With today's mission-critical network services, such as e-commerce, network security has become a major design consideration. This chapter discusses Cisco recommendations for securing an enterprise network. Specifically, this chapter discusses firewall, network admission control, intrusion detection, and intrusion prevention services.
Firewalls contain a list of rules that control what traffic can enter or exit a network segment. These rules can be based on, for example, user access rights or specific applications. Cisco firewalls use one of two basic modes of operation: