Security threats abound on the Internet in many different forms. Whether threats come from viruses, hackers, or denial-of-service attacks, the network administrator has had to keep on his or her toes to avoid trouble. To mitigate those problems, security has become somewhat of a patchwork affair-VPNs are used for one function, firewalls another. The Cisco Security Management Suite aims to bring security together so it can be centrally managed rather than the piecemeal affair it is now.
The suite is comprised of two components:
Cisco Security Manager (CSM)
Cisco Security Monitoring, Analysis, and Response System (MARS)
CSM provides security management using different views. A device-level view allows you to see all of the devices on a network and the policies that can be set and managed for each. CSM's policy view allows for the creation and management of policies based on specific organizational needs.
This allows not only organization-wide policies to be established, but if there are specific hotspots within the organization that need additional attention, they can be established and managed. Furthermore, the network administrator can also establish policies for various links across the network.
The CSM also provides a topology-centric view, which provides a visual representation of the network that scales through linked network maps, allowing the administrator to manage policies from this level. These views provide the administrator with an integrated framework to manage security services like firewalls, VPNs, and Intrusion Prevention Service.
The Cisco Security MARS collects, correlates, and reports security events from both Cisco and third-party devices. When an event occurs, CS-MARS provides information about the incident, where it occurred on the network, and the best point of mitigation.
CS-MARS version 4.2 includes dynamic and real-time event viewing and categorization capabilities. Unusual traffic can be identified through real-time filtering of security event data.
By using Cisco Security Manager, the administrator can pinpoint which device and policy are responsible for denying suspect traffic. This goes a long way toward protecting the network, ensuring availability, and reducing costs.
There are a number of ways to manage access to your network-either by setting up an access server for dial-in use or an access router for Internet-bound traffic. No matter which method you choose, it's vital to keep security in mind, and a network should have a properly configured firewall and IDS in place to thwart malicious individuals.