Explanation/Reference:
Explanation: Threat Defense
Enabling integrated security in routers, switches, and appliances: Security techniques enabled throughout the network, not just in point products or locations Secure Connectivity
VPN Description VPN Name
Use AH and ESP to secure data; requires endpoints have IPsec software Standard IPsec Secure encrypted point-to-point GRE tunnels; on-demand spoke-tospoke connectivity Cisco DMVPN Enables routing and multicast traffic across an IPsec VPN; non-IP protocol and QoS support Cisco GRE- based VPN
Encryption integration on IP and MPLS WANs; simplifies encryption management using group keying; any- to-any connectivity Cisco GET VPN Simplifies hub-and-spoke VPNs; need to reduce VPN management Cisco Easy VPN Trust Trust is the relationship between two or more network entities that are permitted to communicate.
Security policy decisions are largely based on this premise of trust. If you are trusted, you are allowed to communicate as needed. However, sometimes security controls need to apply restraint to trust relationships by limiting or preventing access to the designated privilege level. Trust relationships can be explicit or implied by the organization. Some trust relationships can be inherited or passed down from one system to another. However, keep in mind that these trust relationships can also be abused.
Identity
Identity is the "who" of a trust relationship. These can be users, devices, organizations, or all of the above.
Network entities are validated by credentials. Authentication of the identity is based on the following attributes:
Something the subject knows: Knowledge of a secret, password, PIN, or private key Something the subject has: Possession of an item such as a token card, smartcard, or hardware key Something the subject is: Human characteristics, such as a fingerprint, retina scan, or voice recognition Generally, identity credentials are checked and authorized by requiring passwords, pins, tokens, or certificates.