Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 © 2004 Cisco Systems, Inc. All rights reserved. Cisco Self Defending Network SECURING THE INTELLIGENT INFORMATION NETWORK James Jones CCIE 1550, CISSP.

Published byWinfred Townsend Modified over 9 years ago

Similar presentations

Presentation on theme: "1 © 2004 Cisco Systems, Inc. All rights reserved. Cisco Self Defending Network SECURING THE INTELLIGENT INFORMATION NETWORK James Jones CCIE 1550, CISSP."— Presentation transcript:

1 1 © 2004 Cisco Systems, Inc. All rights reserved. Cisco Self Defending Network SECURING THE INTELLIGENT INFORMATION NETWORK James Jones CCIE 1550, CISSP August 2005

2 222 © 2005 Cisco Systems, Inc. All rights reserved. Agenda Security evolves to become a business issue Cisco’s unique architectural systems approach Security is a business enabler

3 333 © 2005 Cisco Systems, Inc. All rights reserved. Key Issues Facing Customers Today SECURITY Threats Theft Loss Response time APPLICATION AND SERVICE OPTIMIZATION Enablers Awareness App management Performance/optimization Resilience SIMPLIFICATION Scale Cost Staffing Integration and systems management THESE ISSUES ARE COMMON TO THE COMPUTE AND NETWORK LAYERS

4 444 © 2005 Cisco Systems, Inc. All rights reserved. Security Incidents on the Rise Incidents Source: CERT: Carnegie Mellon Software Engineering Institute, IDC

5 555 © 2005 Cisco Systems, Inc. All rights reserved. Evolution of Security Challenges GLOBAL Infrastructure Impact REGIONAL Networks MULTIPLE Networks INDIVIDUAL Networks INDIVIDUAL Computer GLOBAL Infrastructure Impact REGIONAL Networks MULTIPLE Networks INDIVIDUAL Networks INDIVIDUAL Computer Target and Scope of Damage 1980s 1990s Today Future Seconds Minutes Next Gen 2nd Gen Days 3rd Gen 1st Gen Weeks Time from Knowledge of Vulnerability to Release of Exploit is Shrinking

6 666 © 2005 Cisco Systems, Inc. All rights reserved. Security… Top of Mind for Business / Gov’t Top Ten Business Trends In 2004 Revenue growth * Use of information in products / services * Economic recovery Single view of customer Faster innovation Greater transparency in reporting Enterprise risk management Security / Business disruptions Operating costs / budgets Data protection and privacy 2003 Source: Gartner Top Ten Business Trends, 2004 12 1 1 2 2 — — — — — — 5 5 3 3 7 7 4 4 Rankings: “Affects Growth of IT Industry” 2002 — — 1 1 4 4 — — — — — — 3 3 6 6 — — — — 2004 1 1 2 2 3 3 4 4 5 5 6 6 7 7 8 8 9 9 10

7 777 © 2005 Cisco Systems, Inc. All rights reserved. Regulatory Compliance and the “IAC triad” Regulatory Compliance HIPPA, Graham Leach Bliley (GLB), Sarbanes Oxley (SOX), Basel II, EPA Integrity Assurance of accuracy and reliability of data and systems ensuring neither is modified in an unauthorized manner Availability Ensures the system or data is available and executes in a predictable manner with an acceptable level of performance Confidentiality Preventing unauthorized disclosure of sensitive information by ensuring that the necessary level of secrecy is in place at each junction of data processing

8 888 © 2005 Cisco Systems, Inc. All rights reserved. BUSINESS PROCESSES APPLICATIONS AND SERVICES NETWORKED INFRASTRUCTURE ACTIVE PARTICIPATION in application and service delivery A SYSTEMS APPROACH integrates technology layers to reduce complexity Flexible POLICY CONTROLS adapt this intelligent system to your business though business rules ACTIVE PARTICIPATION in application and service delivery A SYSTEMS APPROACH integrates technology layers to reduce complexity Flexible POLICY CONTROLS adapt this intelligent system to your business though business rules Cisco Intelligent Information Network CONNECTIVITYINTELLIGENT NETWORKINGCONNECTIVITYINTELLIGENT NETWORKING BUSINESS PROCESS OPTIMIZATION REQUIRES AN INTELLIGENT INFORMATION NETWORK CISCO NETWORK STRATEGY RESILIENTINTEGRATEDADAPTIVE

9 999 © 2005 Cisco Systems, Inc. All rights reserved. Value of Integrated Security System Security is no longer an option… It’s a necessity Security as an Option Security is an add-on Challenging integration Not cost-effective Cannot focus on core priority Security as INTEGRAL of a System Security is built-in Intelligent collaboration Appropriate security Direct focus on core priority

