Specifications
CHA PTER
CHAPTER 5 VPN AND
SECURITY
CHA PTER
CHAPTER
5-1
VPN and Security Products at a Glance
5
VPN and Security
VPN and Security Products at a Glance
Product Features Page
Cisco PIX Security
Appliance
Market-leading, purpose-built appliances which provide broad range of integrated security
services
• Robust stateful inspection firewalling with advanced application and protocol inspection
• High-performance and scalable remote access and site-to-site VPN
• Inline intrusion prevention for real-time response to network attacks
• Enhanced routing and network integration
• Extensive support for multimedia and VoIP applications
• Award-winning firewall stateful failover for enterprise-class resiliency
5-2
Firewall Blade for
Catalyst 6500
Firewall Module is a high performance integrated stateful firewall solution for Catalyst 6500 family
of switches with performance exceeding 5GB. It is based on proven PIX technology while
providing the following benefits to the customers
• Investment protection
• Low cost of ownership
• Ease of use
• Operational Consistency
• Scalability
See the Catalyst 6500 Series Switch in Chapter 2: LAN Switching, page 2-21, for more information
2-21
Cisco VPN 3000 Family
Remote access Virtual Private Network platform
• Supports IPsec and SSL (WebVPN) remote connectivity
• Has models for all size companies, from small to large enterprise organizations
• Reduces communications expenditures
• Enables users to easily add capacity and throughput
5-5
Cisco Security Agent
Provides threat protection for desktop and server computing systems by identifying and
preventing malicious activity:
• Aggregates and extends multiple endpoint security functions
• Protects against know and unknown attacks on both servers and desktops; Protects against
entire classes of attacks including Port Scans, Buffer Overflows, Trojan Horses, Malformed
Packets, malicious HTML requests and e-mail worms
• Stops new and unknown attacks without needing signature update, and reduces security
management cost associated with deploying updates
• Scalable to 100,000 agents per management server
• Compliant with SDN/NAC Cisco Trust Agent. Integrated management with Cisco PIX, Cisco
Secure IDS, and Cisco VPN security devices and built-in Cisco Secure VPN “Are You There”
(AYT)
5-9
Cisco Secure Access
Control Server (ACS) for
Windows
Provides a comprehensive identity networking solution and secure user experience for Cisco
intelligent information networks. It is the integration and control layer among all enterprise users,
administrators, and the resources of the network infrastructure
5-10
Cisco Secure Access
Control Server (ACS)
Solution Engine
A high-performance and highly scalable user and administrative access control solution that
operates as a centralized RADIUS or TACACS+ server system in a turnkey security-hardened
solution
5-12
Cisco Secure User
Registration Tool (URT)
Identifies users within the network and creates user registration policy bindings that help support
mobility and tracking:
• Ensures that users are associated with their authorized subnet/VLAN
• Addresses the challenges associated with campus user mobility
• Supports Web-based authentication for Windows, Macintosh, and Linux client platforms
• Secure user access to the VLAN with MAC address-based security option
• Option to allow multiple users connected to a hub to access a VLAN served by a single switch
port
5-13