1/21/2010

Audit it security

Currently, the branch access switches do not have the capability to classify and mark traffic, although they plan to eventually deploy switches in their branches with such capabilities (including dual-rate policing and marking). In the meantime, ABC, Inc., will mark all branch-to-campus traffic on the branch router's LAN edge on ingress. When the budget enables them to upgrade their audit it security, marking policies dependent on Layer 3 or Layer 4 criteria will be pushed out to the branch access switch (based on designs covered in Chapter 12). However, policies will remain on the branch router's LAN edge to classify and mark applications that require stateful packet inspection (using NBAR).

No comments: