Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 © 2005 Cisco Systems, Inc. All rights reserved. Think Secure IP Communications, Think Cisco Danelle Au Product Manager, Access Technology Group.

Published byLenard Maxwell Modified over 9 years ago

Similar presentations

Presentation on theme: "1 © 2005 Cisco Systems, Inc. All rights reserved. Think Secure IP Communications, Think Cisco Danelle Au Product Manager, Access Technology Group."— Presentation transcript:

1 1 © 2005 Cisco Systems, Inc. All rights reserved. Think Secure IP Communications, Think Cisco Danelle Au Product Manager, Access Technology Group

2 222 © 2005 Cisco Systems, Inc. All rights reserved. Cisco 2005 IPC Consultant Conference The IP Conundrum The same IP technology that enables IP Communications solutions to: Boost productivity Increase mobility Enhance flexibility Also creates additional MANAGEABLE challenges for information security These new challenges exist whether the IP upgrade is incremental or total

3 333 © 2005 Cisco Systems, Inc. All rights reserved. Cisco 2005 IPC Consultant Conference The Challenge of Securing IP Voice The threats are familiar to both voice and data professionals: Eavesdropping Impersonation Toll fraud Denial of service Both “phreakers” and “hackers” are lurking The protection of both voice and data communication is critical to the business 333

4 444 © 2005 Cisco Systems, Inc. All rights reserved. Cisco 2005 IPC Consultant Conference The Paradigm Must Change A Network-Based Systems Approach An automated security system is required to address unknown (or “Day Zero”) threats Security must be applied at multiple layers of the system to address sophisticated blended threats and defend against multiple avenues of attack All elements of the security system must be integrated to initiate a coordinated response

5 555 © 2005 Cisco Systems, Inc. All rights reserved. Cisco 2005 IPC Consultant Conference Cisco Self Defending Network Integrated Security Components SECURE CONNECTIVITY SYSTEM Secure Transport of Applications Across Numerous Network Environments TRUST AND IDENTITY MANAGEMENT SYSTEM Contextual Identity Management for Policy Enforcement, Network Entitlement and Trust THREAT DEFENSE SYSTEM Collaboration of Security and Network Intelligence Services to Minimize Impact of Both Known and Unknown Threats PRIVACY PROTECTION CONTROL MANAGEMENT AND ANALYSIS

6 666 © 2005 Cisco Systems, Inc. All rights reserved. Cisco 2005 IPC Consultant Conference Security Requirements Integrated, Systems Approach Cisco Addresses More Security Issues, at More Layers of the Network, than any other IP Communications Vendor XXXInfrastructure XXX Call Control XXXEndpoints XXXApplications CONTROLPROTECTIONPRIVACY

7 777 © 2005 Cisco Systems, Inc. All rights reserved. Cisco 2005 IPC Consultant Conference Cisco’s Integrated Services Routers (ISR) Up to… 5X density 7X performance 4X memory! Embedded security, tightly integrated with voice Industry-leading network availability and resilience Backward compatibility with existing router modules for investment protection Integrated Services Routers Embedded Security And Voice with CONCURRENT WIRE-SPEED SERVICES

8 888 © 2005 Cisco Systems, Inc. All rights reserved. Cisco 2005 IPC Consultant Conference FR,DSL, etc Fax Cisco ISR with IP Telephony, Cisco CallManager Express, Cisco Unity Express Application server Printer Dial backup and POS Integrated POE EtherSwitch Analog phones Wireless access point Cisco IP Phone 7920 WAN or Public Internet PSTN Secure IP Communications in the Branch Voice and Security on Integrated Services Routers IP Phones Infrastructure Application Call Control End Points Applications Trust and Identity NAC, 802.1x Management Security Device Manager Secure wireless, voicemail Endpoint Protection Secure RTP, certificates Business Continuity Network Foundation Protection Secure Connectivity Threat Defense Firewall, IDS, IPS VPN, DMVPN, V3PN

9 999 © 2005 Cisco Systems, Inc. All rights reserved. Cisco 2005 IPC Consultant Conference Secure Connectivity High Performance Encrypted Voice & Video Optimized for voice and video Small Branch Branch Office Small Office & Telecommuter Corporate Office Site-to-Site VPN Network intelligence (routing, QoS, multicast) enables Voice, Video & Data Centralized cookie-cutter configuration (Easy VPN) Scalable full / partial mesh (DMVPN) Simplified PKI deployment (CA Server, USB eTokens) Remote Access VPN Full service network access with centralized policy-based management (Easy VPN) Clientless secure access (SSL VPN) High Performance Encrypted Voice and Video Voice and Video-enabled VPN (V3PN) TLS protecting SIP gateways IPSec and SRTP protecting H.323 and MGCP gateways Secure Tunnel Internet Business Requirements Encrypted connectivity between sites or partners Secure remote access Encrypted Point-of-Sale transactions Site-to-Site VPN Interconnect branch offices or headquarters Remote Site VPN Hardware VPN for small offices & telecommuters Software VPN for mobile users Encrypted Trunk

