Argentina • Australia • Austria • Belgium • Brazil • Canada • Chile • China • Colombia • Costa Rica • Croatia • Czech Republic • Denmark • Dubai, UAE Finland • France • Germany • Greece • Hong Kong • Hungary • India • Indonesia • Ireland • Israel • Italy • Japan • Korea • Luxembourg • Malaysia Mexico • The Netherlands • New Zealand • Norway • Peru • Philippines • Poland • Portugal • Puerto Rico • Romania • Russia • Saudi Arabia • Singapore Slovakia • Slovenia • South Africa • Spain • Sweden • Switzerland • Taiwan • Thailand • Turkey • Ukraine • United Kingdom • United States • Venezuela Copyright © 1999 Cisco Systems, Inc. All rights reserved. Printed in the USA. PIX is a trademark; Cisco, Cisco IOS, Cisco Systems, the Cisco Systems logo, and IOS are registered trademarks of Cisco Systems, Inc. in the U.S. and certain other countries. All other trademarks mentioned in this document are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any of its resellers. (9908R) ETMG 9/99 LW
Lit# 953442 Corporate Headquarters
Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 European Headquarters Cisco Systems Europe s.a.r.l. Parc Evolic, Batiment L1/L2 16 Avenue du Quebec Villebon, BP 706 91961 Courtaboeuf Cedex France http://www-europe.cisco.com Tel: 33 1 69 18 61 00 Fax: 33 1 69 28 83 26 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-7660 Fax: 408 527-0883 Asia Headquarters Nihon Cisco Systems K.K. Fuji Building, 9th Floor 3-2-3 Marunouchi Chiyoda-ku, Tokyo 100 Japan http://www.cisco.com Tel: 81 3 5219 6250 Fax: 81 3 5219 6001
Cisco Systems has more than 200 offices in the following countries. Addresses, phone numbers, and fax numbers are listed on the
C i s c o C o n n e c t i o n O n l i n e W e b s i t e a t h t t p : / / w w w . c i s c o . c o m / o f f i c e s .
C i s c o S e c u r e S o l u t i o n s
S e c u r i n g Yo u r
1
Securing Your Business Network: C i s c o S e c u r e S o l u t i o n s
Doing business on the Internet, like all business practices, entails risk. Without appropriate precautions, Internet connectivity could compromise the very information assets that make companies profitable and enable them to serve customers. Network security breaches can result in damaging losses, and concerns about information security sometimes prevent enterprises from implementing the Internet-based solutions they need to stay competitive. In today’s dynamic business environment, this reluctance can quickly reduce a company’s growth potential and erode its competitive position.
Cisco is committed to helping you build secure networks because we understand that security isn’t just an afterthought—it’s fundamental to the success of your business.
Each day, forward-thinking organizations reinvent how they do business—gaining
competitive advantage, creating new sources of revenue, and optimizing business
processes—by adopting Internet-based network solutions.
I D E N T I T Y • P E R I M E T E R S E C U R I T Y • DATA P R I VACY • S E C U R I T Y M O N I TO R I N G •
P O L I CY M A N AG E M E N T
“Driven by the rush to e-commerce, security is rapidly becoming a mission-critical
component of corporate IT infrastructure.”
Ted Julian
S A V I N G S
P O T E N T I A L
P R O F I T
Secure, Intelligent
The Cisco Secure Solution Strategy
Cisco already delivers the critical security solutions that make the Internet a safe and valuable business tool. Cisco achieves this through robust security capabilities embedded in the Cisco infrastructure as well as in security-specific appliances, software, and consulting services.
Advanced security features, such as dynamic policy enforcement in response to attacks and misuse, provide real-time enterprise asset protection. Embedded software
solutions, plus hardware-based accelerators for firewalling, encryption, and intrusion detection, transform your Cisco network into a scalable, reliable infrastructure. And by employing a policy-based management approach, Cisco makes it easy to define, enforce, and audit security for users and devices throughout your enterprise. Only Cisco Secure solutions ensure that your e-commerce infrastructure, your Virtual Private Network (VPN), and your supply chain network are protected.
