|
|
In the past five years networks have become a strategic business asset to improve operational efficiency, enhance productivity and provide new customer services. These new open environments are inherently insecure and robust security products and technologies such as firewalls, authentication systems and data encryption are necessary to improve perimeter security and protect network integrity. The deployment of security solutions is essential for the business communications in today"s Internet economy. The task of independently managing today"s security solutions can be cumbersome. Administrators often follow a device-by-device approach to configure security devices across a distributed enterprise network whereby each device or service is configured independently. A consistent, centralized graphical method for provisioning security services across multiple devices and different technologies is needed. Cisco Secure Policy Manager (CSPM) is a scalable, powerful security policy management system that effectively provisions security services throughout a corporate network. CSPM configures Cisco firewalls and Virtual Private Network (VPN) routers in a consistent and uniform manner that is independent of whether the device is a Cisco Secure PIX Firewall or a Cisco router supportng firewall capabilities. Cisco Secure Policy Manager allows customers to define, distribute, enforce, and audit network-wide security policies from a central location. CSPM streamlines the tasks of managing complicated network security elements such as perimeter access control, Network Address Translation (NAT) and IPSec-based VPNs . CSPM also simplifies the deployment of security services throughout corporate networks. CSPM"s graphical user interface allows administrators to visually define high-level, end-to-end security policies for multiple Cisco firewalls and VPN routers within a network. CSPM translates these policies into the appropriate device configurations with the proper syntax for the various devices within the managed network. These configurations can then be distributed automatically, eliminating the costly time-consuming practice of implementing security commands on a device-by-device basis. CSPM also provides system-auditing functions including event notification and a Web-based reporting system. As the management cornerstone of the Cisco end-to-end security product line, Cisco Secure Policy Manager introduces the policy-based management foundation that will be extended in the future to support additional Cisco security solutions including intrusion detection technologies and user identity/authentication. CSPM will also be enhanced to integrate with Cisco"s flagship enterprise management solution, CiscoWorks 2000. Cisco Secure Policy Manager provides an innovative approach to security management. Key features and benefits include the following: New Product: Cisco Secure Policy Manager 2.1
Product Overview
Key Features and Benefits
|
Feature |
Description |
Benefit |
|---|---|---|
|
Centralized management of Cisco firewalls |
Provides centralized, configuration management of small, medium and large deployments of Cisco Secure PIX firewalls and Cisco routers running the Cisco Secure Integrated Software feature set. |
Simplifies network-wide firewall and NAT management; reduces required management expertise and reduces costs |
|
Centralized management of Cisco VPN routers |
Provides centralized, configuration management of site-to-site IPSec VPNs. Supports Cisco VPN routers including the Cisco Secure PIX Firewall and Cisco routers running the Cisco IOS IPSec software. |
Simplifies VPN gateway management; reduces required management expertise and reduces costs |
|
Scalability |
Provides management support for up to five hundred Cisco firewalls and VPN routers. |
Enables an organization to meet large-scale security requirements and support network growth |
|
Distributed architecture supports internet, intranet, and extranet environments |
Supports Cisco firewall and VPN router deployment in multiple topologies---Internet, intranet, or extranet---to meet the diverse requirements of Cisco customers. Also supports centralized (standalone) and distributed installation models, depending on customers" network management needs. |
Provides flexible deployment of major system components to serve an array of implementation scenarios |
|
Secure communications support |
Offers management of local and remote Cisco devices through secure communications. Secure device management is provided via an IPSec tunnel or via a proprietary communications method known as PIX Secure TELNET. Additionally, secure communications are used between the various components of the product when deployed in a distributed mode. |
Enables enterprise-wide modifications without requiring the support of local or field network administrators Maintains and protects the integrity of the network and its defined policies from unwanted hackers. |