10 10 © 2005 Cisco Systems, Inc. All rights reserved. Cisco 2005 IPC Consultant Conference Threat Defense, Trust and Identity Identity & Controlled Access Network Admission Control URL Filtering Port-Level Security (802.1x) Small Branch Branch Office Small Office & Telecommuter Corporate Office Perimeter Defense Segregate network assets into trusted & untrusted zones Application-aware inspection and defense against port 80, IM, P2P misuse MPLS Security Outbreak Prevention Network-based protection against virus/worm/trojans and other threats Distributed protection across entire network at minimum cost Rapid response to emerging threats Controlled Access Controls who/what gets access to the network and what they can do Detects and isolates non- compliant devices Outbreak Prevention Intrusion Prevention Distributed Threat Mitigation Incident Control Internet Business Requirements Defend against worms, viruses, trojans, hacks Enforce policy-based control to network assets Perimeter Defense Policy Firewall (L3) Transparent Firewall (L2) Application Firewall (L4-7)

11 11 © 2005 Cisco Systems, Inc. All rights reserved. Cisco 2005 IPC Consultant Conference Endpoint Protection Cisco Unified CallManager, CallManager Express or SRST Phone certificates X X X X X X Encrypted Endpoints Conversations between Cisco IP phones or analog phones are protected using secure RTP (SIP and SCCP phones) Authenticated Endpoints X.509 v.3 certificates in phones, Cisco Unified CallManager, Cisco CallManager Express and Cisco SRST Certificates ensure reliable device authentication Encrypted voice calls using secure RTP Signed Firmware Images Unique signature for each phone model Signed & Encrypted Config Files Phone configuration protected from unauthorized changes Business Requirements Protection for phone firmware and configuration files Encrypted voice conversations encrypted Phone certificates

12 12 © 2005 Cisco Systems, Inc. All rights reserved. Cisco 2005 IPC Consultant Conference Management Router and Security Device Manager Factory installed for 1800, 2800, 3800 series Industry leading router and security management tool Security Features Inline IPS with Dynamic Signature update and signature customization Role-Based Router Access Easy VPN Server and AAA Digital Certificates for IPSec VPNs Wizards for non-experts Troubleshooting tools VPN, WAN connection One Touch Router Lock-down, Auto Secure www.cisco.com/go/sdm Business Requirements Security management tool for router and security services Wizards for easy configuration and management

13 13 © 2005 Cisco Systems, Inc. All rights reserved. Cisco 2005 IPC Consultant Conference Applications Secure Wireless Applications Extensive wireless security (.1x, WPA, EAP-TLS, TKIP) Cisco Unified SRST and CallManager Express Encrypted voice conversations are maintained or placed in SRST mode Encrypted signaling information (pins, address) Digest Authentication for Cisco Unified CallManager Express Cisco Unity Encrypted signaling and voice when accessing voicemail Private voice messaging Encrypted voice mail storage POS Registers Employee Mobility Guest Access IP Video IP Phone Secure Wireless Dual-band wireless (802.11 a, b/g) Public wireless hotspot Secure Voice Integrated security on IP-PBX and PSTN gateway Encrypted voice conversations and signaling Encrypted voicemail storage Internet PSTN Business Requirements Security & convergence of Voice and Data services Security & integration of Wired and Wireless

14 14 © 2005 Cisco Systems, Inc. All rights reserved. Cisco 2005 IPC Consultant Conference Business Continuity Small Branch Branch Office Small Office & Telecommuter Corporate Office WAN Backup Seamless recovery from link failures Stateful head-end failover minimizes application interruption Independent remote site telephony operation during disasters (SRST) Network Foundation Protection Device availability Control Plane Protection, AutoSecure, rate limiting Secure management access SSL, SSHv2 for CLI SDM for web-based Security incident analysis Syslog, NetFlow, IP Source Tracker Internet WAN Backup Backup VPN over Broadband (DSL, Cable) or Dial (PSTN, ISDN) Head-end redundancy Survivable remote telephony Network Foundation Protection DDoS protection Secure remote management Forensics Business Requirements Uninterrupted operation of business-critical applications Network must stay up in the face of attacks & disasters

