host-
based
security
V-servers
Hypervisor
Hypervisor
Secure Hardware
Network
Security
Security
Devices
Security
Policy
Manager