Cisco Integrated Security: Building The Self-Defending Network SECURITATEA SISTEMELOR INFORMATICE ŞI DE COMUNICAŢII 21 Septembrie 2004 Bogdan Constantinescu Area Manager Romania & Rep. Moldova Cisco Systems Romania © 2003, Cisco Systems, Inc. All rights reserved. 1
Agenda • Changes in Security Requirements • Integrated Security & Self-Defending Networks • Cisco Security Solutions 2
The Network as a Strategic Asset Corporate Enterprises Financial Performance Reduced Operational Costs Customers Improved Productivity Partners Suppliers Service Providers Small/Medium Businesses Employees 3
Intelligent Information Network Capabilities RESILIENT • • High Availability Multilayer Security Virtual Services Scalable INTEGRATED • Security, IPC, Wireless • Application Aware • Management ADAPTABLE • Self-Provisioning • Self-Optimizing • Self-Defending • Modular Approach 4
Business Continuity: Impact of Not Securing Your Network • Cost—directly affects bottom line 494 organizations* reported overall financial losses totaling nearly 142 million. • Credibility—end-user perception Can your end-user trust your network? • Productivity—ability to use your system Downtime is lost time and revenue • Viability—can ultimately affect your business Where will your company be in 1 year… 5 years? • Liability—are you responsible? If you don’t take actions to stop outbound attacks, are you liable for damages inflicted on others? * www. gocsi. com 5
The Self Defending Network Presentation_ID © 2003 Cisco Systems, Inc. All rights reserved. 6
Security is a Systematic Process Architecture Design and Implementation Vulnerabilities and Risk Assessment Corrective Action Forensic Analysis Central Security Management Incident Response Security Policy/ Procedures Deploy Security Policy Surveillance, Monitoring, Audit & Analysis 7
Evolution of Cisco Security Strategy Defense. In-Depth Point Products Basic Security • Basic router security • Command line interface 1990 s • Multiple technologies • Multiple • Security locations appliances • Multiple • Enhanced router appliances security • Little/no • Separate integration management software 2000 2002 Integrated Security • Integrated security Routers Switches Appliances Endpoints • FW + VPN + IDS…. • Integrated management software • Evolving advanced services 2003 Self-Defending Networks • End-point posture enforcement • Network device protection • Dynamic/Secure connectivity • Dynamic communication between elements • Automated threat response 2004… 8
Self Defending Network Strategy Cisco strategy to An initiative to dramatically improve the network’s ability to identify, prevent, and to identify, to threats and adapt prevent, adapt to threats SECURITY TECHNOLOGY INNOVATION INTEGRATED SECURITY • Secure Connectivity • Threat Defense • Trust & Identity • • Endpoint Security Application Firewall SSL VPN Network Anomaly SYSTEM LEVEL SOLUTIONS • • • Endpoints Network Services 9
Cisco Self-Defending Network - In Action • End-point security enforcement Network Admission Control, Identity Based Network Services • Network device protection Control Plane Policing, Auto-Secure, Switch/Router/WAP protection technologies. • Dynamic/Secure connectivity Dynamic Multipoint VPN, VLAN • Dynamic communication between elements Netflow, NBAR, Dynamic Intrusion Protection, ‘Are. You. There? ’ • Automatic response Cisco Security Agent, Network Anomaly Detection 10
Self-Defending Network Example Identity Based Networking Services Switch applies policies and enables port. • Set port to enable • set port vlan 10 802. 1 x Capable Client 802. 1 x Authentication Challenge VLAN 10 Secure Access Engineering Info 802. 1 x Authentication. VLAN In Action Credentials Verified Verify Login and Login granted Check with Policy DB Send Policies 4000 Series 3550/2950 Series Login + Certificate Login Verified 6500 Series Access Points 802. 1 x Capable Access Devices Cisco. Secure ACS Active Directory AAA Radius Server Login and Certificate Services 802. 1 x Authentication Server 11
Cisco Security Agent (CSA): Behavioral Protection From Attacks MRapidly Mutating MContinual signature updates MInaccurate Target M Most damaging Change very slowly Inspiration for CSA solution 12
Cisco Security Solutions 13
Threat Defense Cisco’s Integrated Network Security Solutions Defend the Edge: • Integrated Network FW+IDS Detects and Prevents External Attacks Internet Intranet Protect the Interior: • Catalyst Integrated Security Protects Against Internal Attacks Guard the Endpoints: • Cisco Security Agent (CSA) Secure Trust and Comm. Identity Protects Hosts Against Infection Verify the User and Device: • Identity-Based Networking/NAC Control Who/What Has Access Secure the Transport: • • • IPSec VPN SSL VPN MPLS Protects Data/Voice Confidentiality 14
Cisco Integrated Network Security High Performance Switch Integrated Campus Security Solutions Site-to-Site VPN / Firewall Routers PIX Firewall VPN Appliances Remote Access VPN Appliances Content Switching, Filtering SSL Optimization Intrusion Detection Appliances Catalyst 6500 Now with AES Acceleration SOHO 90 501 VPN 3002 800 1700 506 E 2600 515 E VPN 3005 SCA 11000 Secure Content Accelerator 4210 3600 3700 525 VPN 3015 CSS 11500 4235 7 xxx 535 VPN 3030 VPN 3060 CSS 115 XX SSL Blade VPN 3080 Catalyst CSM & SSL Blades Content Engine 4250 15
Cisco Integrated Services Routers Cisco 3800, 2800, and 1800 Series 3800 Series First Routers in the Industry to Support IPS and DMVPN! Increased Value Extended to New Markets Performance and Services Density • Substantial increase in price/performance! 2800 Series • Greater service densities across the portfolio! FCS September 2004 Highest Density and Performance for Concurrent Services • Extension into new markets! 1800 Series FCS September 2004 Embedded, Advanced Voice, Video, Data & Security Services FCS September 2004 Integrated Security & Data Enterprise Branch Office Small Branch SMB 16
Management Building E-Commerce ISP Distribution Corporate Internet Edge Core Server VPN/Remote Access PSTN WAN FR/ATM 17
Cisco Advanced Services for Network Security Assess and plan for a sound architecture and design Build in scalable, adaptable, easy-toupgrade solutions Transparently integrate into the core network infrastructure Continually identify and mitigate risk q Security Posture Assessment q Network Security Design Review q Network Security Design Development q Network Security Implementation Plan Assistance q Network Security Implementation Engineering q Network Security Optimization 18
Trust Cisco to Provide Leadership Cisco Spent $300 M on Security R&D (FY’ 03) We’re a Partner You Can Trust • The threats are here to stay, are changing, and we must evolve • Our connected world is the target, not one piece or one company • Cisco remains committed to help protect our customers 19
More Information www. cisco. com/security www. cisco. com/go/safe www. cisco. com/go/netpro www. cisco. com/go/securitypartners www. cisco. com/go/psirt http: //www. nsa. gov (Cisco router recommendation guide) 20
21
Скачать презентацию Cisco Integrated Security Building The Self-Defending Network SECURITATEA
0b66d8f1de7722a74ccc9f2cd6bfd611.ppt