Chapter 5 Summary of Software Applications Features

External Software Applications

Table 5-10 Key Features of Cisco IOS Firewall (continued)

Feature

Description

 

 

VPNs, IPSec encryption, and QoS

Operates with Cisco IOS software encryption, tunneling, and QoS

support

features to secure VPNs.

 

 

 

Provides scalable, encrypted tunnels on the router while

 

 

 

integrating strong perimeter security, advanced bandwidth

 

 

 

management, intrusion detection, and service-level validation.

 

 

 

Standards based for interoperability: Supports Internet Protocol

 

 

 

Security (IPSec) encryption standards with both 56-bit Data

 

 

 

Encryption Standards (DES) and 168-bit Triple DES (3DES);

 

 

 

generic routing encapsulation (GRE); Layer 2 forwarding (L2F);

 

 

 

Layer 2 tunneling protocol (L2TP).

 

 

Real-time alerts

Logs alerts for denial-of-service attacks or other preconfigured

 

 

 

conditions; configurable on a per-application, per-feature basis.

 

 

Audit trail

Details transactions; records time stamp, source host, destination

 

 

 

host, ports, duration, and total number of bytes transmitted for

 

 

 

detailed reporting; configurable on a per-application, per-feature

 

 

 

basis.

 

 

Event logging

Allows administrators to track potential security breaches or

 

 

 

other nonstandard activities in real time by logging system error

 

 

 

message output to a console terminal or syslog server, setting

 

 

 

severity levels, and recording other parameters.

 

 

Firewall management

Wizard-based network configuration tool offers step-by-step

 

 

 

guidance through network design, addressing, and Cisco IOS

 

 

 

Firewall security policy configurations.

 

 

Integration with Cisco IOS

Interoperates with Cisco IOS features, integrating security policy

software

enforcement into the network.

 

 

Basic and advanced traffic filtering

Standard and extended access control lists (ACLs) let you apply

 

 

 

access controls to specific network segments and define the traffic

 

 

 

permitted to pass through a network segment.

 

 

Policy-based multi-interface

Can control user access by IP address and interface as determined

support

by the security policy.

 

 

Redundancy/failover

Automatically routes traffic to a backup router if a failure occurs.

 

 

Network address translation

Hides internal network from the outside for enhanced security.

 

 

 

 

 

 

 

Cisco ICS 7750 System Description

 

 

5-24

 

 

78-10360-02

 

 

 

 

Page 121 Page 123
Page 122
Image 122
Cisco Systems ICS-7750 manual Cisco ICS 7750 System Description
Page 121 Page 123
Top Page Image Contents