Белая книга для Cisco Cisco ASA 5585-X Adaptive Security Appliance
Cisco and Public Sector Cyberdefense
17
Response and
Recovery in the
Data Center
Recovery in the
Data Center
Technology
Benefit
NSF/SSO for Multicast
The Cisco Catalyst 6500 Series Switch can extend its NSF/SSO support (discussed earlier) to include
extremely fast recovery for multicast streams.
extremely fast recovery for multicast streams.
Protocol Independent Multicast (PIM)
Register Accept
Register Accept
Prevents unauthorized sources from initiating multicast streams on a network. Avoids multicast
spoofing.
spoofing.
Hot Standby Router Protocol
One of several first-hop routing protocols (alongside Virtual Router Redundancy Protocol [VRRP] and
Gateway Load Balancing Protocol [GLBP]) that provide redundant and resilient paths for data exiting the
data center. A typical deployment would be to have parallel routers or switches front-ending the server
farm.
Gateway Load Balancing Protocol [GLBP]) that provide redundant and resilient paths for data exiting the
data center. A typical deployment would be to have parallel routers or switches front-ending the server
farm.
Portfast
BPDU Guard
Unidirectional Link Detection
Loop Guard
Root Guard
Multiple Spanning Tree (IEEE 802.1s)
Rapid Spanning Tree (IEEE 802.1w)
BPDU Guard
Unidirectional Link Detection
Loop Guard
Root Guard
Multiple Spanning Tree (IEEE 802.1s)
Rapid Spanning Tree (IEEE 802.1w)
A suite of protocols designed to provide better stability, scalability, and faster convergence for the
Spanning Tree Protocol in the Layer 2 portion of the data center.
Spanning Tree Protocol in the Layer 2 portion of the data center.
IP SLA Tracking
Cisco IP SLAs can be used to monitor the availability of devices or services in the data center (or
at other places in the network as required). The tracking feature of IP SLAs allows it to communicate
availability failures to other protocols such as HSRP or EEM and to take user-defined corrective actions.
at other places in the network as required). The tracking feature of IP SLAs allows it to communicate
availability failures to other protocols such as HSRP or EEM and to take user-defined corrective actions.
Table 4 Additional Data Center Technologies
platform is designed to serve as a last line of defense for servers and
applications in data centers. The Cisco ACE appliance performs deep
packet inspection and blocks malicious attacks.
applications in data centers. The Cisco ACE appliance performs deep
packet inspection and blocks malicious attacks.
•
IronPort Email and Web Security Appliances: By reducing the
downtime associated with spam, viruses, and blended threats,
IronPort email security appliances improve the administration of email
systems, reduce the burden on technical staff, and provide state-of-
the-art network protection. IronPort email security appliances provide
a multilayer approach to stopping email-based threats. For spam
protection, email and web reputation filtering technology is combined
with Cisco IronPort Anti-Spam. Cisco IronPort Virus Outbreak Filters are
paired with fully integrated traditional antivirus technology to enable
powerful virus defense. Cisco IronPort PXE encryption technology fulfills
downtime associated with spam, viruses, and blended threats,
IronPort email security appliances improve the administration of email
systems, reduce the burden on technical staff, and provide state-of-
the-art network protection. IronPort email security appliances provide
a multilayer approach to stopping email-based threats. For spam
protection, email and web reputation filtering technology is combined
with Cisco IronPort Anti-Spam. Cisco IronPort Virus Outbreak Filters are
paired with fully integrated traditional antivirus technology to enable
powerful virus defense. Cisco IronPort PXE encryption technology fulfills
secure messaging, compliance, and regulatory requirements.
As the data center is where most of the valuable data sources in a network
reside, providing security in the data center extends beyond preventing
cyberattacks. It also requires providing a stable and highly resilient
infrastructure. Table 4 contains a list of additional technologies that should
be considered for deployment in the data center to help increase the
availability and security of data center assets.
Nor should it be forgotten that the data center is also susceptible to the
same sorts of threats detailed in the “Securing the LAN” portion of this
document. Figure 6 illustrates a typical data center with appropriately
deployed security services. Depending on the requirements, the data
center services layer could be collapsed into a pair of redundant service
switches.
reside, providing security in the data center extends beyond preventing
cyberattacks. It also requires providing a stable and highly resilient
infrastructure. Table 4 contains a list of additional technologies that should
be considered for deployment in the data center to help increase the
availability and security of data center assets.
Nor should it be forgotten that the data center is also susceptible to the
same sorts of threats detailed in the “Securing the LAN” portion of this
document. Figure 6 illustrates a typical data center with appropriately
deployed security services. Depending on the requirements, the data
center services layer could be collapsed into a pair of redundant service
switches.
Continue
Previous