WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.

Slides:



Advertisements
Similar presentations
Designing for Pervasive Network Security. Designing for Security Our aim in this section will be to concentrate on how campus Networks can be designed.
Advertisements

Encrypting Wireless Data with VPN Techniques
1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Guide to Network Defense and Countermeasures Second Edition
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
The Cable Guys Inc. Drew Leach Tom McLoughlin Philip Mauldin Bill Smith.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Configure a Wireless Router LAN Switching and Wireless – Chapter 7.
Team MAGIC Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kintanka Wireless Network Security.
1 Configuring Virtual Private Networks for Remote Clients and Networks.
Module 3 Windows Server 2008 Branch Office Scenario.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Wireless Network Security
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
© 2003, Cisco Systems, Inc. All rights reserved _07_2003_Richardson_c11 Security Strategy Update Self Defending Network Initiative Network Admission.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Being Proactive with Computer Posture Assessment Department of Housing and Residence Education Charles Benjamin.
Wireless Network Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
Clinic Security and Policy Enforcement in Windows Server 2008.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
1 Network Admission Control to WLAN at WIT Presented by: Aidan McGrath B.Sc. M.A.
Configuring Routing and Remote Access(RRAS) and Wireless Networking
1 October 20-24, 2014 Georgian Technical University PhD Zaza Tsiramua Head of computer network management center of GTU South-Caucasus Grid.
1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
70-411: Administering Windows Server 2012
Implementing Network Access Protection
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Configure a Wireless Router Basic Wireless Concepts & Configuration Chapter.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.
Module 8: Configuring Network Access Protection
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 6: Implement Wireless Scalability.
Securing Wired Local Area Networks(LANs)
1 Second ATLAS-South Caucasus Software / Computing Workshop & Tutorial October 24, 2012 Georgian Technical University PhD Zaza Tsiramua Head of computer.
Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.
Cisco’s Secure Access Control Server (ACS)
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Telecommunications, the Internet, and Wireless Technology.
Welcome Windows Server 2008 安全功能 -NAP. Network Access Protection in Windows Server 2008.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
Cisco 3 - Switch Perrine. J Page 111/6/2015 Chapter 5 At which layer of the 3-layer design component would users with common interests be grouped? 1.Access.
Configuring Network Access Protection
Data Communications and Networks Chapter 10 – Network Hardware and Software ICT-BVF8.1- Data Communications and Network Trainer: Dr. Abbes Sebihi.
1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.
Chapter 9: Implementing the Cisco Adaptive Security Appliance
NAC-NAP Interoperability
Understand Server Protection LESSON Security Fundamentals.
© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED,
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Module 6: Network Policies and Access Protection.
Module 5: Network Policies and Access Protection
Introduction to Avaya’s SDN Architecture February 2015.
Kevin Watson and Ammar Ammar IT Asset Visibility.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.
CAMPUS LAN DESIGN GUIDE Design Considerations for the High-Performance Campus LAN.
Implementing Network Access Protection
Configuring and Troubleshooting Routing and Remote Access
Chapter 4: Wireless LANs
Wireless Network Security
Server-to-Client Remote Access and DirectAccess
Check Point Connectra NGX R60
Wireless Network Security
Intel Active Management Technology
Network Access Control
Latest Practice Test Dumps
Presentation transcript:

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009

T-Bone & Tonic Problem Overview Corporate governance for wireless, wired access, and intranet security used to be governed separately, however, it can no longer be so for the following two reasons: 05/30/ Security threats need to be addressed on an enterprise wide-level 2.Mobility is a critical component of IT infrastructure access today 2

T-Bone & Tonic Increase in Corporate Mobility 05/30/2009 F Figure 1 Figure 2 3

T-Bone & Tonic Proposed Solution Cisco Wireless and Network Security Integration – Provides the architectural, design, and implementation framework in deploying the Cisco Unified Network – Enables an enterprise to deploy and enforce a common network security policy – Consistent end-to-end policy enforcement as well as a highly effective threat detection and mitigation capability – WLAN/LAN integrated and layered security protocol solution 05/30/2009 4

T-Bone & Tonic Integration Points 05/30/2009 5

T-Bone & Tonic Why use a Layered Approach? 802.1x is the IEEE standard that provides the layered approach Initiate protection at layer 2 switches and layer 3 routers Secure authentication of Wireless Access Points with solid protocols such as WPA2-ENT with EAP-TLS Use a secure server to authenticate authorized users with Access Control Servers (Cisco, RADIUS) Educate users and administrators on properly securing the network 05/30/2009 6

T-Bone & Tonic Why Cisco? Cisco is unique in occupying 3 industry spaces: – Core Wired Networking products – Wireless Communications – Network Security 05/30/2009 7

T-Bone & Tonic The Cisco Unified Network Cisco Unified Network is the marriage of the following 3 Cisco components: Cisco Secure Wireless Architecture Cisco Campus Architecture Cisco Branch Architecture 05/30/2009 8

T-Bone & Tonic Cisco Secure Wireless Architecture 05/30/2009 9

T-Bone & Tonic Cisco Secure Wireless Architecture Cisco Unified Wireless Network Cisco Security Agent (CSA) Cisco Network Admission Control (NAC) Appliance Cisco Firewall Cisco IPS CS-MARS 05/30/

T-Bone & Tonic CS-MARS Cisco Security Monitoring, Analysis, and Reporting Hardened Linux server that monitors the network using SNMP, SSH, Telnet, Layer 2 & 3 switches and routers Gathers 15,000 events per second Cisco ContextCorrelation – Cisco defined rules that monitor for events Provides visualizations of network topology and “hot-spots” Presents administrators with timely per-device commands so that threats can be contained quickly Identifies “chokepoint” devices that can be used to isolate threats 05/30/

T-Bone & Tonic CS-MARS Visualization 05/30/

T-Bone & Tonic NAC – Network Access Control 4 Main Capabilities – Securely Identify Devices and Users – Enforce Consistent Policy – Quarantine and Remediate – Configure and Manage Access is controlled from all entry points to the network – LAN, WLAN, VPN, Internet, Guest Can be used to tier access levels Be careful with quarantine policies, isolate as much as possible Uses Cisco Trust Agent and Cisco Security Agent to verify “security posture” 05/30/

T-Bone & Tonic NAC - Overview 05/30/

T-Bone & Tonic CTA & CSA Cisco Trust Agent Components – Network clients – Network Access Devices – ACS – Secure Access Control Server Provides Posture Token – Healthy, Infected, Unknown, etc. – Posture Validation Servers – Third Party – Optional Cisco Security Agent – Installed on Network Clients – Limits network access until user and device is validated – Provides access to remediation areas only 05/30/

T-Bone & Tonic CSA – End User View 05/30/

T-Bone & Tonic Cisco Campus Architecture Provision proper network access to: – Data Centers – Servers – User Devices Provide the necessary internal routing and switching capabilities 05/30/

T-Bone & Tonic Campus - Illustrated 05/30/

T-Bone & Tonic Cisco Branch Architecture Branch Architecture ties together the different infrastructure, application and computing resources across various organizational divisions and hierarchies. 05/30/

T-Bone & Tonic Branch - Illustrated 05/30/