10 10 © 2005 Cisco Systems, Inc. All rights reserved. SYSTEM LEVEL SOLUTIONS EndpointsEndpoints NetworkNetwork ServicesServices SECURITY TECHNOLOGY INNOVATION SECURITY TECHNOLOGY INNOVATION Endpoint SecurityEndpoint Security Application FirewallApplication Firewall SSL VPNSSL VPN Network AnomalyNetwork Anomaly INTEGRATED SECURITY Secure Connectivity Threat Defense Trust & Identity Secure Connectivity Threat Defense Trust & Identity An initiative to dramatically improve the network’s ability to identify, prevent, and adapt to threats Self Defending Network Strategy Cisco strategy to dramatically improve the network’s ability to identify, prevent, and adapt to threats

11 11 © 2005 Cisco Systems, Inc. All rights reserved. Phases of Self Defending Network (SDN) SDN Phase I Integrated Security SDN Phase I Integrated Security SDN Phase III Adaptive Threat Defense SDN Phase III Adaptive Threat Defense SDN Phase II Collaborative Systems SDN Phase II Collaborative Systems Multiple Security Appliances Separate management software Multiple Security Appliances Separate management software Point Products “5–7 Years to Drive Architecture”

12 12 © 2005 Cisco Systems, Inc. All rights reserved. VPN Concentrator Cisco Firewall Cisco IDS Sensors Security Technology Leadership Best-of-Breed Security Security Technology Leadership Best-of-Breed Security Cisco IOS VPN Networking Technology Leadership 20 Years of Routing & Switching Expertise Networking Technology Leadership 20 Years of Routing & Switching Expertise Cisco ISR Cisco Catalyst Network Infrastructure Protection Trust & Identity Secure Connectivity Integrated Security Protect the network infrastructure from attacks Control Plane Policing, NBAR, AutoSecure Leverage the network to intelligently protect Endpoints NAC, 802.1x Secure and scalable network connectivity Secure Voice (sRTP, V3PN), DMVPN, MPLS & IPSec Threat Defense Prevent and respond to network attacks and threats such as worms Intrusion Prevention, Netflow, App Firewall, OPS Securing the IP Fabric with Integrated Security

13 13 © 2005 Cisco Systems, Inc. All rights reserved. NAC – First Collaborative Security System Desktop a)Access Granted b)Access Denied c)Quarantine Remediation Authentication and policy check of client Quarantine VLAN Remediation Corporate Net Client attempts connection And more to come…. NAC Framework

14 14 © 2005 Cisco Systems, Inc. All rights reserved. Current NAC Program Participants http://www.cisco.com/en/US/partners/pr46/nac/partners.html ANTI VIRUSREMEDIATION CLIENT SECURITY

15 15 © 2005 Cisco Systems, Inc. All rights reserved. Adaptive Threat Defense in Action Products, Services and Architecture Example PIX CSA NAC Quarantine VLAN Cisco Router CSA VPN Access VPN Cisco DDoS CSA Cisco Router Catalyst Identity-Based Networking Cisco IPS App Inspection, Use Enforcement, Web Control Application Security Malware/Content Defense, Anomaly Detection Anti-X Defenses Malware/Content Defense, Anomaly Detection Anti-X Defenses Traffic/Admission Control, Proactive Response Containment & Control Traffic/Admission Control, Proactive Response Containment & Control

16 16 © 2005 Cisco Systems, Inc. All rights reserved. VoIP Security Test Hardened for VOIP Security in the Wiring Closet Call Manager’s Applications Servers PSTN Catalyst 4500 Security Used Concurrently Dynamic ARP Inspection IP Source Guard DHCP Snooping Port Security VACL Policing Cisco IP Network Data VLAN Voice VLAN Data Center VLAN Attack Point Miercom Hacker Assault Team unable to disrupt Cisco VoIP STOPPED at the edge by a Catalyst 4500 … Miercom Quote- “ Cisco achieved the highest rating of the vendors tested. Cisco’s overall score, an A- on Miercom’s VoIP-Security Rating Scale, has set the high bar that other IP-telephony vendors will now endeavor to reach”

17 17 © 2005 Cisco Systems, Inc. All rights reserved. Integrated Systems Equals Greater Value AND Decreased Costs FOUNDATION TECHNOLOGIES Reduce OPEX by 30-40% -- investment protection SECURE IP COMMUNICATIONS SECURE WIRELESS Lower Implementation Costs and TCO -- simpler to deploy and manage Secure, Integrated, intelligent systems Trusted and protected business applications, legislative compliance Trusted and protected business applications, legislative compliance SELF-DEFENDING NETWORK More effective communication and collaboration through application and infrastructure integration Wireline and wireless equivalence – ubiquitous secure connectivity 29% savings through OPEX reduction, training, support, integration Sage Research, 2003 47% savings -- simpler, management, integration, operations Sage Research, 2003 NASDAQ internal study, 2004

18 18 © 2004 Cisco Systems, Inc. All rights reserved.

