Presentation is loading. Please wait.

Presentation is loading. Please wait.

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

Published byFelix Arnold Pitts Modified over 9 years ago

Similar presentations

Presentation on theme: "1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now."— Presentation transcript:

1 1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

2 222 © 2003, Cisco Systems, Inc. All rights reserved. End – to – End Security This presentation highlights how every device on a Cisco Powered Network can be locked down to perform Defense in Depth. This multilayered approach presents an extremely difficult target to: HackersUnauthorized Access WormsRogue Devices VirusesSpoofing Attacks DoS / DDoS attacks This presentation highlights how every device on a Cisco Powered Network can be locked down to perform Defense in Depth. This multilayered approach presents an extremely difficult target to: HackersUnauthorized Access WormsRogue Devices VirusesSpoofing Attacks DoS / DDoS attacks

3 333 © 2003, Cisco Systems, Inc. All rights reserved. Threats Can be From Internal Sources Internal Most expensive attacks come from inside (Up to 10x more costly) Accidental: Misconfiguration Internal Most expensive attacks come from inside (Up to 10x more costly) Accidental: Misconfiguration Source: CSI / FBI Security Study 2003

4 444 © 2003, Cisco Systems, Inc. All rights reserved. Threats Also Come from External Sources External 78% of Attacks Come from Internet Connection (up from 57% in 1999) External 78% of Attacks Come from Internet Connection (up from 57% in 1999) Source: CSI / FBI Security Study 2003

5 555 © 2003, Cisco Systems, Inc. All rights reserved. Threats Can Already Be Known to You… KNOWN Known Good Security Practices Allow You to Protect Yourself Against “Known” Threats

6 666 © 2003, Cisco Systems, Inc. All rights reserved. Or Unknown … Unknown How Can You Protect Yourself Against Something You Don’t Know About

7 777 © 2003, Cisco Systems, Inc. All rights reserved. Threat from Hackers 2,524 new vulnerabilities discovered in 2002 Many recently discovered vulnerabilities remain highly viable targets for future threats “Blended threats” present the greatest risk Companies experience 30+ attacks per week 2000% increase (’99-’02) in financial losses from hacker-caused denial of service $65.6M in reported cost (2002) 2,524 new vulnerabilities discovered in 2002 Many recently discovered vulnerabilities remain highly viable targets for future threats “Blended threats” present the greatest risk Companies experience 30+ attacks per week 2000% increase (’99-’02) in financial losses from hacker-caused denial of service $65.6M in reported cost (2002)

8 888 © 2003, Cisco Systems, Inc. All rights reserved. Threat from Theft Theft of proprietary information causes greatest financial loss: $2.7M per incident (2003) 90% of respondents detected computer security breaches within last 12 months Source: CSI / FBI Security Study 2003 Theft of proprietary information causes greatest financial loss: $2.7M per incident (2003) 90% of respondents detected computer security breaches within last 12 months Source: CSI / FBI Security Study 2003 “The average amount of money, as a % of revenue, that companies spend on IT security is.0025 % or slightly less than they spend on coffee.” Richard Clarke Former Special Advisor to the President for Cyberspace Security

9 999 © 2003, Cisco Systems, Inc. All rights reserved. Threat Evolution Global Infrastructure Impact Regional Networks Multiple Networks Individual Networks Individual Computer Global Infrastructure Impact Regional Networks Multiple Networks Individual Networks Individual Computer Target and Scope of Damage 1st Gen Boot viruses 1st Gen Boot viruses Weeks 2nd Gen Macro viruses Email DoS Limited hacking 2nd Gen Macro viruses Email DoS Limited hacking Days 3rd Gen Network DoS Blended threat (worm + virus+ trojan) Turbo worms Widespread system hacking 3rd Gen Network DoS Blended threat (worm + virus+ trojan) Turbo worms Widespread system hacking Minutes Next Gen Infrastructure hacking Flash threats Massive worm driven DDoS Damaging payload worms Next Gen Infrastructure hacking Flash threats Massive worm driven DDoS Damaging payload worms Seconds 1980s 1990s Today Future

10 10 © 2003, Cisco Systems, Inc. All rights reserved. The Sapphire Worm or “Slammer” 2 6 8 11 0 Infections doubled every 8.5 seconds Infected 75,000 hosts in first 11 minutes Caused network outages, cancelled airline flights and ATM failures Infections doubled every 8.5 seconds Infected 75,000 hosts in first 11 minutes Caused network outages, cancelled airline flights and ATM failures Cisco Responded in 10 At Peak, Scanned 55 Million Hosts per Second Minutes after Release

