Data Center Security Overview - Cisco
-
Upload
jamile-katiuska-garcia-zarcos -
Category
Documents
-
view
214 -
download
0
Transcript of Data Center Security Overview - Cisco
-
7/30/2019 Data Center Security Overview - Cisco
1/10
Cisco Systems, Inc.
All contents are Copyright 19922004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 1 of 10
THE CISCO BUSINESS READY DATA CENTER
DATA CENTER SECURITY SOLUTIONS
CHALLENGES
Data centers are attractive targets for malicious activity. Improperly secured datacenters are targets
of hackers andworms, which cancause considerable havoc and costlydamage. Unfortunately, data
centers assembled quickly during the economic boom of the 1990s were rarely built with an
emphasis on security, and the many application and storage islands resulting from these effortsare often vulnerable to attack and compromise. Internet worms and viruses proliferate in part
because of inconsistent, inadequate security technologiesandprocedures in datacenters worldwide
In support of management goals to protect, optimize and grow the business, many IT organizations
are consolidating data center resources, such as servers, storage, networks, andapplications. IT and
network managers must consider how these changes affect both security posture and application
resilience. In the past, managers relied upon physical application isolation or perimeter defense for
security. This is inadequate to defend resources and applications from attacks, which continuously
become more sophisticated and dangerous. Any script kiddie can download hacker tools from a
Web site and inflict considerable damage to poorly protected data centers. Attacks progress faster
than ever. More damage occurs in a few seconds today than was possible in a few days five years
ago. The Slammer, Blaster, and MyDoom worms took only minutes to circle the globe. Therefore,
data centers need defenses that provide day-zero attack mitigation.
Threats from inside the enterprise can be even more damaging because hackers exploit detailed
knowledge of the organization to wreak serious financial damage inadvertently or deliberately.
These hackers can include employees, temporaryworkers, and consultants. To protect applications,
data center managers must use modern technologies that limit user access to only those resources
they need to do their job.
It is essential that security and network managers collaborate to understand the particular
vulnerabilities and threats to data center resources, so that they can develop a robust network
security architecture. Vulnerabilities and threats can prevent users from accessing mission-critical
applications, directly disrupt application operation, or compromise confidential and valuableinformation. Threats can include the following:
Attacks on mission-critical applications, application servers, databases, database servers, and
storage resources through buffer overflows, malicious worms, viruses, and administrative
access breaches
Vulnerabilities resulting from misconfigured systems andincorrect or outdatedsoftwareexpose
IT managers to the time-consuming task of operating system and patch updates, resulting in
possible system downtime and productivity loss
Solution Overview
An integrated, defense-in-depth approach to securing consolidated data centers
EXECUTIVE SUMMARY
Data center managers consolidating data center
resources for greater efficiency must consider
how these changes affect security. Cisco
Systems offers an integrated, defense-in-depth
data center security strategy that enablesmanagers to partition data centers into security
zones that applyappropriate security policies to
each application, while containing the potential
impact of virus or worm attacks. This strategy
takes advantage of the Business Ready Data
Center architecture and integrated security in
Cisco networking platforms.
-
7/30/2019 Data Center Security Overview - Cisco
2/10
Cisco Systems, Inc.
All contents are Copyright 19922004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 2 of 10
Attacks on network systems and devices such as routers, switches, and firewalls through administrative access breaches
Threats to the network infrastructure through distributed denial of service (DDoS) and syn flood attacks
CISCO BUSINESS READY DATA CENTER
The Cisco Business Ready Data Center is a cohesive network architecture that supports immediate data center demands such
as consolidation, business continuance and security, while enabling the data center for emerging service-oriented and utility
computing technologies such as blade servers, virtualization, Web services, and GRID. Through this architecture Cisco
Systems, the worldwide leader in data center networking, offers IT and network managers the end-to-end, defense-in-depth
security strategies and solutions they need to prevent or contain data center attacks. Based on an intelligent network
foundation, the Cisco Business Ready Data Center addresses immediate security threats and provides a roadmap to achieve
advanced networking systems suchas self-defending networks. Cisco helps IT managersadopt thisarchitecture to reduce risk
time, and investment with tested and validated reference architectures, proven design best practices, and both generic and
partner-specific configuration templates. Its flexibility allows enterprises to deploy the compute, storage, and software
technologies that best support their business goals and enables more efficient implementation of new services, andapplications. By taking action to implement this adaptive data center networking architecture, IT organizations are well
positioned to advance management goals to protect, optimize, and grow the business. It protects critical applications and
confidential data; it enhances data center operational efficiencies, and rapidly creates new secure application environments to
support new business processes. With a highly resilient, efficient, and adaptive data center network in place, businesses can
realign resources for growth by addressing competitive pressures, extending market reach, and speeding time-to-market of
new services.
