Pointing at the Internet and indicating that as the point in time when security had to become a part of everyone’s computing strategy is easy. Business and individuals alike were faced with protecting their computing resources from the many possible dangers that lurked in the Net. The Internet opened a large door onto a busy street filled with seemingly unlimited commercial and intellectual opportunities. Unfortunately, within that busy street reside the same opportunists we fear in our noncyber lives.
Another way the Internet impacts security is its worldwide reach as a reference library for security experts and, unfortunately, the hacker community as well. In a few minutes, a search for hack, crack, phreak, or spam yields many sites, some with many links to other links.
But blaming the Internet is somewhat unfair. The Internet simply happened to be the first attractive new service with strong mass appeal that brought with it significant security risks. Others that followed include wireless communications and connectivity, instant messaging, and enhanced e-mail services, and undoubtedly more will follow. Increased security awareness and implementation is, by necessity, one of the prices that must be paid for new services that connect people.
Unfortunately, all organizations aren’t alike and, therefore, a one-plan-fits-all approach to security won’t work. Many factors—from internal company policies to topologies and services supported—impact the decisions about the proper security strategy. Even within an organization, the security requirements can require many different solutions. A single LAN branch location has different security issues than a WAN link or a campus VLAN environment.
Even after the organization assesses its security risks and starts to develop a plan, problems often exist in knowing whether various multivendor tools will work together and be supportable in the long term. One common problem with any multivendor environment (not only networking) is the inevitable finger-pointing when things go wrong. So often, a decision about single vendor or multivendor solutions must be made. Cisco is a big believer in single-vendor, end-to-end solutions—the company was built through acquisitions and R&D to that end, but it’s also a solid supporter of standards-based technologies. Standards-based solutions can at least reduce some of the interoperability issues involved in a multivendor solution.
Cisco network and security products are developed under Cisco’s AVVID and SAFE strategies to ensure solid standards-based implementations. Both strategies are covered later in this chapter in the “Cisco AVVID and SAFE Strategies” section.
Multivendor implementations require more than just knowing that the technologies will work together. There can also be a significant support commitment and cost in maintaining resident experts on multiple vendor products. In addition to having to know how to install and provide production support, someone must be a security expert on each vendor line to keep on top of security announcements, vulnerabilities, patches, upgrades, and so forth. The future can change the balance completely. While products from two vendors might “play well together” initially, what happens in the future when a new technology develops and one vendor chooses a standards-based approach while the other chooses a proprietary solution, or maybe not to play at all?