.

Cisco Security

<<

scucci

Newbie
Newbie

Posts: 29

Joined: Mon Sep 15, 2008 10:55 am

Post Fri Sep 26, 2008 11:27 am

Cisco Security

Currently we have multiple different hardware vendors performing all different parts of our layered security. Now that I think of it, we don't have more than one vendor performing security in every part of our network. (Firewalls, SIEM, antivirus, IPS, etc.)

I like Cisco and seeing what they can do with all areas of security running Cisco products is impressive. From your standpoint, would it be better to diversify the equipment to different vendors or have one manage them all. I know that Cisco might not be #1 in all categories, but when all their equipment is working together, I feel that you have a tighter network.

Scucci
<<

dalepearson

Sr. Member
Sr. Member

Posts: 357

Joined: Thu Nov 09, 2006 10:03 am

Post Sat Sep 27, 2008 4:33 pm

Re: Cisco Security

I am sure many people will have many different opinions on this.
Cisco is for sure a good brand, with some quality products, and alot of companies are Cisco houses.

My personal opinion is where possible go for best of breed, and just not to put all your eggs in one basket. So I like to have a few solutions in the mix by different vendors. That way when a major issues flares up (some zero day attack) I will hopefully have some layer providing some protection.

Just my thoughts.
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Sun Sep 28, 2008 3:49 am

Re: Cisco Security

In part I'd agree with Dale.

Cisco are generally superior in what they do best, routing and switching. However, often the attempts to branch into different fields and features can leave a bit to be desired. They usually design and create devices with a high level of security, however it is often seen that the advanced 'features' are less secure.

For example this months security advisory lists several vulnerabilities in 'security' features; including vulnerable IPS features, potential data leakage from a VPN and even an issue with the humble NAT. (Full advisory here)

I'm not trying to claim that Cisco devices are less secure than other manufacturers, it could easily be the case competitors are just less open regarding their bugs; and if you want to move to a single manufacturer for all devices you could certainly do worse than go with Cisco.

It is usually the case though that those specialising in a specific technology will produce a better product than generalists, providing you stick to the big boys. Best-of-breed devices usually have that label for a reason.

Good luck out there...
<<

$w33p3R

Newbie
Newbie

Posts: 30

Joined: Fri Aug 08, 2008 10:39 pm

Post Sun Sep 28, 2008 4:45 am

Re: Cisco Security

I think Dale and RoleReversal summed up the majority of my opinion, other than, it is kind of like asking which is the best OS; MAC, Linux or Windows?  You are gonna get so many answers it is rediculous.  In most cases, he who throws the most money at promoting/advertising their product wins, which Cisco has done a great job at.

I can give you one product that I have not had much luck with...Linksys, which is put out by Cisco.  For their high-end stuff to work pretty good most of the time, they sure as hell can't get the home market down, of course, that's my opinion and the experience I have had with several Linksys routers.

To the OP, remember, don't put so much faith in one product.  One weak link can break the whole chain.  As RoleReversal pointed out, Cisco consistently has its share of vulnerabilities, which does not necessarily make it a bad product.  But, having other solutions in place is a wise choice.
MCP, CEH
<<

dalepearson

Sr. Member
Sr. Member

Posts: 357

Joined: Thu Nov 09, 2006 10:03 am

Post Sun Sep 28, 2008 9:20 am

Re: Cisco Security

Like I said, dont put all your eggs in one basket (all one vendor) unless there is a strategic reason.

Multiple layers is the key, and if this can incorporate various vendor offerings the better.
<<

scucci

Newbie
Newbie

Posts: 29

Joined: Mon Sep 15, 2008 10:55 am

Post Mon Oct 06, 2008 11:29 am

Re: Cisco Security

Thanks you everyone for your reviews.
<<

charlottebandit

Newbie
Newbie

Posts: 49

Joined: Sat Jun 10, 2006 4:26 pm

Post Thu Oct 23, 2008 10:43 pm

Re: Cisco Security

I think it matters a lot (personal preference) because Cisco security products have steered away from mostly being point products several years ago.  For the past couple of years, they've focused on collaborating each security controls together to integrate with another & even escalate the security of other Cisco security solutions. 

Security no longer becomes an afterthought or a necessary evil, but a security architecture that's designed to scale to Government & Compliancy requirements (like PCI, HIPPA, SOX) which goes far beyond just a simple firewall. 
MS, CCSP, CCNP, CCDP, CEH, CHFI, CPTS
<<

Cr@sh

Newbie
Newbie

Posts: 5

Joined: Thu Dec 04, 2008 2:04 pm

Post Thu Dec 04, 2008 2:32 pm

Re: Cisco Security

With there recent purchase of Ironport they have stepped up there arsonal of network security by ten fold. I recently was able to attend a demo on the Ironport and was very impressed with there product. My company is now using a largescale Ironport as a virusgateway and email scanner and it's working very well.
<<

charlottebandit

Newbie
Newbie

Posts: 49

Joined: Sat Jun 10, 2006 4:26 pm

Post Tue Dec 30, 2008 9:56 am

Re: Cisco Security

Yup.  Ironport works as a wonderful email & web content filtering front end which also collaborates with Cisco's Security Agent (CSA) to reinforce Data Loss Prevention, or info leakage through email.