The Cisco Business Ready Data Center architecture is comprised of three tiers (Figure 1):
The FOUNDATION INFRASTRUCTURE includes the intelligent IP network infrastructure, intelligent storage
networking and data center interconnect
NETWORK SYSTEM INTELLIGENCE includes security, delivery optimization, manageability, and availability
EMBEDDED APPLICATION AND STORAGE SERVICES include, storage virtualization, data replication and
distribution and advanced application services
-
7/30/2019 Data Center Security Overview - Cisco
3/10
Cisco Systems, Inc.
All contents are Copyright 19922004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 3 of 10
Figure 1
Security: Integral to the Business Ready Data Center Architecture
A DEFENSE-IN-DEPTH DATA CENTER SECURITY STRATEGY
Cisco data center security strategies recognize that security is a continuous process that should be integrated with data center
operations, communicated to the user community, and incorporated into the organizations culture and way of doing business.
Successful security strategies employ the concept of defense in depth, which uses multiple layers and complementary
functions to mitigate threats throughout the data center.
Any security strategy begins with a security policy, which aligns business needs with security goals and defines how to
implement them through processes and technologies. One component of the security policy should address the particular
requirements of the data center, its specific application requirements, and user group authentication and authorization
permissions for each application. An effective security policy results from collaboration among all stakeholders in the data
center, which includes its management teams, the executive board, and user groups throughout the organization. The policy
determines securitydesign,management processes, andtechnologies thatenablepolicy implementationandenforcement.The
policy is not static and should be refined and adjusted as the security posture changes.
A security posture assessment can identify specific vulnerabilities and risks within the existing environment and recommend
ways to mitigate them. These recommendations should be incorporated intothe securitypolicy andconsistentlyenforced. The
network is an essential component of the security posture because it connects applications and users. The network shouldprovide a solid first layer of defense, complementing operating system and application level security. The network creates a
secureenvironment not only at theperimeter but also in security zones throughoutthe data center. Separating thenetwork into
virtual compartments allows security managers to consolidate resources in a cost-effective manner and control user access to
each application.
The Cisco Business Ready Data Center achieves optimal end-to-end security, performance, and manageability by integrating
securitydirectlyinto thenetwork infrastructure. It takes advantage of theadvanced integrated securitycapabilitiesof theCisco
Catalyst switching and Cisco MDS intelligent storage networking platforms. Integrated security software and service
Data Replication and Distribut ionVirtualization Services
Advanced Application Services
EmbeddedApplication
and Storage
Services
Security
Delivery Optimization
Manageability
Availability
Network
System
Intelligence
Foundation
Infrastructure
Intelligent
IP Network
Infrastructure
Intelligent
Storage
Networking
Storage
Resources
Compute
ResourcesUsers
50G
50G
50G
50G
50G
-
7/30/2019 Data Center Security Overview - Cisco
4/10
Cisco Systems, Inc.
All contents are Copyright 19922004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 4 of 10
modules for the Cisco Catalyst 6500 Series switch offer firewall, intrusion detection system (IDS), Secure Sockets Layer
(SSL), and IP Security (IPSec) virtual private network (VPN) services at the higher performance levels required for
bandwidth-intensive datacenter environments. In thestorage network, theCisco MDS9000Series Multilayer DirectorSwitch
offers virtual storage area network (VSAN) and advanced security services.
Complementing these integrated security products is a variety of additional security technologies in the following categories
Threat defenseWatches for improper behavior in the network; examples include firewalls and intrusion detection/
prevention systems (IDS/IPS)
Trust and identity managementPermits or denies services to devices and users based on policies; examples include
RADIUS access control servers
Secure connectivityProvides confidentiality across links; for example, a VPN with encryption
These solutions are detailed below in the section titled Cisco Security Solutions.
