Cisco Releases refreshed Security Best Practices Guide - SAFE
By jheary on Thu, 05/07/09 - 11:00pm.Cisco’s SAFE Security Design and Implementation Guide is back. Cisco has given its SAFE Guide a complete makeover and brought it up-to-date with today’s threat environment. True to the legacy of the old SAFE Guide an updated version of the then popular SAFE Poster is available for your cube wall as well!
In the early 2000’s, Cisco established a large customer following of its Safe Security Design Guide. Especially popular was the SAFE poster, it hung in many a customers cube. It became just as popular as the old Network General protocol poster. Many IT organizations relied on the Cisco SAFE Security Design Guide for direction and best practices on securing their enterprise networks. Slowly, with time, the old SAFE Guide slid into obsolescence. For a couple years it seemed like Cisco had abandoned SAFE. Given Cisco’s renewed focus on Security lately, I guess it seemed like a good time for them to resurrect and refresh their best practices Security design guide.
The new SAFE architecture maintains the modular nature of its predecessor.
Each module is discussed as it stands alone and how it integrates with other modules. This allows you to pick the modules that best apply to your environment. Unlike most security whitepapers, SAFE provides you with step-by-step instructions, screenshots, and configuration examples throughout. In fact, it includes just about every configuration snippet necessary to build out the entire SAFE architecture from scratch! By including this information, Cisco SAFE drastically cuts down on the implementation and deployment time necessary to rollout a secure architecture. It also eliminates the guesswork of trying to figure out exactly what commands and features the guide was referencing or describing.
This is how Cisco describes the SAFE architecture:
The Cisco SAFE uses modular designs that accelerate deployment and that facilitate the implementation of new solutions and technologies as business needs evolve. This modularity extends the useful life of existing equipment, protecting capital investments. At the same time, the designs incorporate a set of tools to facilitate day-to-day operations, reducing overall operational expenditures.
This guide discusses the Cisco SAFE best practices, designs and configurations, and aims to provide network and security engineers with the necessary information to help them succeed in designing, implementing and operating secure network infrastructures based on Cisco products and technologies. While the target audience is technical in nature, business decision makers, senior IT leaders and systems architects can benefit from understanding the design driving principles and fundamental security concepts.
The Cisco SAFE consists of design blueprints based on the Cisco Validated Designs and proven security best practices that provide the design guidelines for building secure and reliable network infrastructures.
Bottom line is that if you have any Cisco gear in your environment then you should review SAFE. It will show you how to best harden and secure your devices and network environment. Like almost everything in security design, there is usually more than one way to accomplish the same thing. The SAFE guide was put together to show you the best practices that Cisco recommends to secure a generic network. But remember, that doesn’t mean there are not viable alternatives that would work as good or better in your specific environment than the ones provided.
So were you a SAFE Guide fan back in the day? What are your impressions of the new Cisco SAFE architecture?
Cisco SAFE Website: http://www.cisco.com/go/safe
Cisco Safe Design and Implementation Guide (DIG)
http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/SAFE_RG/sa...
Cisco Safe Poster
http://www.cisco.com/cdc_content_elements/networking_solutions/rsa/colla...
The opinions and information presented here are my PERSONAL views and not those of my employer. I am in no way an official spokesperson for my employer.
More from Jamey Heary:
* Credit Card Skimming: How thieves can steal your card info without you knowing it
* Cisco enters the crowded AV and DLP client market
*Cisco's new ASA code allows you to securely take your Cisco IP Phone with you anywhere
* Cisco targets Symantec, McAfee with its new antivirus client
* Google's Chrome raises security concerns and tastes like chicken feet a>Go to Jamey’s Blog for more articles on security.
- About Cisco Security Expert
Jamey Heary, CCIE #7680, sits on the PCI Security Standards Council- Board of Advisors where he provides strategic and technical guidance for future PCI standards. Jamey is the author of Cisco NAC Appliance: Enforcing Host Security with Clean Access. (Check out all of Jamey Heary's books from Cisco Press.) He also has a patent pending on a new DDoS mitigation technique.
Jamey sits on several security advisory boards for Cisco Systems and is a founding member of the Colorado Healthcare InfoSec Users Group. He is an experienced speaker who is recognized as an expert in network security architecture, regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP, and he is a Certified HIPAA Security Professional. He has been working in the IT field for 15 years and in IT security for 10 years. Jamey is currently a Distinguished Systems Engineer at Cisco Systems.
Most Discussed Posts
-
Network World, Inc
The Connected Enterprise