Cisco Cisco ASA 5545-X Adaptive Security Appliance Ficha De Dados
White Paper
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 3
APPLICATION SECURITY
INSPECTION ENGINES IN THE
CISCO ASA 5500 SERIES
●
Web browsing (HTTP)
●
Electronic mail (SMTP/eSMTP)
●
Enterprise IP telephony (SIP, H.323, SCCP)
●
Provider voice services (MGCP, GTP)
●
File transfers (FTP)
●
Tunneled applications (peer-to-peer
or instant messaging)
●
Domain Name System (DNS)
●
And many more!
Securing Business Applications with Cisco ASA 5500
Series
Series
A new level of application security provided by Cisco ASA 5500 adaptive security
appliances.
Network security threats increasingly target the application layer. Network and security
administrators are often forced to make difficult compromises between deploying new
services to increase business productivity and protecting those services from attack. The
new Cisco ASA 5500 Series of adaptive security appliances breaks the cycle of
compromise by allowing rapid, robust, and secure deployment of new applications.
Overview
Networked applications form a critical element of the business infrastructure. Traditional security
solutions lack the breadth of application coverage, the depth of inspection services, the integral
network services, and the level of performance required to defend these applications against
attack. The Cisco
®
ASA 5500 Series enables a new class of uncompromising application security,
meeting the challenge of protecting networked applications from both today's and tomorrow's
threats.
Challenge
The explosive growth of the Internet has caused a rapid migration of business processes onto the
network. Networked applications form the backbone of these business processes. Applications
such as Web browsing, e-mail communications, and IP telephony are core elements of the
business infrastructure. Messaging and presence applications (instant messaging, for example)
are increasingly seen as valuable business tools for communication among employees, as well as
with partners and customers. Coupled with the deployment of high-performance networks,
networked applications have enabled great gains in business productivity.
As organizations increase their reliance on the
network, the availability and integrity of these
applications becomes critical to doing business.
Enforcing the security policies designed to ensure
this availability, however, is becoming more difficult,
with tools for the misuse or abuse of applications
enabling users to circumvent traditional security
technologies. Indeed, applications such as peer-to-
peer file sharing networks are increasingly integrating
such tools directly into the applications themselves.
Application behavior such as "port-hopping" and
tunneling allows applications to intelligently scan for
and find open ports in the firewall, such as for Web
browsing (port 80), and to tunnel themselves through those openings-making it virtually impossible
for a traditional security device to enforce network segmentation and acceptable-use policies. This