Terms you'll need to understand:
Techniques you'll need to master:
Because the edge is the part (or parts ) of your network that faces the outside world, security here is both more complex and more rigorous . Although most attacks actually come from insiders (at least, according to some statistics), you have a considerable degree of control over what protocols and applications are inside the campus. In the outside world, however, with which your edge modules interconnect, there can be anything and (probably) everything. The security job in the edge is bigger and harder. Products used in the edge include routers, switches, NIDS and HIDS, routers with a software firewall (the IOS Firewall feature set), dedicated firewall appliances (such as the PIX firewall), and VPN devices: the VPN concentrators and VPN clients (at the remote locations). We covered most of what you need to know about the first four items (routers, switches, NIDS, and HIDS) in Chapter 8, "Products in the Campus." A few additional items need to be configured on routers in the edge, so we start with that. From there, we cover the firewall capability in the IOS Firewall feature set, the PIX firewall, the VPN concentrator series, the VPN clients , and how the VPN devices are managed via the VMS. We specifically address how to secure your communications at the edge on various devices, including a router, a PIX, a VPN concentrator, and a VPN client. You will set these up in pairs so that you can see the same VPN from two product perspectives at once. In the case of the router and PIX, it is done via the CLI. In the case of the VPN concentrator and VPN client, it is a matter of setting complementary parameters in the VMSthe CiscoWorks VPN/Security Management Solution, a GUI-based manager. |