Download presentation
Presentation is loading. Please wait.
Published byTheresa Patchell Modified over 9 years ago
1
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi
2
Introduction ► Importance of Integrated Network Security Example of disjointed solution Example of properly integrated solution ► Importance to IT Leaders
3
Agenda ► Integrated Solution Architecture ► Integrated Solution Components Cisco Security Agent (CSA) Cisco NAC Appliance Cisco Firewall Cisco IPS CS-MARS
4
Cisco Unified Wireless Network ► Anytime, anywhere access to information. ► Real-time access to instant messaging, e-mail, and network resources. ► Mobility services, such as voice, guest access, advanced security, and location. ► Modular architecture that supports 802.11n, 802.11a/b/g, and enterprise wireless mesh for indoor and outdoor locations, while ensuring a smooth migration path to future technologies and services
5
Secure Wireless Architecture ► The following five interconnected elements work together to deliver a unified enterprise-class wireless solution: Client devices Access points Wireless controllers Network management Mobility services
6
Campus Architecture ► High availability ► Access services ► Application optimization and protection services ► Virtualization services ► Security services ► Operational and management services
7
Branch Architecture
8
Cisco Unified Wireless Network ► Anytime, anywhere access to information. ► Real-time access to instant messaging, e-mail, and network resources. ► Mobility services, such as voice, guest access, advanced security, and location. ► Modular architecture that supports 802.11n, 802.11a/b/g, and enterprise wireless mesh for indoor and outdoor locations, while ensuring a smooth migration path to future technologies and services
9
Agenda ► Integrated Solution Architecture ► Integrated Solution Components Cisco Security Agent (CSA) Cisco NAC Appliance Cisco Firewall Cisco IPS CS-MARS
10
Where CSA Fits into Architecture
11
CSA ► CSA is an endpoint security solution ► Single agent that provides: zero update attack protection data loss prevention signature based antivirus ► Two Components: CSA MC CSA
12
Need for CSA
13
Threats and CSA Mitigation
15
Prevent Wireless Ad hoc Communications Module ► If a wireless ad-hoc connection is active, all UDP or TCP traffic over any active wireless ad-hoc connection is denied, regardless of the application or IP address. ► Alerts are logged and reported any time the rule module is triggered ► Customization allows: User Query Test Deployment
16
Prevent Wireless if Ethernet Active Module ► If an Ethernet connection is active, all UDP or TCP traffic over any active 802.11 wireless connection is denied, regardless of the application or IP address. ► An alert is logged and reported for each unique instance that the rule module is triggered. ► Supports customization Customized user query as a rule action Customized rule module based on location Customized rule module in test mode
17
Location Aware Policy Enforcement ► Enforces different security policies based on the location of a mobile client ► Determines state of mobile client based on: System state conditions Network interface set characteristics ► CSA location-aware policy may leverage any of the standard CSA features
18
Roaming Force VPN Module ► If the CSA MC is not reachable and a network interface is active, all UDP or TCP traffic over any active interface is denied, regardless of the application or IP address, with the exception of web traffic, which is permitted for 300 seconds. ► Informs user that VPN connection is required ► Message is logged
19
Agenda ► Integrated Solution Architecture ► Integrated Solution Components Cisco Security Agent (CSA) Cisco NAC Appliance Cisco Firewall Cisco IPS CS-MARS
20
Cisco NAC Appliance Overview ► Admission Control and compliance enforcement ► Features: In-band or out-of-band deployment options User authentication tools Bandwidth and traffic filtering controls Vulnerability assessment and remediation (also referred to as posture assessment) Network Scan Clean Access Agent
21
NAC Architecture
22
Out-of-Band Modes
23
In-Band Modes
24
NAC Appliance Positioning: Edge Deployment
25
NAC Appliance Positioning: Centralized Deployment
26
NAC Authentication ► 802.1x/EAP authentication does not pass through to NAC ► Authentication methods include: Web authentication Clean Access Agent Single sign-on (SSO) with Clean Access Agent with the following: VPN RADIUS accounting Active Directory
27
Authentication Process: AD SSO
28
Posture Assessment Process
29
Remediation Process
30
Authenticated User
31
Agenda ► Integrated Solution Architecture ► Integrated Solution Components Cisco Security Agent (CSA) Cisco NAC Appliance Cisco Firewall Cisco IPS CS-MARS
32
Firewall Placement Options Source: Cisco, Deploying Firewalls Throughout Your Organization
33
Why Placing Firewalls in Multiple Network Segments? ► Provide the first line of defense in network security infrastructures ► Prevent access breaches at all key network junctures ► Help organizations comply with the latest corporate and industry governance mandates Sarbanes-Oxley (SOX) Gramm-Leach-Bliley (GLB) Health Insurance Portability and Accountability Act (HIPAA) Payment Card Industry Data Security Standard (PCI DSS)
34
► Cisco Catalyst 6500 Wireless Services Module (WiSM) and Cisco Firewall Services Module (FWSM) ► Cisco Catalyst 6500 Wireless Services Module (WiSM) and Cisco Adaptive Security Appliances (ASA) ► 2100 family WLCs with a Cisco IOS firewall in an ISR router Firewall Integration
35
FWSM and ASA Modes of Operation Transparent Mode Routed Mode
36
High Availability Configuration ASA High Availability FWSM High Availability
37
WLC Deployments and IOS Firewall
38
Agenda ► Integrated Solution Architecture ► Integrated Solution Components Cisco Security Agent (CSA) Cisco NAC Appliance Cisco Firewall Cisco IPS CS-MARS
39
IPS Threat Detection and Migration Roles
40
WLC and IPS Collaboration ► Cisco WLC and IPS synchronization ► WLC enforcement of a Cisco IPS host block ► Cisco IPS host block retraction
41
Example of WLC enforcement
42
Agenda ► Integrated Solution Architecture ► Integrated Solution Components Cisco Security Agent (CSA) Cisco NAC Appliance Cisco Firewall Cisco IPS CS-MARS
43
CS-MARS ► Cisco Security Monitoring, Analysis and Reporting System ► Monitor the network ► Detect and correlate anomalies ► Mitigate threats
44
Cross-Network Anomaly Detection and Correlation ► MARS is configured to obtain the configurations of other network devices. ► Devices send events to MARS via SNMP. ► Anomalies are detected and correlated across all devices.
45
Monitoring, Anomalies, & Mitigation ► Discover Layer 3 devices on network Entire network can be mapped Find MAC addresses, end-points, topology ► Monitors wired and wireless devices Unified monitoring provides complete picture ► Anomalies can be correlated Complete view of anomalies (e.g. host names, MAC addresses, IP addresses, ports, etc.) ► Mitigation responses triggered using rules Rules can be further customized to extend MARS
46
Reporting ► MARS provides reporting Detected events (e.g. DoS, probes, etc.) Distinguish between LAN and WLAN events Leverage reporting from other components (e.g. WLC, WCS, etc.) ► Allows detailed analysis of Events Threats Anomalies
47
Q & A
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.