3
The Cisco Secure Vision
Our vision is simple: we empower Cisco customers to safely take advantage of the Internet economy. Cisco security offerings allow organizations to securely deploy mission-critical applications and networks to gain competitive advantage. The confidence that comes from knowing that company information assets are secure is the key that can unlock explosive new Internet business opportunities and dynamic growth.
Many vendors can provide a base level of scalability, connectivity, and reliability for IP networks. Cisco, however, delivers the advanced, intelligent network services required for mission-critical enterprise networks—and one of the most critical network services in the new Internet business environment is security.
Because most networks are built on Cisco infra-structure, we are uniquely positioned to help you secure your network. That’s why we continue to add security intelligence to your Cisco infrastructure in ways that are ubiquitous, integrated, and transparent. And that’s why our customers have already made us the leader in perimeter network security. 0 $B 200 400 600 800 1,000 1,200 1,400 1997 1998 1999 2000 2001 2002 2003 Source: IDC (3/99) $16 $51 $112 $218 $398 $734 $1,318 Business to Consumer Business to Business
Growth of Worldwide Internet Commerce on the Web
Networks
North America:
$654
Europe:
$431
Estimated Total Worldwide E-Commerce Savings by 2002—$1.26 Trillion
Source: Giga Information Group (7/99)
Asia:
$167
Empowering Businesses to Safely Take
Advantage of the Internet Economy
“The bottom line pay-off for companies using e-commerce to improve business performance and lower costs will soon far outweigh revenues generated from sales over the internet.”
Andrew Bartels
Analyst, Giga Information Group
Giga Forecast: E-Commerce Cost Savings, July 26, 1999
Cisco Secure Scanner
The Cisco Secure Scanner is an enterprise-class software scanner application that allows you to identify and fix network security holes before the hackers find them. This product offers
superior network vulnerability and system identification, innovative data management, flexible user-defined vulnerability rules, and comprehensive security reporting capabilities. The scanner allows users to proactively measure security, to quickly prioritize risks, then to know how to eliminate security vulnerabilities detected on the network. In today’s dynamic network environments, the Cisco Secure Scanner is a necessity for every network or security administrator.
Cisco Secure Intrusion Detection System
The Cisco Secure Intrusion Detection System is the industry’s first real-time, network intrusion detection system that can protect the network perimeter, extranets, and the increasingly vulnerable internal network. The system uses sensors, which are high-speed network appliances, analyze individual packets to detect suspicious activity. If the data stream in a network exhibits
unauthorized activity or a network attack, the sensors can detect the misuse in real time, forward alarms to an administrator, and remove the offender from the network.
Cisco Secure: A Family of Network
Security Offerings
Cisco award-winning security products and consulting services provide the building blocks for the network security solution that your business needs.
Cisco Secure PIX Firewall
The Cisco Secure PIX™ Firewall is the world's leading firewall, providing today’s network customers with unmatched reliability, scalability, and functionality. Its integrated appliance design and innovative hybrid security
architecture, including stateful and proxy
firewalling as well as IPSec VPN capabilities, deliver the highest levels of security and performance. The PIX Firewall handles more simultaneous connections than any other firewall, yet its speed is unsurpassed.
Cisco Secure Integrated Software
Cisco Secure Integrated Software, available for a wide range of Cisco routers and switches running Cisco IOS® software, enriches the existing security capabilities in IOS software with robust firewall, intrusion detection, Data Encryption Standard (DES) encryption, and secure administration capabilities. This integrated security solution enables sophisticated policy enforcement throughout the network and leverages an organization’s investment in Cisco infrastructure.
Cisco Secure Integrated VPN Software
Cisco Secure Integrated VPN software, also available for a wide range of platforms running IOS software, combines IPSec VPN enhancements with robust firewall, intrusion detection, and secure administration capabilities. The
VPN software adds strong Triple DES encryption and authentication through digital certificates, one-time password tokens, and pre-shared keys to the baseline Cisco Secure Integrated Software. This Cisco IOS software-based solution fully supports remote access, intranet, and extranet VPN requirements.
