Manuals / IBM / Computer Equipment / Network Card

IBM Tivoli and Cisco manual IBM Integrated Security Solution for Cisco Networks lab

Models: Tivoli and Cisco

1 516
Download 516 pages 58.69 Kb
Page 98
Image 98

Uncontrolled zone - Internet

The Internet has become a pivotal component in the banking industry with its immense flexibility and business opportunities. But it has also become one of the preferred methods for spreading viruses and malicious code as well as providing easy access to many unprotected or weakly secured enterprise resources. Balancing the requirements and threats, ABBC has provided clients, employees, and partners with controlled access to its resources. Firewalls and intrusion detection and prevention systems have been deployed to provide adequate network perimeter security.

Controlled zone - DMZ

ABBC hosts Web access control servers and mail gateways in the DMZ. It is also a termination point for VPN users before they connect to the primary network.

Controlled intranet

Local employees connected through the LAN are part of this zone. ABBC is investing in wireless networks and VOIP technology for their users’ improved access capability and flexibility. The corporate WAN also terminates in this zone. ABBC has a lab network where testing is done before any system is deployed in a production environment. The IBM Integrated Security Solution for Cisco Networks has been tested by ABBC. The test simulation is discussed briefly in 4.2.2, “IBM Integrated Security Solution for Cisco Networks lab” on page 80.

Production network

The server resources for the enterprise are deployed in the production network. With the IBM Integrated Security Solution for Cisco Networks, ABBC has deployed the compliance and remediation servers in this section of the network. The network management zone is a separate protected subnet. The segments of the production network are also given additional protection.

4.2.2 IBM Integrated Security Solution for Cisco Networks lab

Network Admission Control uses the network infrastructure to enforce security policy compliance on all devices seeking to access the network. NAC can be delivered in two ways: NAC Framework and NAC Appliance.

NAC Framework

NAC Framework is an architecture-based approach that provides comprehensive control by assessing all endpoints across all access methods, including LAN, wireless connectivity, remote access, and WAN. It can be deployed as NAC L2 IP, NAC L2 802.1x, or NAC L3 IP. It utilizes Cisco routers, switches, VPN Concentrators, and Adaptive Security Appliances. Cisco Secure ACS is an integral component of NAC Framework.

80Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

Page 97 Page 99
Page 98
Image 98
IBM Tivoli and Cisco manual IBM Integrated Security Solution for Cisco Networks lab
Page 97 Page 99