BUSINESS BENEFITSThe Cisco security strategy for the data center delivers the following business benefits:
Defense in depthMitigates known and unknown risks and threats at many layers
Secured consolidationSegments consolidated infrastructures intosecurityzones thatcontain the spread of an attack and
provide strong access controls
Day-zero attack mitigationBy looking for and stopping suspicious behaviors
Greater service integrityProtects and validates confidential data on servers and storage devices
Easier management and lower cost of ownershipThrough centralized management tools that automate configuration
and monitoring, enable consistent technology deployment, and enforce security policies throughout the data center
FlexibilityRapidly adapting to ever-changing threats
Lower capital expendituresBy consolidating and virtualizing security functions across fewer physical devices
SECURITY ARCHITECTURE
Implementing data center security requires the management staff to prioritize security goals for cost reasons. With a clearly
defined security policy, security managers and data center and network managers can collaborate to prepare security
architecture that protects the consolidated data center.
For optimal data center design using integrated security services modules, Cisco recommends that data center managers
implement a dedicated services layer between the access and core layers, enabling distributed security services in the most
cost-effective, high-performance manner.
-
7/30/2019 Data Center Security Overview - Cisco
5/10
Cisco Systems, Inc.
All contents are Copyright 19922004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 5 of 10
Implementing Data Center Security
Witha security policy in place that alignsasset protection with businessgoals,Cisco recommends that security managers take
the following steps to secure their data centers:
Define security zones and set security levels for each zoneThese separate the data center into areas that are logically
separated from one another to contain an attack at minimal impact. Zones can support individual applications or
application tiers, groups of servers, database servers, Web servers, e-commerce zones, and storage resources (Figure 2).
User access can be limited to Web servers, protecting the application and database tiers from accidental or malicious
damage. Communication between applications can be limited to specific traffic required for application integration, data
warehousing, and Web services. Zones can provide logical separation of each applications storage environment across a
scalable, consolidated storage network. To achieve this efficiently, firewalls can be integrated and virtualized to provide
secure connectivity between application and server environments (Figure 2).
Figure 2
Security Zones with Integrated and Virtualized Firewalls Ensure Protected Applications on Consolidated Infrastructure
Perform a security posture assessment to identify vulnerabilities and risks, with specific breakdown by host, operating
system, application, data, network devices, and links. This assessment provides vital information for determining
appropriate risk levels for each asset and the maintenance requirements for maintaining each one to the desired security
level and should be incorporated into the security policy.
Enterprise Campus Network Core
Internet
DMZ
Perimeter
Security
Access
Security
Security Zones
(Virtual LANs and
Virtual SANs)
Horizontal and
Vertical Inter-zone
Security Integrated
Firewalls and IDS
App
Internet Server Farm
Web
DB
Web
App
DB
ERP HR Fin E-Mail Web DW SCM
Enterprise Data Center with Consolidated Infrastructure
-
7/30/2019 Data Center Security Overview - Cisco
6/10
Cisco Systems, Inc.
All contents are Copyright 19922004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 6 of 10
Implement endpoint protection for critical servers and hosts. This functionality discovers attacks in progress, protects
operating systems and applications, and sends alarms to the management console when an exploit is detected. Cisco
SecurityAgent, a behavior-based endpoint protection solution, successfully stoppedboth theSlammer andBlaster worms
Implement network IDS for critical network segments, analyzing traffic streams to identify and thwart attacks such as
DDoS and hacker activity. The system alerts the management console and/or invokes an automated response within the
network infrastructure to shun or block attacks as they are identified. IDS can also dynamically command firewalls or
routers to block packets from identified malicious sources, reducing the effort needed to mitigate the attack.
Control access between zones with firewalls and routers. Firewalls provide perimeter control for stateful inspection of
connections to and from the data center while blocking access to nonpublic services and hosts through ingress and egress
filtering. Routers provide Layer 3 segmentation between zones, inter-VLAN routing, bandwidth rate limiting, and traffic
analysis.
Implement containment with private VLANs on switches. When each host or segment has its own VLAN, security
managers canquarantine attacks and prevent their spread to other hosts; hostson each VLAN cancommunicate only with
the default gateway, not with other hosts. Cisco Catalyst Integrated Security features provide comprehensive protection
against hackers trying to gain access to non-authorized VLANs through false addressing mechanisms.
Secure the storage networkTraditional storage environments were considered secure because they were a dedicated
extension to the computing systems they serviced. As dedicated storage and smaller SANs are consolidated into larger
SANs, storage managers cannot depend on security through isolation. Where storage networks are extended beyond the
data center environment, security is required across metropolitan and wide-area networks. Managers must consider SAN
security from four angles:
Securing the SAN from external threats, such as hackers and people with malicious intent
Securing the SAN from internal threats, such as unauthorized staff and compromised devices
Securing the SAN from unintentional threats by authorized users, such as misconfigurations and human error
Securingand isolating eachstorage environment fromother storage environments even if they share the samephysical
network
Deploy Trust and Identity Management services to permit only authorized users and administrators to access data center
resources.
