Cisco SAFE (Secure Architecture for Enterprise) is a network information security design approach based upon the defense in-depth strategy that is focused on an integrated, layered security philosophy. Cisco SAFE ensures that there is no single point of security failure within the enterprise by first identifying the security vulnerabilities of a network and business, generating a security policy to meet the vulnerabilities identified, then implement total visibility and complete control from a security standpoint, establishing the ability to identify, monitor, and correlate incidents when they occur and isolate services and systems, harden devices, services and applications, and enforce the network security policies to ensure all enterprise information is fully protected. Cisco SAFE is based upon a security life cycle that starts with planning, followed by design, implementation, operation, and optimization of network information security infrastructure protection (similar to software development life cycles or SDLC) so that the necessary change and change management essential for protection against new threats as they arise are built-in to the Cisco SAFE architecture [1].

CCNA Routing and Switching Portable Command Guide (3rd Edition)
Amazon Price: $34.99 $18.70 Buy Now
(price as of Jun 14, 2014)

Design Components


An integral part of the Cisco SAFE philosophy the list of SAFE axioms, which are statements that identify each area of attack surface within an enterprise. These axioms recognize five areas or elements as attack targets, specifically infrastructure devices (such as routers, switches and hubs), services (such as NTP or Network Time Protocol and DNS or Domain Name Service, which are both common targets), endpoints (such as workstations and servers which are frequently attacked by malware), networks (attacked via DoS or Denial of Service and MITM or Man in the Middle, just to name a couple methods for compromise), and applications (typically falling prey to programming errors via buffer overflows, cross-site scripting and SQL injection attacks). By identifying the areas of attack, Cisco SAFE ensures that these areas are not overlooked when developing an enterprise security policy and plan.


Another key piece to the Cisco SAFE strategy is the identification of several components or “modules” that form the layered, defense in-depth strategic architecture plan so necessary to ensure that a security incident does not automatically result in the compromise of valuable information. Following is a brief overview of each of these components as identified by the Cisco SAFE program.

Core: The Core module in Cisco SAFE consists of essentially the same infrastructure devices that are specified in the Cisco three layer network architecture model (Core, Distribution and Access). Core devices typically include the switches through which all other devices on the network are interconnected, providing the required high speed transport from one section of the network to another.

Intranet Data Center: This module includes those infrastructure devices involved in supporting and providing the necessary services and resources required internally by the business, such as web and database servers, application servers and the network devices that support them.

Enterprise Campus: Many enterprises include networks that span multiple floors, buildings and layers while still residing within the same geographic location. Issues characteristic of this module include multimedia and data storage and hosting, and Internet and Intranet access over the private network.

Enterprise WAN Edge: Organizations that span multiple locations often facilitate business activities by establishing dedicated WAN connections between disparate locations. These WAN connections are either privately built or leased by communications service providers and link remote or branch office private LANs together over the WAN links, integrated into a single network entity.

Internet Edge: This portion of the network serves as a dedicated gateway to the public network or Internet. The devices that service the organization at the Internet edge include routers that maintain routing tables between networks for forwarding (such as supporting both OSPF and BGP), translate different OSI layer 2 protocols (such as HDLC and Ethernet), and are typically accompanied by security devices such as firewalls, proxies and/or IDS/IPS to  provide necessary traffic filtering between the trusted and untrusted networks.

Enterprise Branch: The branch module addresses security at the remote office location of an organization, which typically supports a private LAN network that is connected to the organization's primary office via WAN, such as through DS3, satellite or VPN (Virtual Private Network). Enterprise branch office network may appear to be a simple subset of an enterprise network, however they have their own set of challenges including Internet and directory service connectivity through the organization's main office, both of which are availability issues that could compromise network usability and security if a proper security plan is not in place.

Management: The management module is that essential piece that provides visibility into the health of network security and activity leveraging out of band or OOB services such as SNMP or Simple Network Management Protocol to alert network administrators when a compromise, incident, or connectivity issue (availability) may be taking place. Management involves several activities including the monitoring, analysis and correlation of network security and health information captured through logs, SNMP and other methods. In addition, management includes a focus on threat control and containment, essentially the response to detected malicious attacks, and proactive response to vulnerabilities discovered and mitigation before a threat is exercised.

Regulatory Compliance

Although Cisco SAFE is quite comprehensive, it does lack in some areas of concern for organizations that are under heavy regulatory scrutiny. Regulatory compliance requirements such as for SOX (Sarbanes-Oxley Act) and HIPAA or Health Information Portability and Accountability Act, carry with them hefty fines and even prison for company officers when and audit finds that they are not compliant. Frameworks such as COBIT are often implemented to provide upper management with visibility into the company's information technology and security, keeping management actively engaged to ensure that the state of compliance is understood and up to date. Cisco SAFE provides the tools needed for meeting regulatory compliance and visibility at the administrator and to some degree the management level, however it does lack a distinct focus in this area.


Cisco SAFE is an excellent defense in-depth framework that can ensure all networks are designed to leverage a layered security approach utilizing current best practices, along with the many built-in security mechanisms that are inherent in a properly designed Cisco network infrastructure. A Cisco SAFE is a highly recommended as a foundation for any network security strategy.