Cisco Secure VPN Client
The Cisco Secure VPN Client enables secure connectivity for remote access VPNs, including e-commerce, mobile user, and telecommuting applications. It provides Microsoft Windows 95/98 and NT 4.0 users with a complete
implementation of IPSec standards, including support for DES and
Triple DES encryption, and authentication through digital certificates, one-time password tokens, and pre-shared keys.
C r i t i c a l E l e m e n t s o f
N e t w o r k S e c u r i t y
Cisco believes that effective network security
incorporates five critical elements:
Identity
Identity is the accurate and positive identification of network users, hosts, applications, services, and resources. Standard technologies that enable identification include authentication protocols such as RADIUS and TACACS+, Kerberos, and one-time password tools. New technologies such as digital certificates, smart cards, and directory services are beginning to play increasingly important roles in identity solutions.
Perimeter Security
This element provides the means to control access to critical network applications, data, and services so that only legitimate users and information can pass through the network. Routers and switches with access control lists and stateful firewalling, as well as dedicated firewall appliances, provide this control. Complementary tools, including virus scanners and content filters, also help control network perimeters.
Data Privacy
When information must be protected from eavesdropping or tampering, the ability to provide authenticated, confidential communication on demand is crucial. Sometimes, data separation using tunneling technologies, such as generic routing encapsulation (GRE) or Layer 2 Tunneling Protocol (L2TP), provides effective data privacy. Often, however, additional privacy requirements call for the use of digital encryption technology and protocols such as IPSec. This added protection is especially important when implementing VPNs.
Security Monitoring
To ensure that a network remains secure, it’s important to regularly test and monitor the state of security preparation. Network vulnerability scanners can proactively identify areas of weakness, and intrusion detection systems can monitor and reactively respond to security events as they occur. Using security monitoring solutions, organizations can obtain unprecedented visibility into both the network data stream and the security posture of the network.
Policy Management
As networks grow in size and complexity, the requirement for centralized policy management tools that leverage directory services grows as well. Sophisticated tools, ones that can define, distribute, enforce, and audit the state of security policy through browser-based user interfaces, enhance the usability and effectiveness of network security solutions.
Reliability
Scalability
Identity Perimeter Security Data Privacy Security Monitoring7
E-Commerce
Extranet VPN Extends WANs to business partners Remote Access VPNSecure, scalable, encrypted tunnels run across a public network using client software
Intranet VPN
Low cost, tunneled connections with rich VPN services, like IPSec encryption and QoS, ensure reliable throughput
Remote Office Business Partner Main Office Home Office Mobile Worker POP POP
Cisco Secure Policy Manager
The Cisco Secure Policy Manager is a scalable, comprehen-sive security management system for Cisco Secure products. Customers can define, distribute, enforce, and audit security policies for multiple PIX Firewalls from a central location. As the management cornerstone of the Cisco end-to-end security product line, Cisco Secure Policy Manager will support the Cisco IPSec VPN, user identity/authentication, intrusion detection, and vulnerability scanning technologies.
Cisco Secure Consulting Services
Cisco Secure Consulting Services provide customers with unparalleled network security expertise. With a thorough background in critical information protection operations in military and commercial environments, Cisco security engineers provide Security Posture Assessments. These engagements include the comprehensive security analysis of large-scale, distributed client networks both externally— from the perspective of an outside hacker—and internally—
from the perspective of a disgruntled employee or contractor. In a customer engagement, Cisco compiles, analyzes, and concisely presents its findings to the client, with operational-level recommendations to better secure the enterprise network and enable it to reach its full business potential. Cisco also offers Incident Control and Recovery services—a short-notice emergency deployment to customer sites when a network has suffered an attack. Cisco works with the customer to restore the network to full operations as quickly as possible.
VPN
Cisco Secure Solutions: Enabling the Next
Wave of Internet Business
From health care and manufacturing to retail and finance, organizations that run Internet-based applications on secure, reliable Cisco networks can take their business to new levels of service and a wider range of customers.
