Security Comes “Baked In” on Latest Cisco Routers By Mary Shacklett Routers continue to come in all shapes and sizes, with duties that range from total enterprise traffic routing to routing responsi-bilities for small and medium-sized back offices and businesses.

Regardless of application, all routers require robust security measures to cope with the myriad of security threats that confront today’s technology.

These security threats have grown exponentially with the popularization of the Internet for data and voice traffic transport. It is no longer enough for IT professionals to apply security techniques and policies alone. Router manufacturers like Cisco realize that enterprise security must be “baked into” the routers in the form of embedded systems that harden communi-cations resources like routers from security threats and attacks.

The Cisco Self-Defined Network is applied to a new generation of routers that blend expertise in routing with best of class secu-rity. These Cisco routers use firewall and intrusion protection technologies and directly incorporate Cisco IO software security into the routers themselves. One prime directive of the integrated IOS is to protect against router break-ins, since routers often function on the edges of networks and are ready-made targets for would-be intruders.

Hardened Cisco security is included in series 800, 1800, 2800, and 3800 routers. This security addresses vital areas in trust and identity; vulnerability and attack protection; and secure connectivity for data and voice traffic.

Trust and Identity
Cisco routers use the Network Admission Control (NAC) method that Cisco has advanced to the networking industry as an industry-wide standard. A central purpose of NAC is ensuring that every endpoint device complies with the network security procedure of the enterprise using them. If not, access is denied. Cisco routers also use AAA security services for the setup and dynamic configuration of user authentication and authorization. These services are organized around the 802.1x standard, which makes unauthorized access more difficult by requiring valid access credentials. Cisco 800, 1800, 2800 and 3800 series routers come equipped with fully inte-grated USB 1.1 ports that enable both security and storage. These ports are often used for securing VPN connections.

Vulnerability and Security Attack Protection
Cisco routers use a control plane to police the network from denial of service (DoS) attacks. The Cisco IOS has the ability to limit rates of traffic to the control plane processor. This diminishes the opportunity for DoS attacks to occur.

Security Protection for Data and Voice Traffic
Cisco incorporates security protection in its routers for every type of network traffic imaginable in business. This includes VPN tun-neling and encryption, and the support of various types of VPNs—from virtual tunnel VPNs to easy VPNs and DMV VPNs. For voice traffic, Cisco routers also provide secure voice security for non-IP-based telephony like TDM (time-division multiplexor) and analog voice. The routers use AES (Advanced Encryption Standard), the most robust encryption formula available for voice.

Determining What’s Right for Your Site
The many security options afforded by Cisco routers are best utilized by IT security policies and expertise that optimize the possibili-ties of the particular security and compliance environment of the enterprise the routers are used in. This is a critical issue, since usu-ally the router comes preconfigured with “default” security settings that can create traffic security issues for the enter-prise that auditors and compliance officials are unhappy with.

Cisco courses and certifications assist IT professionals in keeping on top of optimal security configurations, as do published best practices and industry experience. From an investment standpoint, the important thing is that the new series of Cisco routers, re-gardless of size, come equipped with enough resident security to meet the needs of all types and sizes of enterprises and busi-nesses—easier than ever before.