19 19 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Security Management Directions Device Mgrs Security Manager (VMS NG) Security Auditor M.A.R.S. - Today auditing highly manual and costly - Cisco offers auditing with predefined best practice policies - Solution for monitoring and mitigation - Visualize attack paths - Uses control capabilities within infrastructure to eliminate attacks - Quickest way to setup a device - Configures all device parameters - Ships with device - Solution for configuring routers, appliances, switches and endpoints - Applies policy at multiple layers - broadest coverage in the industry Provision Monitor Analysis Respond

20 20 © 2005 Cisco Systems, Inc. All rights reserved. WIRELESS Security A complete security solution includes threat defense capabilities such as rogue AP detection; secure connectivity through support for strong encryption; and trust and identity features, to enable only those with permission to access the network Application Aware Fast Secure L3 roaming for latency-sensitive applications (through WLSM) WIRELESS MANAGEMENT IP COMMUNICATIONS SECURITY Integration Through A Systems Architecture

21 21 © 2005 Cisco Systems, Inc. All rights reserved. IP COMMUNICATIONS Security Comprehensive approach to securing applications and media leveraging infrastructure in the first true system approach Complete Applications Portfolio Integrated suite of collaboration, call control voice mail and voice and video conferencing applications Voice Aware Network System approach enables appropriate QoS, High Availability WIRELESS MANAGEMENT IP COMMUNICATIONS SECURITY Integration Through A Systems Architecture

22 22 © 2005 Cisco Systems, Inc. All rights reserved. Security Architecture… Designed in at PRD Self Defending, Adaptive ROUTING / SWITCHING SERVICE PROVIDER ADVANCED TECHNOLOGIES IP TELEPHONY SECURITY WIRELESS OPTICAL STORAGE NETWORKED HOME SECURITY and SERVICES

Download ppt "1 © 2004 Cisco Systems, Inc. All rights reserved. Cisco Self Defending Network SECURING THE INTELLIGENT INFORMATION NETWORK James Jones CCIE 1550, CISSP."

Similar presentations

1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.

1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Enabling the Intelligent Information Network Chris Coleman Mission Architect,

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Enabling the Intelligent Information Network Chris Coleman Mission Architect,
Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.

Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.
Intelligent Networked Manufacturing - Ethernet to the Factory Christian Schwaiger Business Development Manager April 2006.

Intelligent Networked Manufacturing - Ethernet to the Factory Christian Schwaiger Business Development Manager April 2006.
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
The Cable Guys Inc. Drew Leach Tom McLoughlin Philip Mauldin Bill Smith.

The Cable Guys Inc. Drew Leach Tom McLoughlin Philip Mauldin Bill Smith.
Network Security In Education A Balancing Act Doug Klein CTO Vernier Networks, Inc.

Network Security In Education A Balancing Act Doug Klein CTO Vernier Networks, Inc.
1 © 2003, Cisco Systems, Inc. All rights reserved. Cisco Integrated Security: Building The Self-Defending Network Bogdan Constantinescu Area Manager Romania.

1 © 2003, Cisco Systems, Inc. All rights reserved. Cisco Integrated Security: Building The Self-Defending Network Bogdan Constantinescu Area Manager Romania.
Team MAGIC Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kintanka Wireless Network Security.

Team MAGIC Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kintanka Wireless Network Security.
1 © 2003 Cisco Systems, Inc. All rights reserved. 111111 Next Generation Services Redefining Interpersonal Communication Robert Lloyd President, EMEA Operations.

1 © 2003 Cisco Systems, Inc. All rights reserved Next Generation Services Redefining Interpersonal Communication Robert Lloyd President, EMEA Operations.
16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.

16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.
Citrix Partner Update The Citrix Delivery Centre.

Citrix Partner Update The Citrix Delivery Centre.
WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.
Wireless Network Security

Wireless Network Security
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
© 2003, Cisco Systems, Inc. All rights reserved. 111 8426_07_2003_Richardson_c11 Security Strategy Update Self Defending Network Initiative Network Admission.

© 2003, Cisco Systems, Inc. All rights reserved _07_2003_Richardson_c11 Security Strategy Update Self Defending Network Initiative Network Admission.
All Rights Reserved © Alcatel-Lucent 2010 1 | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.

All Rights Reserved © Alcatel-Lucent | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.

Similar presentations

Ads by Google