Cisco Systems 870, 850 manual Cisco Security Services Modules

Page 59

Cisco Security Services Modules

Cisco 7600 series routers and Cisco Catalyst 6500 series switches support a variety of high-performance security modules that protect networks from the full range of threats, while also simplifying management and reducing overhead by consolidating security services into the switching chassis..

Traffic Anomaly Detector Services Module

Anomaly Guard Services Module

Intrusion Detection Services Module (IDSM-2)

IPSec VPN Shared Port Adapter

This module helps large organizations protect against distributed denial-of-service (DDoS) or other cyber attacks, enabling users to quickly initiate mitigation services and block the attack before business is adversely affected. It utilizes the latest behavioral analysis and attack recognition technology to proactively detect and identify all types of cyber assaults.

Monitors and processes attack traffic at full Gigabit line rates, delivering a

high-performance solution that detects DDoS attacks without consuming valuable switch or router resources.

Identifies and blocks all types and sizes of assaults, including those launched by hundreds of thousands of distributed zombie hosts, providing complete protection against the widest range of attacks.

Scales through clustering in a single chassis to support multi-gigabit performance, providing maximum protection for the largest enterprise and service provider environments or for individual vulnerable zones.

Automatic learning builds baseline profiles of normal operating conditions, enabling rapid identification of anomalous or unusual activity that indicates an attack.

Supports real-time monitoring of individual devices and protected zones with web-based graphical manager, as well as historical attack- level reports showing specific attack types seen and associated statistics.

This module mitigates DDoS and other cyber attacks. It effectively stops the DDoS attack while allowing legitimate traffic to continue to its destination, thereby maintaining continuous business operations.

Monitors and processes attack traffic at full Gigabit line rates, delivering a

high-performance solution that detects DDoS attacks without consuming valuable switch or router resources.

Multi-verification process (MVP) architecture utilizes advanced anomaly recognition, source verification and anti-spoofing technologies to identify and block individual attack flows without affecting legitimate transactions.

Dynamic diversion redirects and cleans only traffic destined for targeted devices, allowing unaffected traffic to flow freely and ensuring business continuity.

Automatic learning builds baseline profiles of normal operating conditions, enabling rapid identification of anomalous or unusual activity that indicates an attack.

Identifies and blocks all types and sizes of assaults, including those launched by hundreds of thousands of distributed zombie hosts, providing complete protection against the widest range of attacks.

This module helps detect, classify, and stop threats including worms, spyware/adware, network viruses,

and application abuse. The Cisco IDSM-2 combines inline prevention services with innovative technologies that improve accuracy, allowing you to stop more threats without dropping legitimate network traffic.

Accurate inline prevention technologies offer intelligent, automated, contextual analysis of your data and help ensure you are getting the most out of your intrusion prevention solution.

Offers 600 Mbps performance per module, providing the high bandwidth detection capabilities required for larger networks.

Multivector threat identification protects your network from policy violations, vulnerability exploitations, and anomalous activity through detailed inspection of traffic in Layers 2–7.

Unique network collaboration enhances scalability and resiliency through network collaboration, including efficient traffic capture techniques, load-balancing capabilities, and visibility into encrypted traffic.

This module delivers scalable and cost-effective VPN performance with Data Encryption Standard (DES), Triple Data Encryption Standard (3DES), plus next-generation Advanced Encryption Standard (AES) technology, including all key sizes (128-, 192-, and 256-bit keys)

for ultimate in IPSec VPN security and interoperability.

Provides up to 2.5 Gbps of AES and 3DES IPSec throughput with large packets and 1.6 Gbps with Internet mix (IMIX) traffic.

Up to 10 Cisco IPSec VPN SPAs can be installed in a system, scaling to 25 Gbps of total throughput for wire-speed security transport for native 10 Gigabit Ethernet interfaces.

Using the Cisco Services SPA Carrier-400, each slot of the Cisco 7600, or Cisco Catalyst 6500 supports up to two IPSec VPN SPAs, increasing total performance per slot.

