Белая книга для Cisco Cisco ASA 5585-X Adaptive Security Appliance
Cisco and Public Sector Cyberdefense
24
Assessment in the WAN
With many remote agency offices, and without dedicated security administrators
at each office, providing consistent security policies throughout the WAN can be
a challenge.
at each office, providing consistent security policies throughout the WAN can be
a challenge.
Cisco AutoSecure provides vital security requirements to networks
by incorporating a straightforward “one touch” device lockdown process. Cisco
AutoSecure enables rapid implementation of security policies and procedures to
simplify the security process, without having to understand all the Cisco IOS Software
features and execute each of the many command line interface (CLI) commands
manually. This feature uses a single command that instantly configures the security
posture of routers and disables nonessential system processes and services, thereby
eliminating potential security threats.
AutoSecure enables rapid implementation of security policies and procedures to
simplify the security process, without having to understand all the Cisco IOS Software
features and execute each of the many command line interface (CLI) commands
manually. This feature uses a single command that instantly configures the security
posture of routers and disables nonessential system processes and services, thereby
eliminating potential security threats.
• Disabling often unnecessary and potentially insecure global services
• Enabling certain services that help further secure often necessary global services
• Disabling often unnecessary, and potentially insecure interface services, which can
be configured on a per interface level
• Securing administrative access to the router
• Enabling appropriate security-related logging
With highly sensitive and confidential information such as national security-related
information, social security numbers, and health-related data traversing your WAN,
having a highly reliable firewall at your WAN edge is critical in keeping unauthorized
visitors from accessing valuable and highly confidential resources. Instead of providing
only point products that set a base level of security, Cisco embeds network firewall
security throughout the network and integrates security services in all its products. As
a result, network firewall security becomes a transparent, scalable, and manageable
aspect of your federal infrastructure.
information, social security numbers, and health-related data traversing your WAN,
having a highly reliable firewall at your WAN edge is critical in keeping unauthorized
visitors from accessing valuable and highly confidential resources. Instead of providing
only point products that set a base level of security, Cisco embeds network firewall
security throughout the network and integrates security services in all its products. As
a result, network firewall security becomes a transparent, scalable, and manageable
aspect of your federal infrastructure.
A key such firewall functionality for your WAN edge on the Cisco ASR 1000 Series
Routers is the
Routers is the
Cisco IOS Zone-Based Firewall, which performs multigigabit stateful
firewall inspection, facilitating an ideal single-box security and routing solution for
protecting the WAN entry point into the network. The firewall service is embedded
in the Cisco QuantumFlow Processor within the Cisco ASR 1000 Series Routers: no
additional firewall blades or modules are required. Simultaneously, the system can
perform other functions such as QoS, IPv4, IPv6, NetFlow, and so on at multigigabit
speeds.
protecting the WAN entry point into the network. The firewall service is embedded
in the Cisco QuantumFlow Processor within the Cisco ASR 1000 Series Routers: no
additional firewall blades or modules are required. Simultaneously, the system can
perform other functions such as QoS, IPv4, IPv6, NetFlow, and so on at multigigabit
speeds.
Continue
Previous