Cisco’s SAFE Security Design and Implementation Guide is back. Cisco has given its SAFE Guide a complete makeover and brought it up-to-date with today’s threat environment. True to the legacy of the old SAFE Guide an updated version of the then popular SAFE Poster is available for your cube wall as well!
In the early 2000’s, Cisco established a large customer following of its Safe Security Design Guide. Especially popular was the SAFE poster, it hung in many a customers cube. It became just as popular as the old Network General protocol poster. Many IT organizations relied on the Cisco SAFE Security Design Guide for direction and best practices on securing their enterprise networks. Slowly, with time, the old SAFE Guide slid into obsolescence. For a couple years it seemed like Cisco had abandoned SAFE. Given Cisco’s renewed focus on Security lately, I guess it seemed like a good time for them to resurrect and refresh their best practices Security design guide.
The new SAFE architecture maintains the modular nature of its predecessor.
Each module is discussed as it stands alone and how it integrates with other modules. This allows you to pick the modules that best apply to your environment. Unlike most security whitepapers, SAFE provides you with step-by-step instructions, screenshots, and configuration examples throughout. In fact, it includes just about every configuration snippet necessary to build out the entire SAFE architecture from scratch! By including this information, Cisco SAFE drastically cuts down on the implementation and deployment time necessary to rollout a secure architecture. It also eliminates the guesswork of trying to figure out exactly what commands and features the guide was referencing or describing.
This is how Cisco describes the SAFE architecture:
The Cisco SAFE uses modular designs that accelerate deployment and that facilitate the implementation of new solutions and technologies as business needs evolve. This modularity extends the useful life of existing equipment, protecting capital investments. At the same time, the designs incorporate a set of tools to facilitate day-to-day operations, reducing overall operational expenditures.
This guide discusses the Cisco SAFE best practices, designs and configurations, and aims to provide network and security engineers with the necessary information to help them succeed in designing, implementing and operating secure network infrastructures based on Cisco products and technologies. While the target audience is technical in nature, business decision makers, senior IT leaders and systems architects can benefit from understanding the design driving principles and fundamental security concepts.
The Cisco SAFE consists of design blueprints based on the Cisco Validated Designs and proven security best practices that provide the design guidelines for building secure and reliable network infrastructures.
Bottom line is that if you have any Cisco gear in your environment then you should review SAFE. It will show you how to best harden and secure your devices and network environment. Like almost everything in security design, there is usually more than one way to accomplish the same thing. The SAFE guide was put together to show you the best practices that Cisco recommends to secure a generic network. But remember, that doesn’t mean there are not viable alternatives that would work as good or better in your specific environment than the ones provided.
So were you a SAFE Guide fan back in the day? What are your impressions of the new Cisco SAFE architecture?
Cisco SAFE Website: http://www.cisco.com/go/safe
Cisco Safe Design and Implementation Guide (DIG)
http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/SAFE_RG/sa...
Cisco Safe Poster
http://www.cisco.com/cdc_content_elements/networking_solutions/rsa/colla...
The opinions and information presented here are my PERSONAL views and not those of my employer. I am in no way an official spokesperson for my employer.
More from Jamey Heary:
* Credit Card Skimming: How thieves can steal your card info without you knowing it
* Cisco enters the crowded AV and DLP client market
*Cisco's new ASA code allows you to securely take your Cisco IP Phone with you anywhere
* Cisco targets Symantec, McAfee with its new antivirus client
* Google's Chrome raises security concerns and tastes like chicken feet a>Go to Jamey’s Blog for more articles on security.
Jamey Heary, CCIE No. 7680, is the author of the Cisco NAC Appliance: Enforcing Host Security with Clean Access book by Cisco Press. Jamey is a seasoned security technologist with over 15 years in the IT field with 10 years focused on IT security. His areas of expertise include network and host security design and implementation, security regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP, and Microsoft MCSE. He is also a Certified HIPAA Security Professional. Jamey is currently a Security Consulting Systems Engineer with Cisco, though the opinions expressed here are his own. Jamey is a member of Network World's Cisco Subnet blog community.
The Leader in Network Knowledge
it is really best
it is a very good news from Cisco that finally they update the old Cisco SAFE.i hate to see SAFE layer 2 best practice guide that show the ugly CAT-OS commands instead of IOS.who still use that scrapped? i download the new SAFE pdf from Cisco and that was really comprehensive and as Jamey noted , it come with example , screenshots and step-by-step guide (not only talk in general , it written truly for real world scenario with detail configurations) with modular design. at the time of typing this note i read 4 chapter of recently published SAFE , and I can say I love it !! it seems that finally Cisco realized networkers need contents with examples as a real guide for real world.
Post new comment