Cisco Systems 2600, 3600, 3700, and 7200, Cisco 1700 Cisco PIX Security Appliance Series

Chapter5 V PN and Security Products

5-2

Cisco PIX Security Appliance Series

The world-leading Cisco PIX® Security Appliance

Series provides enterprise-class, integrated network

security services including stateful inspection

firewalling, protocol and application inspection, virtual

private networking (VPN), in-line intrusion protection,

rich multimedia and voice security in cost-effective, easy-to-deploy solutions. Ranging

from compact, “plug-and-play” desktop firewalls for small offices to carrier-class

gigabit firewalls for the most demanding enterprise and service-provider environments,

Cisco PIX Security Appliances provide robust security, performance, and reliability for

network environments of all sizes.

Cisco Secure User

Registration Tool (URT) Identifies users within the network and creates user registration policy bindings that help support

mobility and tracking:

• Ensures that users are associated with their authorized subnet/VLAN

• Addresses the challenges associated with campus user mobility

• Supports Web-based authentication for Windows, Macintosh, and Linux client platforms

• Secure user access to the VLAN with MAC address-based security option

• Option to allow multiple users connected to a hub to access a VLAN served by a single switch

port

5-14

CiscoWorks

VPN/Security

Management Solution

Combines general device management tools for configuring, monitoring, and troubleshooting

enterprise networks with powerful security solutions for managing virtual private networks

(VPNs), firewalls, and network and host-based intrusion detection systems (IDS). An integral part

of the Cisco SAFE Blueprint for Enterprise, this bundle also delivers network device inventory,

change audit and software distribution features. CiscoWorks VMS is organized into several

functional areas: Firewall Management, IDS Management, network and host-based, VPN Router

Management, Security Monitoring, VPN Monitoring, and Operational Management

See Chapter 9-1—IOS Software & Network Management for more information on CiscoWorks

VPN/Security Management Solution

9-16

CiscoWorks Security

Information

Management Solution

and CiscoWorks

Security Information

Management Solution

Engine

A solution that collects, analyzes, and correlates security event data from across the enterprise-

letting you detect and respond to security events as they occur.

• Event monitoring of multivendor security environments

• Extensive reporting for operators and high-level administrators

• Risk assessment information to understand overall vulnerability of critical network assets within

the enterprise; Forensics tools to investigate attacks

• Traffic utilization reports and graphs to understand changes in traffic patterns

See Chapter 9-1—IOS Software & Network Management for more information on CiscoWorks

Security Information Management Solution

9-18

Cisco IOS Firewall • Tightly integrated with IOS VPN and advanced routing technologies

• Application aware stateful packet inspection via context-based access control (CBAC) for TCP,

UDP, SIP, Skinny, H.323 and others

• Supports user authentication for https, ftp and telnet connections

• URL filtering through router exclusive domains or use of external Websense and N2H2 servers

• Inline intrusion prevention for real-time response to network attacks supporting 100 common

attack signatures

• Dynamic, network-to network, per-user authentication and authorization via TACACS+ and

RADIUS

5-15

Cisco VPN Security

Router Bundles Cisco 1700, 2600, 3600, 3700, and 7200 VPN Security Router Bundles with Enhanced Integrated

Network Security. See individual product pages for more detail (page 1-1) 1-1

Cisco 1700, 2600, 3600,

and 7200 Wide variety of modular router platforms with options for IOS-based and hardware-enabled VPN

and security support. See individual product pages and Cisco IOS Firewall Feature Set (page

5-15).

1-1

Cisco 7100 Series Large branch and central site VPN router

• Comprehensive suite of VPN services, including encryption, tunneling, firewall, and bandwidth

management

• Embedded I/O for ease of deployment

• Service module slot for IPSec and PPTP encryption coprocessing

• Dedicated Site-to-Site VPN router

5-16

Cisco Systems Cisco PIX Security Appliance Series

Models: 2600 3600 3700 and 7200 Cisco 1700

The world-leading Cisco PIX® Security Appliance

Series provides enterprise-class, integrated network

security services including stateful inspection

firewalling, protocol and application inspection, virtual

private networking (VPN), in-line intrusion protection,

rich multimedia and voice security in cost-effective, easy-to-deploy solutions. Ranging

from compact, “plug-and-play” desktop firewalls for small offices to carrier-class

gigabit firewalls for the most demanding enterprise and service-provider environments,

Cisco PIX Security Appliances provide robust security, performance, and reliability for

network environments of all sizes.

Product Features Page