Designing Security Services © 2004 Cisco Systems, Inc. All rights reserved. Implementing Network Security Using the SAFE Security Blueprints ARCH v1.26-1

© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Security and attack mitigation based on policy Security implementation throughout the infrastructure (not just on specialized security devices) Secure management and reporting Authentication and authorization of users and administrators to critical network resources Intrusion detection for critical resources and subnets SAFE Design Objectives

© 2004 Cisco Systems, Inc. All rights reserved. ARCH v SAFE Design for Small Networks

© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Small Network Internet Connectivity Module Components

© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Small Network Attack Mitigation Roles for Internet Connectivity Module

© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Small Network Campus Infrastructure Module Components

© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Small Network Attack Mitigation Roles for Campus Infrastructure Module

© 2004 Cisco Systems, Inc. All rights reserved. ARCH v SAFE Design for Medium Networks

© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Medium Network Internet Connectivity Module

© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Medium Network Attack Mitigation Roles for Internet Connectivity Module

© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Medium Network Campus Infrastructure Module Components

© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Medium Network Attack Mitigation Roles for Campus Infrastructure

© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Medium Network WAN Module Key Devices and Mitigation Roles

© 2004 Cisco Systems, Inc. All rights reserved. ARCH v SAFE Security Strategies for the Enterprise Campus

© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Example: Secure Building Distribution and Access Submodules

© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Example: Secure Network Management Module

© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Secure Network Management Module Features

© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Secure Server Farm Module Features

© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Secure Edge Distribution Features

© 2004 Cisco Systems, Inc. All rights reserved. ARCH v SAFE Security Strategies for the Enterprise Edge

© 2004 Cisco Systems, Inc. All rights reserved. ARCH v E-Commerce Module Features

© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Internet Connectivity Module Features

© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Remote Access and VPN Module Features

© 2004 Cisco Systems, Inc. All rights reserved. ARCH v WAN Module Features

© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Summary SAFE serves as a guide for network designers considering the security requirements of their network. The SAFE design for a small network includes only a Internet Connectivity module that provides access to the external network, and the Campus Infrastructure containing the internal network. The SAFE medium network design consists of the Internet Connectivity module, the Campus Infrastructure module, and the WAN module. The SAFE large network design consists of the entire Enterprise Composite Network Model. The SAFE architecture defines the Enterprise Edge functional area as containing the Internet Connectivity, E-Commerce, Remote Access and VPN, and WAN modules.