l xmlns="http://www.w3.org/1999/l">
The original SAFE white paper, "SAFE: A Security Blueprint for Enterprise Networks" (hereafter referred to as "SAFE Enterprise"), describes the blueprint for an enterprise network. This blueprint, shown in Chapter 4, "Understanding SAFE Network Modules," describes each module in more detail.) The focus of the design is the concept of "separation of duties and trust." Where there are differing levels of trust, the devices for that function (for example, VPN or remote access) are segregated and isolated in their own module to help mitigate any possible vulnerabilities and attacks that may occur through those devices. The following axioms (discussed in more detail in Chapter 3, "SAFE Design Concepts") were used in driving the design of this blueprint:
Routers are targets.
Switches are targets.
Networks are targets.
Hosts are targets.
Applications are targets.
Chapter 2, "SAFE Design Fundamentals":
Security and attack mitigation based on policy
Security implementation throughout the infrastructure
Secure management and reporting
Authentication and authorization of users and administrators to critical network resources
Intrusion detection for critical resources and subnets