CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources] - نسخه متنی

Tebyan

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید











  • WAN Module in Medium-Sized Networks


    The inclusion of the WAN module in the medium-sized network design is feasible only if there is a requirement to connect to a remote site using a private circuit such as Frame Relay or ATM.

    The design of a WAN module includes only one device, a Cisco IOS Firewall router, which provides routing, access-control, and QoS mechanisms to remote locations.

    The WAN module and its associated components is shown in Figure 15-6.

    Figure 15-6. Medium-Sized Network WAN Module

    Mitigating Threats in the WAN Module


    The expected threats on the WAN module and the mitigation actions to counter them are outlined in Table 15-8.

    Table 15-8. Threats Against WAN Modules and Threat Mitigation

    Threat

    Threat Mitigation

    IP spoofing

    Mitigated by using Layer 3 filtering on the router

    Unauthorized access

    Mitigated by using simple access control on the router, which can limit the types of protocols to which branches have access

    Figure 15-7 shows the threat-mitigation roles performed by the components of the medium-sized network WAN module.

    Figure 15-7. Medium-Sized Network WAN Module Threat-Mitigation Roles

    Design Guidelines


    The level of security placed within the WAN module depends on the level of trust at the remote sites and the ISP that is supplying the WAN connectivity. ACLs on the interfaces of the router can be used to control the flow of traffic both inbound and outbound among the remote sites and the medium-sized network.

    Design Alternatives


    The following are possible design alternatives to the WAN module previously discussed:

    • To provide an additional level of security and information privacy, you can use IPSec VPNs across the WAN link.

    • You can use a Cisco IOS Firewall router as the WAN router so that you can use its firewall features to provide an additional level of security. This stateful firewall provides enhanced access control when compared to the basic access control discussed previously.



  • / 290