Cisco SAFE
SAFE is available for different sizes of networks. The Cisco white papers “SAFE: A Security
Blueprint for Enterprise Networks and SAFE: Extending the Security Blueprint to Small,
Midsize, and Remote-User Networks” are guides for network designers and focus on the
implementation of secure network designs. Cisco SAFE is based on Cisco AVVID. SAFE uses
best practices and the interoperability of various Cisco and Cisco partner products. Several
SAFE white papers available on Cisco.com focus on the following design fundamentals (from
the Cisco Systems white paper “SAFE: A Security Blueprint for Enterprise Networks,”
copyright 2000):
■ Security and attack mitigation based on policy
■ Security implementation throughout the infrastructure (not just specialized security
devices)
■ Secure management and reporting
■ Authentication and authorization of users and administrators to critical network
resources
■ Intrusion detection for critical resources and subnets
■ Support for emerging networked applications
The SAFE blueprint is composed of the critical areas of network security:
■ Perimeter security—Protects access to the network by controlling access on the
network’s entry and exit points
■ Secure connectivity—Provides secure communications via virtual private networks
(VPNs)
■ Application security—Ensures that critical servers and applications are protected
■ Identity—Provides secure authentication and authorization services to ensure that access
is restricted to only authorized users
■ Security management and monitoring—Allows for centralized management of security
resources and the detection of unauthorized activity on the network
NOTE Cisco SAFE Implementation (exam 642-541) is a requirement for CCSP
Certification. For more information, see http://www.cisco.com/go/certifications.