Implementing Cisco Security Components On A Network Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Network security consists of policies that network specialist deploy in his/ her organization to prevent unauthorized access or misuse of the organization's resources, the unauthorized can be inside or outside the organization.

As the internet access became more and more available, easy , essential for any kind of organization, so we need to focus on the network security to protect the critical and valuable resources from different type of network attacks such as Denial-of-Service, Man-in-the-Middle , IP Address Spoofing , password based attack and others.

The organization resources can be :

Personal Computers , printers

Data , Application , Telnet , Audio / Video , FTP , Web , Mail , Proxy Servers

Offline storage

Network Elements ( Switches )

Self - Defending Network is a term used to describe a comprehensive network security solution that give the organization's network the ability to quickly respond to any kind of internal or external attacks and serious threats while maintaining availability and reliability.

Self - Defending Network benefits are as follows :

The network will remain active while in attack.

The attacks can be minimized or stopped completely.

Quick respond to any unknown attacks.

Integrate the network security end points such as firewall, IPS , NAC , CSA into a collaborative defense system.

Enforce system management and control.

Manage the network more efficiently.


In my proposal I will focus on building the self - defending network concept using Cisco security components. For better understanding I will choose an organization with no security policies deployed and I will implement Cisco security components step by step approach implementation after describing each component in details. Recently I did a research among the important organizations in Kuwait I found that the largest and the most important organization didn't deploy the basis security level within their premises so I will choose this organization as a case study. I will describe the current situation before implementing the security solution then the organization's environment after the implementation.

The organization will have Single Sign-On Authentication solution which considered very important security component from NAC ( Network Admission Control ) , emphasize on the IEEE 802.1x access port authentication in the organization to authenticate devices that will be connecting to the network.

The general concept of Cisco Security components:

Network - Based Intrusion Protection System

Network Access Authentication

Host - Bases Intrusion Protection System

Monitoring , Analysis and Response System

The Security components are:

Cisco Security Agent

IPS (Intrusion Prevention System )

Cisco Secure Access Control

LMS ( LAN Management Solution )

NAC Appliance-Clean Access ( Network Admission control )

Cisco Security Agent

Is an endpoint installed in the personal computers and servers and will examine all system activities and network traffic and protect these network endpoints from any attacks in addition all these events will be sent to the system log that is kept in the Management center.

Intrusion Prevention Systems ( IPS )

It is a device that is installed in the organization's network to protect from malware, worms, application abuse ,this device is meanly for the internet access.

IPS will identify and stop the unknown and the known threats before spreading into the internal network. IPS will also work with other security components.

Cisco Secure Access Control

An engine solution, that authenticate the administrators who configure the network devices for example routers and switches and also authorize the commands that are used by the administrators. This solution enforces the administration access control centrally and enforces auditing to their actions.

LMS ( LAN Management Solution )

LMS is a web portal management tool that an administrator can configure and monitor their devices and even troubleshoot. LMS contains many components that network administrator can use such as :

Campus Manager

Cisco view

Health and Utilization Monitor

Performance Monitor

Resource Manager

Device Fault Manager

LMS Portal

NAC ( Network Admission Control ) Appliance

NAC can also be called clean access which authenticate and authorize any user and device needs to connect to the organization network and enforce the security policies. This appliance will identify if the user is connected through wire or wireless connection. This solution is very powerful and can be deployed in two options as in-band or out-band , deploy the security policy compliance to the devices in which all devices should have the latest software and anti-virus updates. NAC will isolate the device that doesn't comply with the policies until it receives the latest updates. Single sign on mechanism will be implemented through this powerful solution.


Virtual machine for both client and server

Active Directory 2008

Resources :