لطفا منتظر باشید ...
Examining SAFE Design Fundamentals
Because an organization's network tends to evolve gradually as the organization's IT requirements increase, many organizations do not have an overall design concept or philosophy in place that guides network growth, the result of which is that networks become less secure and more difficult to manage and troubleshoot as they grow. The SAFE design philosophy is modular, and modularity enhances the flexibility, manageability, and security of a network. This approach has two significant advantages:
- The security relationship between the modules can be addressed.
- The design permits the designers to phase in security on a per-module basis rather than attempt to implement security throughout the entire network architecture in a single phase.
The SAFE blueprints are reference architectures only that are based on a "greenfield" approach. This approach provides for the design and development of the network from scratch rather than from a pre-existing architecture already in place. It is not always possible, nor is it expected, for network engineers who choose to implement the SAFE architecture to match the design in the blueprint verbatim. Most production networks cannot be easily dissected into the distinct modules that are described in the blueprints. SAFE does, however, provide design templates that network engineers can use to enhance security on their networks.The following underlying fundamentals that guided the design of the SAFE blueprint are stated in every SAFE white paper:
- Security and attack mitigation based on policy
- Security implementation throughout the infrastructure
- Cost-effective deployment
- Secure management and reporting
- Authentication and authorization of users and administrators to critical network resources
- Intrusion detection for critical resources and subnets
The SAFE blueprints use modules to address the distinct security requirements of each network area. This allows for rapid, consistent deployment of security throughout the enterprise without the need to redesign the network each time a new service is added. The module templates in SAFE provide for an easier, more cost-effective method to secure each new service as needed and to integrate that service into the overall security architecture of the network. Additionally, each module in SAFE is designed to provide security in cases of failure of the security devices that feed into the module. The concept of "defense in depth" is implemented on both the inbound and outbound data paths of each module.The unique feature of the SAFE blueprint is that it is the first to recommend and explain exactly where and why security solutions should be included. The SAFE blueprint is designed to provide maximum performance while maintaining network security and integrity.