Implement efficient management and monitoring tools for centralized policy provisioning, monitoring, and
troubleshooting of securitycomponents and Cisco IOS Software features.This solutionshould include event monitoring
and correlation to filter alerts sent to the management console. Communication with data center network devices is most
secure using an out-of-band network or through a dedicated administration VLAN. Cisco recommends encrypting
management traffic with SSL, Simple Network Management Protocol (SNMP) version 3, or Secure Shell (SSH)
technology.
-
7/30/2019 Data Center Security Overview - Cisco
7/10
Cisco Systems, Inc.
All contents are Copyright 19922004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 7 of 10
CISCO SECURITY SOLUTIONS
Cisco security solutions take an integrated, systematic approach to enterprise data center security to defend and protect the
organizations business processes and assets. Cisco separates its security products into three categories: threat defense, trust
and identity management, and secure connectivity. Much of this functionality is available through Cisco IOS Software,
integrated security services modules for the Cisco Catalyst 6500 platform, and integrated security on the Cisco MDS 9000
Series switches. Following is a partial list of Cisco security products that are most relevant to securing the data center.
Security hardware modules for the Cisco Catalyst 6500 platform add much-needed security services to the network without
affecting performance. The integration of advanced network services offers many advantages over multiple standalone
appliances. Integration into the Catalyst chassis conserves rack space and minimizes the requirednumber of interconnections,
simplifying deployment. Modules typically offer greater performance and more ports than their appliance counterparts,
increasing scalability. Unlike appliances, integrated modules can use native Cisco IOS Software and Catalyst intelligence,
such as VLANs and quality of service (QoS), allowing tighter integration of advanced network services for an efficient,
responsive infrastructure.
Threat Defense
Threat defense security solutions mitigate network and host attacks caused by viruses, worms, DDoS attacks, and other
malicious network traffic. Deploying these solutions throughout the data center isolates and blocks intruders, rogue
applications, and other unwanted traffic. Some of these products include:
Cisco Catalyst 6500 Series Firewall Services Module (FWSM)Based on Cisco PIX firewall technology, the FWSM
delivers security, reliability, and performance with the leading firewall data rates in the industry: 5-Gbps throughput,
100,000 connections per second, and up to one million concurrent connections. Up to four FWSMs can be installed in a
single chassis, providing scalability to 20 Gbps per chassis.
Catalyst 6500 Series Intrusion Detection System (IDSM-2) Services ModuleAn essential intrusion protection solution
for safeguarding organizations fromcostly anddebilitatingnetwork breachesfrommalicious Internetworms, DoSattacks
and e-business application attacks. Cisco IDSM-2 works with other integrated components, increasing the operating
efficiency of intrusion protection to secure the data center network.
Cisco Security Agent protects endpoints through behavioral-based intrusion detection to protect hosts from system level
attacks.
Trust and Identity Management
These solutions enable access to network services and data center resources by authorized users, administrators, and
applications. Examples of these solutions follow:
Embedded Cisco IOS Software technologiesA wealth of features enable appropriate access control and other security
functions.
Cisco Secure Access Control Server (ACS)Enables central administration of user authentication, authorization, and
accounting (AAA) services. The ACS is also the central administration for the pending Network Admission Control
solution.
-
7/30/2019 Data Center Security Overview - Cisco
8/10
Cisco Systems, Inc.
All contents are Copyright 19922004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 8 of 10
Cisco Network Admission Control (NAC)Cisco dramatically enhances the day-zero antivirus and antiworm
functionality of Cisco Security Agent with NAC. Available in mid-2004, NAC allows enterprises to discover operating
system patch, antivirus, and hotfix status of user devices requesting data center access. It relegates noncompliant and
potentiallyvulnerable systems to environments with limited or no network access. Noncompliant endpoints can be denied
access, placed in quarantine, or given restricted access to computing resources, perhaps to allow upgrades and patches to
attain policy conformance.