Their latest acquisition this past summer will really ramp up network security with role-based application enforcement/security.  And like their other security offerings, it will probably work together which will take it to the top IMO.
Last edited by charlottebandit on Tue Dec 30, 2008 10:16 am, edited 1 time in total.
MS, CCSP, CCNP, CCDP, CEH, CHFI, CPTS
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Thu Jan 15, 2009 11:26 am

Re: Cisco Security

dalepearson wrote:Like I said, dont put all your eggs in one basket (all one vendor) unless there is a strategic reason.

Multiple layers is the key, and if this can incorporate various vendor offerings the better.


The problem with this approach is that you must become equally proficient with multiple products. For example, using two different firewalls would prevent an exploit in one from working on the other, but at the same time, you may increase the likelihood of configuration errors. I'm not outright disagreeing with you, since that approach does have benefits as well. I'm just offering an alternate perspective because I think some people develop a false sense of security by taking the multi-vendor approach.
The day you stop learning is the day you start becoming obsolete.
<<

shednik

Jr. Member
Jr. Member

Posts: 75

Joined: Thu Sep 11, 2008 7:30 am

Post Thu Jan 15, 2009 1:38 pm

Re: Cisco Security

dynamik wrote:The problem with this approach is that you must become equally proficient with multiple products. For example, using two different firewalls would prevent an exploit in one from working on the other, but at the same time, you may increase the likelihood of configuration errors. I'm not outright disagreeing with you, since that approach does have benefits as well. I'm just offering an alternate perspective because I think some people develop a false sense of security by taking the multi-vendor approach.


To get around that for example in my company's environment we have a team of individuals whom work on certain aspects of the infrastructure.  Each one has their own specialty and have a working proficiency in the rest.  So in all everyone can work with everything, but we have an expert for each technology.  So for major changes the SME would either complete or review all configuration changes to ensure there are no issues.  Nice to see you over here dynamik  ;D
CCNA, MCP, A+, N+

WIP: Masters of Infosec, CEH, & Mastering C
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Thu Jan 15, 2009 1:57 pm

Re: Cisco Security

Yep, if you have the resources to go about things that way, that's an excellent solution. That's why I wasn't saying one approach was right and the other was wrong; it's entirely circumstantial.

Nice to see you too! I'm a little intimidated by the level of technical proficiency here, so I'm probably just going to lurk for the most part ;)
The day you stop learning is the day you start becoming obsolete.
<<

charlottebandit

Newbie
Newbie

Posts: 49

Joined: Sat Jun 10, 2006 4:26 pm

Post Wed Jan 21, 2009 11:43 pm

Re: Cisco Security

dynamik wrote:Nice to see you too! I'm a little intimidated by the level of technical proficiency here, so I'm probably just going to lurk for the most part ;)


Don't be intimidated dynamik.  Nobody knows everything and all of us had to start somewhere too.  Not only that but we're able to share ideas and techniques here.

:)
MS, CCSP, CCNP, CCDP, CEH, CHFI, CPTS
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Thu Jan 22, 2009 2:46 am

Re: Cisco Security

Hey dynamik,

I'll second that. If this place was only full of experts, it would be a very lonely place. None of us are perfect, and I can guarantee that none of us know everything about this field. There is simply too much. And what has been picked up along the way, we all want to share it with those behind us as those in front of us did for us.

Keep it up and spread the word to other lurkers who may feel the same.

A BIG welcome to EH-Net,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Thu Jan 22, 2009 12:40 pm

Re: Cisco Security

Thanks for the welcome guys :D

I'm actually not too nervous; that was more of a compliment to you guys. This seems like a great forum with respectful, knowledgeable members, so I don't think there's any reason to experience n00b anxiety when posting ;)

I'm fairly tech-savvy, but I'm still quite new to the ethical hacking scene. I was introduced to this site by a few people I know from techexams.net (where I'm slightly more active). I'll definitely be recommending this site to other EH enthusiasts.

TE is king when it comes to IT certifications (though very specialized ones such as the GPEN don't get much mention), but the level of depth you guys get into is astounding. This appears to be a phenomenal resource, and I'm very much looking forward to going through the forums, blog entries, columns, etc.

Well, I think that's enough chatter; I have a great deal of catching up to do :o

Thanks again to everyone who makes this possible :D
The day you stop learning is the day you start becoming obsolete.
Next

Return to Hardware

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software