11 11 © 2003, Cisco Systems, Inc. All rights reserved. How Cisco Stopped “Slammer” RESULT: No infections found within Cisco 00:03 00:10 00:30 00:00 00:06 Slammer launched “Unusual” traffic verified and triggered alarm Anomaly detection technology identified “unusual” traffic Locked down the appropriate ports (inside and outside Cisco) Corporate networks, internal nets, LANs etc Vulnerability Scan of Cisco’s network (200+ systems identified as vulnerable internally) Cisco Security Agent Stops Threat on Protected Hosts 00:00

12 12 © 2003, Cisco Systems, Inc. All rights reserved. Security Paradigm is Changing Security is no longer a “product level” proposition. Security is tied directly to the business proposition Server and desktop management Increasing number of vulnerabilities Must scale to thousands in large Enterprises Legacy endpoint security TCO challenge Reactive products force deployment of multiple agents and management paradigms to update Day Zero Damage Rapidly propagating attacks (Slammer and Blaster) happen too fast for reactive products to handle - an automated security system is needed Security is no longer a “product level” proposition. Security is tied directly to the business proposition Server and desktop management Increasing number of vulnerabilities Must scale to thousands in large Enterprises Legacy endpoint security TCO challenge Reactive products force deployment of multiple agents and management paradigms to update Day Zero Damage Rapidly propagating attacks (Slammer and Blaster) happen too fast for reactive products to handle - an automated security system is needed

13 13 © 2003, Cisco Systems, Inc. All rights reserved. Deploy Security as an Integrated System Secure Transport Card Readers Security Room CCTV Secured Doors and Vaults Surveillance and Alarms Patrolling Security Guard Firewalls and Router ACLs Network and Host-based Intrusion Detection Scanner Centralized Security and Policy Management Identity, AAA, Access Control Servers and Certificate Authorities Encryption and Virtual Private Networks (VPN’s)

14 14 © 2003, Cisco Systems, Inc. All rights reserved. Security is a Systematic Process Vulnerabilities and Risk Assessment Architecture Design and Implementation Security Policy/ Procedures Deploy Security Policy Surveillance, Monitoring, Audit & Analysis Incident Response Corrective Action Forensic Analysis © 2002, Cisco Systems, Inc. All rights reserved. 14 Central Security Management Central Security Management

15 15 © 2003, Cisco Systems, Inc. All rights reserved. Cisco Security Strategy Evolution Basic router security Command line interface Basic router security Command line interface Severity of Security Threats 1990s 2000 Today Future Integrated security Routers Switches Appliances Endpoints FW + VPN + IDS Anomoly detection Integrated management software Evolving advanced services Integrated security Routers Switches Appliances Endpoints FW + VPN + IDS Anomoly detection Integrated management software Evolving advanced services Security appliances Enhanced router security Separate management software Security appliances Enhanced router security Separate management software End to End Protection Application oriented (per port basis) Security aware elements Self-protecting Self-managing End to End Protection Application oriented (per port basis) Security aware elements Self-protecting Self-managing Basic router security Command line interface Basic router security Command line interface End to End Protection Application oriented (per port basis) Security aware elements Self-protecting Full suite of advanced services End to End Protection Application oriented (per port basis) Security aware elements Self-protecting Full suite of advanced services Intelligent Information Networks Fully Integrated Security

16 16 © 2003, Cisco Systems, Inc. All rights reserved. Cisco Systems is the only vendor that can provide you security on every point of your network VPN End-to-End Security

17 17 © 2003, Cisco Systems, Inc. All rights reserved.

Download ppt "1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now."

Similar presentations

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
(n)Code Solutions Presentation on the importance of a Secure Technology Infrastructure.

(n)Code Solutions Presentation on the importance of a Secure Technology Infrastructure.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
1 © 2003 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID THE NETWORK SECURITY CHALLENGE Jack Suess CIO University of Maryland Baltimore.

1 © 2003 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID THE NETWORK SECURITY CHALLENGE Jack Suess CIO University of Maryland Baltimore.
16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.

16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor

Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor
1 © 2002, Cisco Systems, Inc. All rights reserved. CIBR Security technical solution customer Cisco Security Solutions for Small and Medium Businesses Make.

1 © 2002, Cisco Systems, Inc. All rights reserved. CIBR Security technical solution customer Cisco Security Solutions for Small and Medium Businesses Make.
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S09761197.

Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
By Edith Butler Fall 2008. Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.

By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.
© 2003, Cisco Systems, Inc. All rights reserved. 111 8426_07_2003_Richardson_c11 Security Strategy Update Self Defending Network Initiative Network Admission.

© 2003, Cisco Systems, Inc. All rights reserved _07_2003_Richardson_c11 Security Strategy Update Self Defending Network Initiative Network Admission.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Similar presentations

Ads by Google