"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
SAFE: A Security Blueprint for Enterprise Networks
The original SAFE white paper, "SAFE: A Security Blueprint for Enterprise Networks" (hereafter referred to as "SAFE Enterprise"), describes the blueprint for an enterprise network. This blueprint, shown in Chapter 4, "Understanding SAFE Network Modules," describes each module in more detail.) The focus of the design is the concept of "separation of duties and trust." Where there are differing levels of trust, the devices for that function (for example, VPN or remote access) are segregated and isolated in their own module to help mitigate any possible vulnerabilities and attacks that may occur through those devices. The following axioms (discussed in more detail in Chapter 3, "SAFE Design Concepts") were used in driving the design of this blueprint:
- Routers are targets.
- Switches are targets.
- Networks are targets.
- Hosts are targets.
- Applications are targets.
Figure 1-1. SAFE Enterprise Blueprint
Chapter 2, "SAFE Design Fundamentals":
- Security and attack mitigation based on policy
- Security implementation throughout the infrastructure
- Secure management and reporting
- Authentication and authorization of users and administrators to critical network resources
- Intrusion detection for critical resources and subnets
- Support for emerging network applications