VPNs, for example, are rapidly transforming communications for the Internet economy. VPNs can enable organizations to realize dramatic cost savings while extending their networks and selectively opening IT boundaries to accommodate remote sites, telecommuters, suppliers, partners, and customers. By using Cisco Secure
solutions, Cisco VPNs provide the robust perimeter security, data privacy, and intrusion detection required for important Internet-based applications.
It is also no secret that Internet-based retail and business-to-business e-commerce are growing at lightning speed. More and more retailers are selling their products and services on the Internet, enabling them to easily access new customers and markets. With Cisco Secure solutions, the information that passes between you and your customers—including order information, credit authorizations, and user profiles—receives the highest standards of protection, including advanced encryption and authentication.
“Total, reliable security absolutely must be our top priority when delivering next generation services across the Internet to our business partners and clients—they expect nothing less.”
Jack Guinan
President ProxyMed.com Policy Management
“VPNs are the primary enabler of the Internet economy. There is no other way for an organization to securely and cost-effectively
connect remote users, suppliers, partners, and customers.”
Richard Palmer
Vice President, Marketing, Enterprise Line of Business, Cisco Systems, Inc.
Cisco NetWorks Cisco Powered Network Security Specialization Customer Support Security Associates
Cisco Security Ecosystem
The security products, technologies, and services in the Cisco Secure family are fundamental elements of a successful network security solution. But a comprehensive approach to network security must address other areas as well, creating a “security ecosystem” that leverages the benefits delivered by the Cisco Secure product line. This ecosystem includes several important elements, such as interoperable third-party products, implemen-tation services, customer support, and compatible service offerings.
Cisco Security Associate Program
The Cisco Security Associate Program is a testing and co-marketing program that validates the interoperability of complementary, third-party security solutions with the Cisco Secure family of products. The program is designed to evolve independent products into more effective security solutions and offer trusted and tested security
implementations for Cisco customers.
Cisco Security Specialization
The Cisco Security Specialization Program recognizes Cisco channel partners who have developed the skills required to sell, design, install, and support Cisco network security solutions for customers. As Internet business solutions are rapidly adopted, Cisco security specialization partners can meet the growing demand for critical security
implementation and support services.
Cisco NetWorks
Cisco NetWorks is a technology licensing program that incorporates Cisco Network Foundation technologies and other enabling technologies into next-generation network access devices, including IP phones and faxes, cable modems, set-top boxes, and residential gateways. Adding strong authentication and digital encryption to these devices further extends the reach of information security beyond enterprise network devices to the home.
Cisco Powered Networks
The service providers who display the Cisco Powered Network mark are telling you a lot about their services. They’ve earned the right to display this mark by
maintaining high levels of network quality and by building their services with Cisco equipment—the same equipment on which virtually all Internet traffic travels today. The services provided, therefore, are reliable and secure.
Cisco Customer Support
The Cisco model for service and support is based on the understanding that leveraging the power of the Internet not only speeds the resolution of networking issues, but also enables customers to access critical information quickly, to educate themselves, and to work proactively to improve overall network performance.
Cisco Connection Online (CCO) is the foundation of a suite of interactive networked applications that provide immediate, open access to Cisco information, resources, and systems. Through CCO, direct customers and partners have access to a variety of applications, including the Cisco Internet Technical Support (ITS) applications, which deliver comprehensive technical support solutions online. To help achieve maximum network uptime, technical assistance is available around the clock from our Technical Assistance Center networking engineers.
Cisco: Building and Securing Your Network
The Cisco vision for security—empowering Cisco customers to safely take advantage of the Internet
economy—is what drives our commitment to your network security and to your long-term success. Today, Cisco delivers the security solutions that enable secure
internetworking by embedding robust security capabilities in Cisco infrastructure and providing a broad range of security-specific appliances, software, and consulting services. Cisco Secure solutions enable your business to cost-effectively take advantage of the Internet economy with the confidence you need to explore next-generation opportunities and the explosive growth they bring.
If you want to know more about Cisco Secure products, services, and solutions, visit our Web site at www.cisco.com/go/security, or call your Cisco sales representative.
