Escolar Documentos
Profissional Documentos
Cultura Documentos
I. Foundation Topics
II. Securing Borderless Networks
1. The Changing Nature of Networks
1. Applications and infrastructure are being hosted remotely as a service whereas
before everything was located within the network. All this means is that the
traditional network and associated infrastructure and applications may be hosted in
various locations, however the security principles do not change.
2. Logical Boundaries
1. Borderless networks have layers or areas as the Cisco Hierarchical model does and
appropriate security measures for each area, see below for descriptions of the
various borderless network areas.
Table 3-2 Borderless Network Components
Component Explanation
Borderless
end zone
This is where devices connect to the network. It is here that we are concerned with
viruses, malware, and other malicious software. Using techniques such as Network
Admissions Control (NAC) and Identity Services Engine (ISE), we can properly
interrogate devices before they are allowed onto the network to verify they meet
certain minimum requirements (installations of virus scanning tools, service packs,
patch revision levels, and so on).
Borderless
data center
Borderless
Internet
This represents the biggest IP network on the planet, which we are all familiar with.
Service providers and other individuals connected to the Internet use various
techniques for security, including IPSs, firewalls, and protocol inspection (all the way
from Layer 2 to Layer 7 of the OSI model).
Policy
management
point
1-3
4-8
Page Number
Table 3-2
41
List
42
List
An ounce of prevention -
42
Select this option to enable the DHCP server for the specific interface
you have chosen to configure your scope for.
Enter the start and end IP addresses of the subnet or range you
want to use for the purposes of address assignment to your remote users.
DNS Server 1
DNS Server 2
Domain Name
Enter the default domain name that will be used by your remote
users to prefix against any devices they might attempt to access
by name.
Lease Length
its maximum value. This is a proactive way for the client to try to
keep its IP address assigned.
Ping Timeout
Enable Auto-Configuration
from Interface
Enable this option if you are retrieving all the information in the
previous fields (that is, DNS, WINS, domain name, and so on)
dynamically from a source on the interface selected. This will allow
you to use the dynamically learned information and give this to
remote users to use. However, if you have configured any addresses explicitly using the fields mentioned earlier, this will be
preferred over any dynamically learned information.
Explanation
Borderless Internet