114

115

Page 58 Page 60
Image 59
Page 58 Page 60
Contents Cisco Router Guide Cisco Router Guide Integrated Services Routers Series Overview Cisco 7200 Series Product Transition Matrix Cisco Transition MatrixCisco Cisco 1801, 1802 Cisco 1711 Cisco 1811Remote Management Integrated ServicesEasy Setup and Deployment Cisco 850 SeriesSeries Distinctions Security FeaturesWlan Features When to DeployCisco 870 Series Following in a small remote office, or Cisco 870 Security FeaturesCisco 870 VPN Features Deploy the Cisco 870 Series when you needHigh-Availability Features Benefits and Advantages Cisco 1800 Series Fixed-ConfigurationVPN Integrated Wireless LAN CapabilityWireless Security Application ExampleWAN Wireless ExampleHigh-Availability Features Example Dram MBCISCO1803W-AG-A/K9 CISCO1801CISCO1801W-AG-E/K9 CISCO1802W-AG-E/K9Flexibility and Investment Protection Cisco 1800 Series ModularEnhanced Architecture Market-leading Integrated SecurityNetwork Foundation Protection Security SolutionsMultiprotocol Label Switching Mpls VPN Support IPSec VPNNME Product BundlesCISCO1841 AIMInvestment Protection and Versatility Integrated SwitchingCisco 2800 Series Secure Networking Security Features Series Features OverviewFeatures Details IP Telephony FeaturesPstn WAN Features Details Cisco Srst Up to 96 phonesDeploy the Cisco 2800 Series when you need NME EVM AIM Hwic PvdmCisco 2800 Series Base Chassis Part Numbers Optional itemsSecurity Bundles Voice BundlesWAN Optimization Bundles Cisco 3800 SeriesInvestment Protection and Versatility Broadband BundlesEVM-HD Media Authentication and EncryptionSrst IP Telephony FeaturesDeploy the Cisco 3800 Series when you need NME-XD NMENME-X NMDSecure Voice Bundles Application ExamplesCisco 7200 Series Common Port Adapters Feature-RichMaximum ROI Connectivity/FlexibilityApplication Example Security Solutions ExampleSecurity Solutions Certifications 7206VXR/VSA+VPNK9 CISCO7201CPE MPLS/IPV6Cisco 7301 Series Key features of the Cisco 7301 Router areNext-Generation Policy and Subscriber Solution Benefits & Advantages Low Power ConsumptionBenefits & Advantages Security Features Compact Form Factor VPN SupportInternet VPN Tunnels Cisco Router Enabled Key Application Service Providers When To DeployBroadband Power SuppliesKey Applications for Enterprise deployments Cisco 7301 Bundles and Other Part NumbersFR-ISG73= Cisco 7301 AccessoriesCisco 7301 Feature Licenses Product Number Product Description Memory optionsHighly Scalable and Available High-performance IP/MPLS ServicesCisco 7304 Series CISCO7304CH-NSE150 Deploy the Cisco 7304 when you needCISCO7304 CISCO7304-CHPA-A6-OC3SMI= PA-A3-8E1IMA=PA-A3-8T1IMA= PA-A6-OC3MM=CNTR-SPTUM= Product Number Product Description Cisco 7304 AccessoriesHALFSLOTBLNK= 7300-4RU/RCKBRKT=Network Protection Service ProtectionCisco 7600 Series Device ProtectionCisco 7613 Systems Cisco 7604 Systems Cisco 7609 SystemsCisco 7606 Systems SPA-24CHT1-CE-ATM= Cisco 7603 Flexwan ModulesCISCO7603-S SPA-24CHT1-CE-ATM SPA-1CHOC3-CE-ATM=WS-F6K-DFC3B WS-SUP32-GE-3BWS-SUP720-3BXL WS-F6700-DFC3BXLPA-E3 OSM-1CHOC12/T1-SI OSM-1CHOC12/T1-SI=PA-H PA-H= PA-2HCisco 7600/CATALYST 6500 Ethernet Modules Cisco 7600 Services Modules SFP-OC3-IR1 CWDM-OADM4-1= CWDM-OADM4-2=SFP-GE-Z SFP-GE-Z=Maximum Network Uptime Cisco Catalyst SeriesScalable Performance Services Integration and FlexibilityValidated Solutions Integrated SecurityCisco 6513 Systems Feature Cisco 6503-E Cisco 6504-E Cisco 6506-E Cisco 6509-ECisco 6503-E Systems Cisco 6509-E SystemsCisco 6506-E Systems Cisco 6504-E SystemsCisco 7600 and Catalyst 6500 SIP