© 2003, Cisco Systems, Inc. All rights reserved. 111 8426_07_2003_Richardson_c11 Security Strategy Update Self Defending Network Initiative Network Admission.

Slides:

Advertisements

Similar presentations

Network Access Protection & Network Admission Control March 10, 2005 Teerapol Tuanpusa Network Consultant Cisco Systems Thailand Jirat Boomuang Technology.

Advertisements

1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

Supporting The Mobile Client: Expanding Our Borders John Guidone Manager, Desktop Technologies and Dawn E. Colonese Manager, Help Desk & Client Access.

Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.

Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Network Security In Education A Balancing Act Doug Klein CTO Vernier Networks, Inc.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.

Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

Ronald Beekelaar Beekelaar Consultancy Forefront Overview.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 1 Justin Rowling – Systems Engineer Protecting your network with Network Admission.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.

Information Security in Real Business

Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S

All Rights Reserved © Alcatel-Lucent | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.

Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Virtual Private Network

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Endpoint Security Current portfolio and looking forward October 2010.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.

RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.

1 Network Admission Control to WLAN at WIT Presented by: Aidan McGrath B.Sc. M.A.

© 2004, Cisco Systems, Inc. All rights reserved.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Open Standards for Network Access Control Trusted Network Connect.

1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.

Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Welcome to the Human Network Matt Duke 11/29/06.

Security = Top Business Issue

Surviving in a hostile world  The myth of fortress applications  Tomas Olovsson CTO, Appgate Professor at Goteborg University, Sweden.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

Dell Connected Security Solutions Simplify & unify.

Implementing Network Access Protection

Asif Jinnah Microsoft IT – United Kingdom. Security Challenges in an ever changing landscape Evolution of Security Controls: Microsoft’s Secure Anywhere.

1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.

Pg 1 of 25 AGI IP-Based Network Solutions Phil Flores Major Account Manager – Cisco Systems, inc.

Module 8: Configuring Network Access Protection

Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Welcome Windows Server 2008 安全功能 -NAP. Network Access Protection in Windows Server 2008.

Configuring Network Access Protection

Data Communications and Networks Chapter 10 – Network Hardware and Software ICT-BVF8.1- Data Communications and Network Trainer: Dr. Abbes Sebihi.

1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.

May 30 th – 31 st, 2007 Chateau Laurier Ottawa. Securing Your Network – End to End Connectivity Pat Fetty Senior Program Manager Windows Customer Advisory.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

NAC-NAP Interoperability

© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED,

Copyright © 2008 Juniper Networks, Inc. 1 Juniper Networks Access Control Solutions Delivering Comprehensive and Manageable Network Access Control Solutions.

Module 5: Network Policies and Access Protection

Managing Network Access Protection. Introduction to NAP Issues  Although corporate networks are highly secured, no control over the configuration of.

Short Customer Presentation September The Company  Storgrid delivers a secure software platform for creating secure file sync and sharing solutions.

1© Copyright 2012 EMC Corporation. All rights reserved. Next Generation Authentication Bring Your Own security impact Tim Dumas – Technology Consultant.

Chapter 1: Exploring the Network

Implementing Network Access Protection

Securing the Network Perimeter with ISA 2004

Forefront Security ISA

Contact Center Security Strategies

Implementing Client Security on Windows 2000 and Windows XP Level 150

Network Access Control

Microsoft Data Insights Summit

Presentation transcript:

© 2003, Cisco Systems, Inc. All rights reserved _07_2003_Richardson_c11 Security Strategy Update Self Defending Network Initiative Network Admission Control February 5, 2004 Tempe, Arizona Security Strategy Update Self Defending Network Initiative Network Admission Control February 5, 2004 Tempe, Arizona

© 2003, Cisco Systems, Inc. All rights reserved _07_2003_Richardson_c11 Security Paradigm is Changing The burden on StateNet’s members to secure all aspects of the network and business is rapidly growing heavier -Assessing Security Risks -Defining & Authoring Security Policy -Designing & Implementing Security Infrastructure -Enforcement of Security Policy Self Defending Network Initiative (SDNI) will result in the network making intelligent admission and defense decisions while helping to enforce security policy compliance. The burden on StateNet’s members to secure all aspects of the network and business is rapidly growing heavier -Assessing Security Risks -Defining & Authoring Security Policy -Designing & Implementing Security Infrastructure -Enforcement of Security Policy Self Defending Network Initiative (SDNI) will result in the network making intelligent admission and defense decisions while helping to enforce security policy compliance.

© 2003, Cisco Systems, Inc. All rights reserved _07_2003_Richardson_c11 Threat Evolution Global Infrastructure Impact Regional Networks Multiple Networks Individual Networks Individual Computer Global Infrastructure Impact Regional Networks Multiple Networks Individual Networks Individual Computer Target and Scope of Damage 1st Gen Boot viruses 1st Gen Boot viruses Weeks 2nd Gen Macro viruses DoS Limited hacking 2nd Gen Macro viruses DoS Limited hacking Days Point Products Days Point Products 3rd Gen Network DoS Blended threat (worm + virus+ trojan) Turbo worms Widespread system hacking 3rd Gen Network DoS Blended threat (worm + virus+ trojan) Turbo worms Widespread system hacking Minutes Integrated Security Minutes Integrated Security Next Gen Infrastructure hacking Flash threats Massive worm driven DDoS Damaging payload viruses and worms Next Gen Infrastructure hacking Flash threats Massive worm driven DDoS Damaging payload viruses and worms Seconds Self Defending Network Seconds Self Defending Network 1980s 1990s Today Future

