5-1
VPN and Security Products at a Glance
CHAPT ER
CHAPTER5 VPN AND
SECURITY PRODUCTS
5
VPN and Security ProductsVPN and Security Products at a Glance
Product Features Page
Cisco PIX SecurityAppliance Market-leading, purpose-built appliances which provide broad range of integrated security
services
• Robust stateful inspection firewalling with application awareness
• High-performance and scalable remote access and site-to-site VPN
• Intrusion protection with for real-time response to network attacks
• Enhanced routing and network integration
• Extensive support for multimedia and VoIP applications
• Award-winning firewall stateful failover for enterprise-class resiliency
5-2
Firewall Blade for Catalyst 6500 Firewall Module is a high performance integrated stateful firewall solution for Catalyst 6500 family
of switches with performance exceeding 5GB. It is based on proven PIX technology while
providing the following benefits to the customers
• Investment protection
• Low cost of ownership
• Ease of use
• Operational Consistency
• Scalability
See the Catalyst 6500 Series Switch in Chapter 2: LAN Switching, page 2-22, for more information
2-22
Cisco VPN 3000 Family Remote access Virtual Private Network platform
• Has models for all size companies, from small to large enterprise organizations
• Reduces communications expenditures
• Enables users to easily add capacity and throughput
5-5
Cisco IDS Network Sensor Network-based, real-time intrusion detection system capable of monitoring an entire enterprise
network:
• Capable of directing and forwarding alarms between local, regional, and headquarters-based
monitoring consoles
• Scalable architecture to allow the deployment of large numbers of sensors in order to provide
comprehensive security coverage in large networks
• Tight integration into the network through the delivery of the IDS Network Module for the Cisco
Access Routers and the IDSM2 for the Catalyst 6500 switches
• CTR (Cisco Threat Response) delivers adaptive scan techniques to minimize false alarms
• Broad range of management options
5-8
Cisco Security Agent The Cisco Security Agent provides threat protection for desktop and server computing systems
by identifying and preventing malicious activity. By acting on threats or attacks before they can
occur, Cisco Security Agent removes known and unknown security risks to enterprise networks
and applications:
• The Cisco Security Agent aggregates and extends multiple endpoint security functions by
providing host intrusion prevention, distributed firewall, malicious mobile code protection,
operating system integrity assurance, and audit log consolidation all within a single agent
package
• Protects against know and unknown attacks on both servers and desktops
5-10
Cisco Secure Access Control Server (ACS) for Windows and Cisco Secure Access Control Solution EngineA centralized identity networking solution that simplifies user-management experience across all
Cisco devices and security-management applications. An essential component of the Cisco
Identity Based Networking Services (IBNS) architecture, it extends access security by combining
authentication, user and administrator access, and policy control from a centralized identity
networking framework. This allows greater flexibility and mobility, increased security, and user
productivity gains. It helps ensure enforcement of assigned policies by allowing network
administrators to control: Who can log in to the network, Privileges each user has in the network,
and Security audit or account billing information that is recorded
5-12