corporate network through what are considered external networks, such as the DMZ and intranet zones.

Details of resources that are generally deployed in the various security zones, the possible access methods by which network clients access these enterprise resources, and the zones from which clients would access are discussed here and depicted in Figure 3-9.This discussion can help customers visualize the practical deployment scenarios of the IBM Integrated Security Solution for Cisco Networks in their organization.

 

 

LAN

 

 

Dialup

 

 

Production

 

Client

 

Branch

Network

 

 

 

 

 

 

 

Office

 

TPM SCM

 

 

 

 

Branch

 

 

Production

Compliance

 

WAN

Servers

& Remediation

Office

 

 

 

 

DMZ –2

 

 

 

 

VPN & R-access

 

 

 

Internet

 

Core

 

 

 

 

 

 

 

DMZ –1

 

 

 

 

Server

 

 

 

VPN

 

 

 

 

Client

DMZ –3

LAN

 

 

 

 

 

Partner

Ext network

LAB

NMS

ACS

 

 

 

 

 

WAN

DMZ

 

Management

 

 

External Network

 

 

Network

 

 

Intranet

 

 

 

 

 

 

Figure 3-9 Client access to enterprise with zone details

Uncontrolled zone - Internet, external networks

The Internet has become a major business driver for many organizations, but it can be considered completely uncontrolled. Client machines use the Internet for

the following means:

￿Remote users can use the Internet as an access method and connect to enterprise resources using VPN technology from across the globe.

Chapter 3. Component structure 65

Page 83
Image 83
IBM Tivoli and Cisco manual Uncontrolled zone Internet, external networks, Network