Secure Connectivity
Securing connections within and between data centers, these solutions offer standards-based VPN and encryption techniques
to ensure data integrity. They are appropriate across the optical connections between multiple data centers or to offsite data
storage facilities. Following are examples of secure connectivity products:
Cisco Catalyst6500SSL ServicesModuleDramatically accelerates performance and enhancessecurity of Web-enabled
applications, providing comprehensive, secure content networking while guaranteeing a persistent customer experience.
Cisco IPSec VPN Services ModuleA high-speed module for Cisco Catalyst 6500 Series switches that integrates IPSecVPN services into the infrastructure, meeting the need for secure connectivity at increased bandwidth between data
centers.
VSANAnalogous to a VLAN, a VSAN allows storage managers to create multiple logical SANs over a common
physical infrastructure. EachVSAN runs its ownset of fabric services, providing for absolutepartitioning between virtual
fabrics. This is only one of the security features of the Cisco MDS 9000 Series.
Data Center Security Management
Security management is essential for spotting and blocking violations before damage occurs. It is impossible to measure the
value of user trust indata centerresources or the damageto an organization should a security breachcompromisedata integrity
or shut down applications or servers. Therefore, security managers must meet the highest standards for ease of use,
automation, data processing, and rapid, appropriate responses.
Effective provisioning is vital because it directs devices how to identify and respond to potential intrusions and eliminate
vulnerabilities. Change management should be easy, giving security managers automated tools to update devices to watch for
threats. Monitoring is the heart of security management, and administrators need tools that digest the massive amount of data
generated by security components, identify suspicious activity, and proactively respond to threats. Troubleshooting is
necessary for trusting multiple security levels to work together effectively.
CiscoWorks accommodates role-based security management services, with workflow automation and future service
virtualization capabilities that accurately speed and simplify management activities. CiscoWorks standards-based APIs allow
integration with third-party management and billing applications.
CiscoWorks offers data center managers two powerful security management applications:
CiscoWorks VPN/Security Management Solution (VMS) protects organizational productivity by combining Web-based
tools for configuring, monitoring, and troubleshooting VPNs, firewalls, and network- and host-based IDSs. CiscoWorks
VMS also delivers network device inventory, change audit, and software distribution features.
-
7/30/2019 Data Center Security Overview - Cisco
9/10
Cisco Systems, Inc.
All contents are Copyright 19922004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 9 of 10
CiscoWorks Security Information Management Solution (SIMS) collects, analyzes, and correlates security event data
from across the enterprise, so security managers can detect and respond to suspicious events as they occur. Based on the
award-winning netForensics version 3.1 software, SIMS delivers complete event monitoring in multivendor security
environments, real-time event correlation to detect both known and unknown threats, advanced visualization for fast and
intuitive security monitoring, integrated risk assessment to understand the overall vulnerability of any particular asset
within the enterprise, and comprehensive reporting and forensics for all levels of security operations.
CiscoView Device Manager for the Cisco Catalyst 6500 Series Switch resides in the switch and manages several Layer 2
and Layer 3 features for a single chassis. A task-based tool, CiscoView Device Manager eases the initial setup and
deployment of end-to-end services across modules by offering configuration templates based on recommended practices.
SECURITY PARTNERSHIPS
Cisco network solutions for the data center form a robust foundation that allows enterprises to transform data centers into
strategic assets. Cisco intelligent networking and storage technologies provide the foundation of solutions by leading data
center vendors. Cisco also collaborates with security industry leaders to facilitate smooth, integrateddelivery of a secure datacenter infrastructure that enterprises can tailor to their unique requirements today and adjust easily as they grow and change.
These partnerships give datacenter managers the resources they needto design,deploy, andmaintainagile, secure datacenters
that effectively support their business goals.
CISCOTHE TRUSTED LEADER IN DATA CENTER SECURITY
The enterprise data center is the heart of the enterprise network because it contains the data, applications, andother resources
for business. Protecting and ensuring the ongoing availability of these resources is vital to the success of any organization.
Customers, partners, and internal users need to trust that confidential information remains private and reliable. Maintaining
the integrity of the network and its attached resources is vital.
As the market leader in networking and security, Cisco delivers enterprise-wide security solutions within the Cisco Business
Ready Data Center, including design guides and best practices, such as those described in Cisco SAFE blueprints. Cisco and
its partners also offer extensive security professional services to help customers identify their security needs and take
appropriate actions.Cisco security solutions efficiently protect and optimize datacenters while supporting network scalability
and performance. With its integrated, defense-in-depth security solutions, Cisco helps protect data centers from increasingly
damaging and rapidly spreading attacks from both inside and outside the enterprise.
