Presentation is loading. Please wait.

Presentation is loading. Please wait.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009."— Presentation transcript:

1 WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009

2 T-Bone & Tonic Problem Overview Corporate governance for wireless, wired access, and intranet security used to be governed separately, however, it can no longer be so for the following two reasons: 05/30/2009 1.Security threats need to be addressed on an enterprise wide-level 2.Mobility is a critical component of IT infrastructure access today 2

3 T-Bone & Tonic Increase in Corporate Mobility 05/30/2009 F Figure 1 Figure 2 3

4 T-Bone & Tonic Proposed Solution Cisco Wireless and Network Security Integration – Provides the architectural, design, and implementation framework in deploying the Cisco Unified Network – Enables an enterprise to deploy and enforce a common network security policy – Consistent end-to-end policy enforcement as well as a highly effective threat detection and mitigation capability – WLAN/LAN integrated and layered security protocol solution 05/30/2009 4

5 T-Bone & Tonic Integration Points 05/30/2009 5

6 T-Bone & Tonic Why use a Layered Approach? 802.1x is the IEEE standard that provides the layered approach Initiate protection at layer 2 switches and layer 3 routers Secure authentication of Wireless Access Points with solid protocols such as WPA2-ENT with EAP-TLS Use a secure server to authenticate authorized users with Access Control Servers (Cisco, RADIUS) Educate users and administrators on properly securing the network 05/30/2009 6

7 T-Bone & Tonic Why Cisco? Cisco is unique in occupying 3 industry spaces: – Core Wired Networking products – Wireless Communications – Network Security 05/30/2009 7

8 T-Bone & Tonic The Cisco Unified Network Cisco Unified Network is the marriage of the following 3 Cisco components: Cisco Secure Wireless Architecture Cisco Campus Architecture Cisco Branch Architecture 05/30/2009 8

9 T-Bone & Tonic Cisco Secure Wireless Architecture 05/30/2009 9

10 T-Bone & Tonic Cisco Secure Wireless Architecture Cisco Unified Wireless Network Cisco Security Agent (CSA) Cisco Network Admission Control (NAC) Appliance Cisco Firewall Cisco IPS CS-MARS 05/30/2009 10

11 T-Bone & Tonic CS-MARS Cisco Security Monitoring, Analysis, and Reporting Hardened Linux server that monitors the network using SNMP, SSH, Telnet, Layer 2 & 3 switches and routers Gathers 15,000 events per second Cisco ContextCorrelation – Cisco defined rules that monitor for events Provides visualizations of network topology and “hot-spots” Presents administrators with timely per-device commands so that threats can be contained quickly Identifies “chokepoint” devices that can be used to isolate threats 05/30/2009 11

12 T-Bone & Tonic CS-MARS Visualization 05/30/2009 12

13 T-Bone & Tonic NAC – Network Access Control 4 Main Capabilities – Securely Identify Devices and Users – Enforce Consistent Policy – Quarantine and Remediate – Configure and Manage Access is controlled from all entry points to the network – LAN, WLAN, VPN, Internet, Guest Can be used to tier access levels Be careful with quarantine policies, isolate as much as possible Uses Cisco Trust Agent and Cisco Security Agent to verify “security posture” 05/30/2009 13

14 T-Bone & Tonic NAC - Overview 05/30/2009 14

15 T-Bone & Tonic CTA & CSA Cisco Trust Agent Components – Network clients – Network Access Devices – ACS – Secure Access Control Server Provides Posture Token – Healthy, Infected, Unknown, etc. – Posture Validation Servers – Third Party – Optional Cisco Security Agent – Installed on Network Clients – Limits network access until user and device is validated – Provides access to remediation areas only 05/30/2009 15

16 T-Bone & Tonic CSA – End User View 05/30/2009 16

17 T-Bone & Tonic Cisco Campus Architecture Provision proper network access to: – Data Centers – Servers – User Devices Provide the necessary internal routing and switching capabilities 05/30/2009 17

18 T-Bone & Tonic Campus - Illustrated 05/30/2009 18

19 T-Bone & Tonic Cisco Branch Architecture Branch Architecture ties together the different infrastructure, application and computing resources across various organizational divisions and hierarchies. 05/30/2009 19

20 T-Bone & Tonic Branch - Illustrated 05/30/2009 20

Download ppt "WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009."

Similar presentations

Designing for Pervasive Network Security. Designing for Security Our aim in this section will be to concentrate on how campus Networks can be designed.

Designing for Pervasive Network Security. Designing for Security Our aim in this section will be to concentrate on how campus Networks can be designed.
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.

1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
The Cable Guys Inc. Drew Leach Tom McLoughlin Philip Mauldin Bill Smith.

The Cable Guys Inc. Drew Leach Tom McLoughlin Philip Mauldin Bill Smith.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Configure a Wireless Router LAN Switching and Wireless – Chapter 7.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Configure a Wireless Router LAN Switching and Wireless – Chapter 7.
Team MAGIC Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kintanka Wireless Network Security.

Team MAGIC Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kintanka Wireless Network Security.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Module 3 Windows Server 2008 Branch Office Scenario.

Module 3 Windows Server 2008 Branch Office Scenario.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Wireless Network Security

Wireless Network Security
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
© 2003, Cisco Systems, Inc. All rights reserved. 111 8426_07_2003_Richardson_c11 Security Strategy Update Self Defending Network Initiative Network Admission.

© 2003, Cisco Systems, Inc. All rights reserved _07_2003_Richardson_c11 Security Strategy Update Self Defending Network Initiative Network Admission.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Being Proactive with Computer Posture Assessment Department of Housing and Residence Education Charles Benjamin.

Being Proactive with Computer Posture Assessment Department of Housing and Residence Education Charles Benjamin.
Wireless Network Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering.

Wireless Network Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

Similar presentations

Ads by Google