© 2003, Cisco Systems, Inc. All rights reserved _07_2003_Richardson_c11 Cisco’s Security Vision INDUSTRY COLLABORATION INTEGRATED SECURITY SYSTEM LEVEL SOLUTION Secure Connectivity Threat Defense Trust and Identity Network Admission Control Program Dynamically identify, prevent, and respond to threats End-to-End Multi-phased initiative to dramatically improve the network’s ability to identify, prevent, and adapt to threats

© 2003, Cisco Systems, Inc. All rights reserved _07_2003_Richardson_c11 Cisco Network Admission Control (NAC) Cisco Network Admission Control (NAC) is Cisco-led, industry program focused on limiting damage from emerging security threats such as viruses and worms NAC is a significant step forward in security policy compliance and enforcement In NAC, customers can allow network access only to compliant and trusted endpoint devices (e.g. PCs, servers, PDAs) and can restrict the access of non-compliant devices Initial NAC co-sponsors include Network Associates, Symantec, and Trend Micro NAC is the first phase of the Cisco Self-Defending Network Initiative These efforts are designed to dramatically improve the ability of networks to identify, prevent, and adapt to threats

© 2003, Cisco Systems, Inc. All rights reserved _07_2003_Richardson_c11 Cisco NAC Solution Overview NAC Solution: Leverage the network to intelligently enforce access privileges based on endpoint security posture. The Cisco network helps force corporate security compliance. Validates all endpoints/hosts Ubiquitous solution for all connection methods Quarantine & remediation services Leverages customer investments in Cisco network and AV solutions Deployment scalability NAC Characteristics: Cisco Secure ACS Policy (AAA) Svr AV Vendor Svr Endpoint Attempting Network Access Network Access Devices Policy Server Decision Points Credentials RADIUS Credentials Access Rights Notification Cisco Trust Agent Comply? Enforcement NAC enforces the security policies as defined on the ACS by the user. It does not author the policies.

© 2003, Cisco Systems, Inc. All rights reserved _07_2003_Richardson_c11 Cisco Network Admission Control (NAC) Endpoints attempting Network Access AV Vendor Policy Server Security Credential Checking Cisco Network Access Device Security Policy Enforcement Cisco Secure ACS Policy/ AAA RADIUS Server Security Policy Creation AV Policy Evaluation Cisco Network Admission Control Anti- Virus client Cisco Security Agent Cisco Trust Agent NAC is not yet shipping. The Cisco Business Unit is still determining how we will license and charge for NAC on the access devices. It is expected the end-point Trust Agent will be free. Permit, deny, quarantine, restrict

© 2003, Cisco Systems, Inc. All rights reserved _07_2003_Richardson_c11 Phase 1 Deployment Scenarios Router-Based compliance enforcement Main Office Branch Office Lab Data Center AAA & AV Svrs VPN Edge Extranet Edge Users Partner Private WAN Partner WAN VPN Edge Internet Edge Internet Branch office compliance Focus first on less trusted/managed offices Extranet compliance Partner hosts are patched and comply Internet compliance Ensure hosts are hardened prior to browsing Lab compliance Production network access only for compliant devices Data center protection Devices accessing protected servers must comply

© 2003, Cisco Systems, Inc. All rights reserved _07_2003_Richardson_c11 NAC Schedule ( best efforts to accelerate ) Phase 1 Q2 CY04 Phase 1 Q2 CY04 Phase 2 2HCY04 Phase 2 2HCY04 Network Devices IOS Routers 17xx – 72xx Cisco Trust Agent Support Industry Partners Device Communications Phase 3 TBD Phase 3 TBD Windows NT, 2000, XP AV Vendors Layer 3 EAP/UDP Switches Wireless Access Points Windows 2003 Red Hat Linux Solaris OS Vendors Mgmt Vendors Layer 2 EAP/802.1x Security Devices VPN Concentrators IP Phones Cisco Appliances MAC OS, HPUX, AIX Broad Vendor Support HTTP/SSL? VPN Management System (VMS) will configure the NAC settings across access devices in masse. Secure Information Management System (SIMS) will be the management tool for reporting and monitoring. A “SIMS Lite” is being considered for small to medium customers. There are third party management software companies writing to NAC, so there will be options

© 2003, Cisco Systems, Inc. All rights reserved _07_2003_Richardson_c11 Cisco Integrated Security Portfolio ADVANCED SECURITY SERVICES MANAGEMENT AND ANALYSIS MANAGEMENT AND ANALYSIS Centralized security managementCentralized security management Security policy, security event monitoring and analysisSecurity policy, security event monitoring and analysis Threat validation and investigationThreat validation and investigation Embedded devicemanagementEmbedded device management COMPLETE COVERAGE Protecting Desktops, Servers and Networks FLEXIBLE DEPLOYMENT Security Appliances Security Appliances Switches Routers Security Software Security Software SECURITY SERVICES VPN / SSL FirewallIDSIdentityBehavior SECURE INFRASTRUC- TURE SECURE INFRASTRUC- TURE Device Authentication, Port Level Security, Secure and Trusted Devices, Secure Access, Transport Security Device Authentication, Port Level Security, Secure and Trusted Devices, Secure Access, Transport Security

© 2003, Cisco Systems, Inc. All rights reserved _07_2003_Richardson_c11 Summary Statement Industry collaboration in support of Cisco’s Self Defending Network Initiative will result in the network making intelligent admission and defense decisions while helping to enforce security policy compliance. Thank you for your time.