Let Cisco help you protect what is most precious to your businessyour data center.
-
7/30/2019 Data Center Security Overview - Cisco
10/10
Corporate HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706
USAwww.cisco.comTel: 408 526-4000
800 553-NETS (6387)Fax: 408 526-4100
European HeadquartersCisco Systems International BVHaarlerbergparkHaarlerbergweg 13-19
1101 CH AmsterdamThe Netherlandswww-europe.cisco.comTel: 31 0 20 357 1000Fax: 31 0 20 357 1100
Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706
USAwww.cisco.comTel: 408 526-7660Fax: 408 527-0883
Asia Pacific HeadquartersCisco Systems, Inc.Capital Tower168 Robinson Road
#22-01 to #29-01Singapore 068912www.cisco.comTel: +65 6317 7777Fax: +65 6317 7799
Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed on the
C i sc o We b s i t e a t w w w . c is c o . c o m / g o / o f f i c e s
Argentina Australia Austria Belgium Brazil Bulgaria Canada Chile China PRC Colombia Costa Rica Croatia Czech Republic
Denmark Dubai, UAE Finland France Germany Greece Hong Kong SAR Hungary India Indonesia Ireland Israel Italy Japan Kore
Luxembourg Malaysia Mexico The Netherlands New Zealand Norway Peru Philippines Poland Portugal Puerto Rico Romania Russi
Saudi Arabia Scotland Singapore Slovakia Slovenia South Africa Spain Sweden S wi tz er la nd Ta iw an T ha il an d Tu rk ey U kr ai ne
United Kingdom United States Venezuela Vietnam Zimbabwe
All contents areCopyright 19922004 Cisco Systems, Inc. All rights reserved. Cisco, Cisco Systems, the Cisco Systems logo, Catalyst,Cisco IOS, and PIXare registered trademarks or trademarks of Cisco Systems, Inc. and/orit
affiliates in the U.S. and certain other countries.
All o ther t rademarks m entioned in thi s docum ent or W eb s ite a re the prope rty of the ir r es pect ive owner s. The use of the wor d par tner does not imply a par tner sh ip r elat ions hip between Cis co and any other com pany(0402R) JM/LW5752 04/04
FOR MORE INFORMATION
Cisco Data Center Solutions:
http://www.cisco.com/go/datacenter
Cisco Data Center Design Guides:
http://www.cisco.com/en/US/netsol/ns340/ns394/ns224/ns376/networking_solutions_package.html
SAFE Blueprints:
http://www.cisco.com/go/safe
Security Management:
http://www.cisco.com/en/US/products/sw/cscowork/ps2330/index.html
Identity and Access Control:
http://www.cisco.com/en/US/products/sw/secursw/ps2086/index.html
Configuration and Monitoring:
http://www.cisco.com/en/US/products/sw/cscowork/ps2073/index.html
Cisco AVVID (Architecture for Voice, Video and Integrated Data) Partner Program for security product and services vendors:
http://www.cisco.com/en/US/partners/pr46/pr13/partners_program_solution09186a00800a3370.html
Advanced Services for Network Security:
http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns267/networking_solutions_package.html
http://www.cisco.com/go/datacenterhttp://www.cisco.com/en/US/netsol/ns340/ns394/ns224/ns376/networking_solutions_package.htmlhttp://www.cisco.com/go/safehttp://www.cisco.com/en/US/products/sw/cscowork/ps2330/index.htmlhttp://www.cisco.com/en/US/products/sw/secursw/ps2086/index.htmlhttp://www.cisco.com/en/US/products/sw/cscowork/ps2073/index.htmlhttp://www.cisco.com/en/US/partners/pr46/pr13/partners_program_solution09186a00800a3370.htmlhttp://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns267/networking_solutions_package.htmlhttp://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns267/networking_solutions_package.htmlhttp://www.cisco.com/en/US/partners/pr46/pr13/partners_program_solution09186a00800a3370.htmlhttp://www.cisco.com/en/US/products/sw/cscowork/ps2073/index.htmlhttp://www.cisco.com/en/US/products/sw/secursw/ps2086/index.htmlhttp://www.cisco.com/en/US/products/sw/cscowork/ps2330/index.htmlhttp://www.cisco.com/go/safehttp://www.cisco.com/en/US/netsol/ns340/ns394/ns224/ns376/networking_solutions_package.htmlhttp://www.cisco.com/go/datacenter