Chapter 3 - Building a Security Strategy Flashcards
What is a Borderless End Zone?
This is where devices connect to the network. Malware, viruses, and malicious software is a big concern. NAC and ISE can be used to interrogate devices before they are allowed onto the network.
What is a Borderless Data Center?
This is typically a cloud-driven business environment that could provide services. ASA’s and IPS are used to protect network resources here.
What is a Borderless Internet?
Basically, the entire Internet.
What is a Policy Management Point?
Enterprise tools that allow implementation of security measures across the entire network.
Cisco Security Manager (CSM) and Cisco Access Control Server (ACS) are examples of these tools.
What is NAC?
Network Admissions Control
What is ISE?
Identity Services Engine.
What is CSM?
Cisco Security Manager
What is ACS?
Cisco Access Control Server
What is “context-aware” security?
Security enforcement that involves the observation of users and roles in addition to interface-based controls.
Ex: An Access Control Server (ACS) that allows an admin full rights when logged in from inside the network, but allows restricted access via remote device or smartphone.
What is SecureX?
This is Cisco’s security framework to establish and enforce security policies across a distributed network.
What is Security Intelligence Operations (SIO)?
SIO is a cloud based service managed by Cisco. It identifies and correlates real-time threats so that customers can leverage this information to better protect their networks. (Learn about a new attack, so you can better protect your network before it hits)
What is TrustSec?
TrustSec is part of the Cisco SecureX security architecture strategy. Its idea is to create “a distributed access policy enforcement mechanism”. It may use encryption to provide confidentiality.
It’s main goal is to provide end-to-end security based on who, what, where, and how users are connected to the network.
Actual toolsed used for TrustSec are:
ISE, NAC, and AAA
What is a Security Group Tag?
Security Group Tags (SGTs)
Once a device is authenticated, Cisco TrustSec tags any packet that originates from that device with a security group tag (SGT) that contains the security group number of the device. The packet carries this SGT throughout the network within the Cisco TrustSec header. The SGT is a single label that determines the privileges of the source within the entire enterprise.
