Network Engineer in Information Technology at Fakeeh Medical Group (1001-5000 employees employees)

Use Cases and Deployment Scope

Cisco IOS Security is theain IOS we use to manage our entire enterpraise network. The features and tools prpvided in the Cisco IOS Security makes managing and securing the network easily and smooth. Starting from creating access list and limiting access to certian users to hardening the switches and routers from unwanted attackers.

Pros

Creating access lists to limit only network admin to access the Switch IOS and blockes normal users.
Firewall and IPS integration to prevent attackers.
Autherization, Authintication and Accounting. By implenting aaa concept and using Raduis server you can secure access to your ports and audit or allow known devices only to connect to network.

Cons

Access list could be changed to easier confguration using GUI
AAA is better to be used and auth internally without relaying on external server.
Firewall rules and IPS need more improve regarding intruation detection and Ai.

Return on Investment

Time saving to just use one place to manage the network.
Cost reduction by using internal security feature.
Securing the organization the IOS security features.

Usability

Alternatives Considered

HPE Aruba Networking Operating System, HPE Aruba Networks Wireless WAN and HPE Aruba Networking Switches

Other Software Used

HPE Aruba Networks Wireless WAN, HPE Aruba Networking Operating System, Netreo

Thomas Osborne

Network System Administrator in Information Technology at CentralSquare Technologies (1001-5000 employees employees)

Pros

AAA
Port-Security
Device Hardening

Cons

More features could be added

Most Important Features

AAA
1X
Port-Security

Return on Investment

IOS Security is a feature that is on the switch, so just by purchasing the equipment it is nice to have this level of security

Girgis Hady

IT Network Manager in Information Technology at WadiDegla (1001-5000 employees employees)

Pros

Authentication.
Access lists.
Port security.

Cons

Needs many lines to configure a detailed access list.
No seamless integration between Cisco IOS and LDAP for authentication and need something in middle like Radius.

Return on Investment

Increased network security.
Saved data and information which means saving money.

Alternatives Considered

Juniper Ethernet Switches

Other Software Used

Cisco Prime LAN Management Solution, Cisco Unified Communications Manager (Call Manager), Cisco Identity Services Engine (ISE)

Eduardo Viero

IT Infrastructure Specialist in Information Technology at RANDON S.A (5001-10,000 employees employees)

Pros

Using Cisco IOS security features, you can set up a zone-based firewall to protect the internal network, separating a DMZ if necessary, to deploy services that should face the internet.
Because Cisco iOS security is available in different router models, you can apply the same security configuration in each of the remote locations you have. With that, you can basically deploy a configuration template for every remote office or plant, regarding the size of the site.
Because Cisco iOS security is embedded in the OS, it doesn’t require too much hardware resources to run effectively. This gives you the opportunity to have the same level of security in a small router as you would have on a big one.

Cons

Cisco could provide an initial set up script for those are not used to the CLI (Command Line Interface). With that initial script, people could easily deploy the security features instead of having to learn how to use the commands.
The web interface that Cisco provides with the routers, although it’s useful to set up the security features, it could also have some sort of tutorials to help people understand the main concepts of iOS security.
You have to license iOS security separately from the main OS. For that reason, sometimes it tends to be a little expensive if you have a small business.

Return on Investment

Cisco iOS security helped our business deploy a relatively safe solution for a small amount of money.
If you don’t have enough budget to invest in a robust and expensive firewall solution, you can safely use Cisco iOS security to protect your branch or remote office without compromise your network.
Because Cisco iOS security uses a simple command-line based interface, you can deploy standardized scripts and keep the operational costs low.

Alternatives Considered

Red Hat Enterprise Linux (RHEL)

Other Software Used

FortiClient, SolarWinds IP Address Manager

Steve Davis View profile

Network Engineer in Information Technology at Diamond Technologies, Inc. (11-50 employees employees)

Pros

QoS. Cisco Quality of Service is top notch and handles prioritization of voice and video without issue.
Ease of implementation and configuration. Once you have a device configured, it is easy to use that configuration as a template for the rest. Export your config, update, the IP Address and Name at a minimum, then deploy to the next device.
Longevity! Sometimes it can be difficult to upsell a current Cisco client due to aging hardware. I have gone into a network that has 12 year old switches still running strong. I have only seen this with the Cisco brand. At that point, the upsell is the newer features and not the age of the device.

Cons

CLI is great for those that know how to use it. It is my preference. Cisco is also excellent at providing training and documentation. They have excellent GUI tools for switches and wireless. The only thing lacking is a solid GUI for routers. CCP is Java based and can be a little buggy at times.
Pricing. Cisco is a rock solid device but they charge accordingly. Sometimes it can be hard to be competitive. You have to work with your account manager and obtain deviations to be competitive with other products.

Return on Investment

There are no negative impacts. ROI Is great as hardware lasts for ever.
Never needs a reboot for standard maintenance. Less downtime
Less downtime means better customer service. Our customers reach us without difficulty

Other Software Used

Netgear Ethernet Switches, Dell PowerConnect Switches, Juniper Ethernet Switches

Cisco IOS Security

What is Cisco IOS Security?

Categories & Use Cases