|
High-level policy definition and management |
Allows the administrator to easily define network-wide security policies by specifying business objectives. Translates high-level, end-to-end polices into the correct device configurations for the appropriate network devices. |
Enables an organization to accurately define its security policies for different devices and technologies across the network. Reduces the need to implement security configurations via CLI on a device-by-device basis. Dramatically reduces the required security administration expertise. |
|
Policy and VPN tunnel templates |
Provides templates to assist security administrators in creating policies and policy bundles. Provides IPSec VPN templates to assist in creating network-wide VPN tunnels. |
Expedites the deployment of firewall and VPN policies Assists novice users by offering pre-established templates containing common configurations |
|
Offline configuration support |
Allows security administrators to configure and test security policies offline, without connectivity to a "live" network |
Assists in "staging" security services throughout the network Does not require a complete or established network in order to create and verify security polices. |
|
Network Address Translation (NAT) management |
Provides an easy mechanism to configure NAT policies for Cisco firewalls. |
Enables an administrator to enhance the security and integrity of internal network resources. |
|
Consistency checking mechanism |
Validates policy integrity and consistency prior to distribution to the network. |
Reduces policy and configuration conflicts, as well as syntax configuration errors within the managed network. |
|
Configuration roll-back mechanism |
Enables automated configuration rollback to previous policy used by the system. All policies and network configurations are restored to their previous state. |
Maintains previous system configuration for back-up purposes. |
|
Multiple administrative levels |
Provides three administrative access levels to the system, enabling roles-based administration |
Suitable for various types of administrators within an IS staff (e.g. director, technician, etc.) |
|
Built-in auditing and reporting system |
Provides real-time alarms via e-mail, pager, visual, and script notifications Provides a simple, Web-based reporting system for on-demand and scheduled report generation; reports present critical warning and usage information Supports Secure Sockets Layer (SSL) for secure report access and viewing Provides Policy Status and Administrator Activity Reports Complements and interoperates with market leading monitoring, billing and reporting systems |
Provides up-to-date information on network and system events. Allows users to configure alarm notification according to their needs. |
|
Description |
Specification |
|---|---|
|
Recommended Hardware |
Intel-based Pentium II processor, 400MHz or better |
|
128 MB RAM | |
|
The system must be partitioned using NTFS -not FAT | |
|
4 GB free Hard Drive space available | |
|
1 or more properly configured network adapters | |
|
Video Display - 1024 x 768, with 64k color support | |
|
CD-ROM and 3.5" diskette drive | |
|
Required Software |
Microsoft Windows NT Server 4.0 with Service Pack 6a |
|
Microsoft Internet Explorer 5.0 or higher | |
|
Devices Supported |
Cisco Secure PIX Firewalls running software versions 4.2.4, 4.2.5, 4.4.x, 5.1.2 and 5.2.1 |
|
Cisco IOS routers running IOS versions 12.0(5)T, 12.0(5)XE5, 12.0(7)T and 12.1(1) |
Leading-edge technology deserves leading-edge support. Service and support for Cisco Secure Policy Manager are available on a one-time or annual contract basis. Support options range from help desk assistance to proactive, onsite consultation. All support contracts include:
Full access rights to Cisco Connection Online for technical assistance, electronic commerce, and product information
24-hour-a-day access to the industry"s largest dedicated technical support staff
Please contact a local Cisco sales office for further information.
Product and Part Numbers Table 19-4: Part Numbers for the Cisco Secure Policy Manager| Part Description | Part Number |
|---|---|
| Cisco Secure Policy Manager v2.0/2.1 unrestricted license | SEC-POL-MGR-2.0 |
| Cisco Secure Policy Manager v2.0/2.1 restricted license(three device license) | SEC-POL-MGR-LITE |
| Upgrade to the Cisco Secure Policy Manager v2.0/2.1 application from Cisco Security Manager versions 1.0 and 1.1 | SEC-POL-MGR-UPG |
| Software Application Support | |
| CON-SAS-SC-MGR | Software Application Services (SAS) for Cisco Secure Policy Manager v2.0/2.1 |
For more information on Cisco Secure Policy Manager 2.1, please refer to product information on CCO:
http://www.cisco.com/warp/public/cc/cisco/mkt/security/csm/index.shtml