Summary

This has been a busy chapter, but it has provided you with an important baseline. With its many security technologies and many layers of implementation of them, the SAFE Blueprint mitigates a number of network threats. Here are a few that we have developed just from technology placement:

• Packet sniffing Mitigated through extensive use of switched networks, limiting the amount of traffic to be discovered

• Port redirection Mitigated through the use of private VLANs, to limit Layer 2 traffic flows

• Unauthorized access Mitigated through AAA, especially on critical information assets

• Network intruders Mitigated by extensive use of IDS, both NIDS and HIDS, which recognize known attack traffic

As you look at the products in Chapters 8 and 9, you will see more ways in which the SAFE design mitigates threats to your network. Before you can do that, however, you need to look at the other versions of SAFEthe extensions of the blueprint to VPNs, IP telephony, wireless, and (for our purposes, the most important) the small and midsize business networks and remote access (SMR). Those are the subject of Chapter 7.