Modules and SPA Modules WS-X6066-SLB-APC= ACE10-6500-K9WS-SVC-IPSEC-1= WS-SVC-AON-1-K9Cisco Security Services Modules Network Analysis Module NM-16ESW-1GIG CiscoModularNetworkAccessModulesRoutersLAN and Mixed Media Network Modules NM-16ESWNME-X-23ES-1G-P 1GIGNME-16ES-1G-P PPWR-DCARD- 16ESWLAN and WIC Combo Network Modules LAN Network ModulesNM-2W Circuit Emulation Over IP Network ModulesNM-1FE1R2W NM-CEM-4TE1NM-1T3/E3 Cisco Serial Connectivity Network ModulesSerial T3/E3 Network Modules High-Speed Serial Network Modules-Up to 52 MbpsNM-4A/S Synchronous Serial Network Modules-Up to 8 MbpsAsynchronous Serial Network Modules-Up to 128 Kbps NM-4TNM-2CE1T1-PRI Cisco Channelized T1/E1 and Isdn Network ModulesNM-1CE1T1-PRI ATM T3/E3 Network Modules Cisco ATM Network ModulesIsdn Basic Rate Interface Network Module ATM OC3 Network ModulesNM-1VSAT-GILAT Cisco Satellite Network ModulesWay Satellite WAN Connectivity Network Module NM-12DM Cisco Dial-up/Remote Access Network ModulesDigital Modem Network Modules NM-6DMNM-30DM Analog Modem Network ModulesNM-24DM NM-8AM-V2NM-HD-2V Cisco Voice Network ModulesAnalog and Isdn Basic Rate Voice Network Modules NM-HD-1VEM-4BRI-NT/TE NM-HD-2VEEVM-HD-8FXS/DID NM-HDA-4FXST1/E1 Digital Voice Network Modules NM-HDV2 PVDM2-8Voice Mail Network Modules Network Analysis And Monitoring Cisco Services Network ModulesWireless LAN Controller Module Content Engine Network Modules WIC-2T Cisco Interface CardsSerial WICs WIC-1THWIC-4A/S WIC-1DSU-T1-V2HWIC-4T WIC-1DSU-56K4DSL WICs and HWICs Isdn BRI WICsHWIC-1ADSL WIC-1ADSL-DGHWIC-4SHDSL WIC-1ADSL-I-DGAnalog Modem WICs Ethernet and High-speed Switching WICsCable DOCSIS-based HWICs ILPM-8= HWIC-D-9ESW-POEHWIC-1FE HWIC-AP-G and HWIC-AP-AG Hwic Wireless LAN Interface Cards and AccessoriesWireless LAN Antennas HWIC-2FEVWIC2-1MFT-T1/E1 Wireless LAN AntennaCisco Voice Interface/WICs CablesVWIC-1MFT-T1 VWIC2-2MFT-T1/E1VWIC-2MFT-T1 VWIC-2MFT-T1-DIVWIC2-1MFT-G703 VWIC-1MFT-E1VWIC-2MFT-E1-DI VWIC-2MFT-E1VWIC-1MFT-G703 VWIC2-2MFT-G703VWIC-2MFT-G703 VIC2-2FXS Cisco Voice Interface CardsAnalog Voice Interface Cards VIC-2DIDIsdn BRI Voice Interface Cards AIM-COMPR2-V2 Cisco Advanced Integration Modules Security ModulesCompression Advanced Integration Modules AIM-COMPR4Voice Mail Advanced Integration Modules Security ModulesATM Advanced Integration Modules MEMUSB-128FT Cisco Universal Serial Bus USB CardsUniversal Serial Bus USB Ports MEMUSB-64FTLAN and WIC Combo Network Modules Ethernet Switching Network Modules AccessoriesCisco Network Module Compatibility Quick Look LAN Network ModulesCisco Network Module Compatibility Quick Look Services Network Modules High-density Digital Voice Network Modules and AccessoriesVoice Digital Signal Processors DSPs Modem Digital Signal Processors DSPsIsdn BRI WICs Cisco Interface Card Compatibility Quick LookSerial WICs Cisco Interface Card Compatibility Quick Look Isdn BRI Voice Interface Cards Analog Voice Interface CardsVoice-mail Advanced Integration Modules Cisco Advanced Integration Module Compatibility Quick LookCompression Advanced Integration Modules VPN and Encryption Advanced Integration ModulesATM Port Adapters Cisco Port Adapter Compatibility Quick LookCisco Advanced Integration Module Compatibility Quick Look ATM Advanced Integration ModulesCisco Port Adapter Compatibility Quick Look Other Port Adapters and SAs VPN Service AdaptersCisco Shared Port Adapter Compatibility Quick Look Sonet PAsUSB Flash Memory Cisco USB Flash Memory Compatibility Quick LookCisco Series Port Adapter Compatibility Quick Look 210 211 USA
Top Page Image Contents