15 15 © 2005 Cisco Systems, Inc. All rights reserved. Cisco 2005 IPC Consultant Conference Voice media and signaling encryption for Cisco SIP Phones Extends the benefits of SRTP/TLS to Cisco SIP Phones 7911/ 7941 / 7961 / 7970 / 7971. Full interoperability between Secure SCCP and Secure SIP endpoints. Voice and signaling encryption extended to voice gateways and between Cisco Unified CallManager clusters Adds the extra protection of media and signaling encryption to the industry’s widest range of H.323 voice gateways and IPIP Gateway, including Integrated Services Router. Media and signaling encryption of H.323 intercluster trunks between CCM clusters. Signaling encryption of SIP gateways. SRTP interoperability between H.323 and MGCP gateways, and SIP/SCCP IP phones Voice and signaling encryption enabled on Cisco Unified CallManager CTI interface Extends the benefits of SRTP/TLS to CTI applications HTTP Digest Authentication on Cisco Unified CallManager Interoperates with SIP gateways and SIP phones to authenticate user agent to SIP proxy or registrar Encryption of configuration file on Cisco IP phones Protect privileged information like passwords, credentials and server addresses Secure IP Communications Features Q1 2006 NEW

16 16 © 2005 Cisco Systems, Inc. All rights reserved. Cisco 2005 IPC Consultant Conference Cisco VoIP Security Is Independently Proven! Cisco had the only solution named “Secure” in grueling independent test: Breaking through IP telephony Breaking through IP telephony Network World Magazine, May 24, 2004 Dozens of tests over 3 days, Layers 2 - 7 Cisco had highest grade awarded No exploitable vulnerabilities found No negative effect on voice quality Other single vendor solutions had “serious vulnerabilities” “To date we have not seen a VoIP solution that outperforms the security provided by Cisco.” Miercom Labs

17 17 © 2005 Cisco Systems, Inc. All rights reserved. Cisco 2005 IPC Consultant Conference The Intelligent Choice for Secure IPC IP Communications solutions from Cisco can be as secure, or more secure, than traditional PBX systems Security remains a top issue of IP Communications customers Cisco is committed to delivering the most secure, reliable solution possible Recent enhancements further increase the security capabilities of the industry leading Cisco IP Communications solution Independent testing says Cisco provides the most secure IP Communications solution available* *As tested by Miercom Labs and reported by Network World and Business Communications Review

18 18 © 2005 Cisco Systems, Inc. All rights reserved. Cisco 2005 IPC Consultant Conference Q AND A 18 © 2004 Cisco Systems, Inc. All rights reserved. 10439_11_2004_c1

19 19 © 2005 Cisco Systems, Inc. All rights reserved. Cisco 2005 IPC Consultant Conference THANK YOU FOR YOUR TIME! 19 © 2004 Cisco Systems, Inc. All rights reserved. 10439_11_2004_c1

20 20 © 2005 Cisco Systems, Inc. All rights reserved. Cisco 2005 IPC Consultant Conference Questions? Cisco Consultant HOTLINE: CiscoCLP@Cisco.com

21 21 © 2005 Cisco Systems, Inc. All rights reserved. Cisco 2005 IPC Consultant Conference 21 © 2004 Cisco Systems, Inc. All rights reserved. 10439_11_2004_c1

Download ppt "1 © 2005 Cisco Systems, Inc. All rights reserved. Think Secure IP Communications, Think Cisco Danelle Au Product Manager, Access Technology Group."

Similar presentations

Unified Communications Bill Palmer ADNET Technologies, Inc.

Unified Communications Bill Palmer ADNET Technologies, Inc.
The leader in session border control for trusted, first class interactive communications.

The leader in session border control for trusted, first class interactive communications.
Addressing Security Issues IT Expo East 2011. Addressing Security Issues Unified Communications SIP Communications in a UC Environment.

Addressing Security Issues IT Expo East Addressing Security Issues Unified Communications SIP Communications in a UC Environment.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Exploring the Network Network Basics.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Exploring the Network Network Basics.
Agenda Product Overview Hardware Interfaces Software Features

Agenda Product Overview Hardware Interfaces Software Features
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.

© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.
Overview of DVX 9000.

Overview of DVX 9000.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 2: Cisco VoIP Implementations.

© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 2: Cisco VoIP Implementations.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Controlling Network Boundaries.

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Controlling Network Boundaries.
 Category 6 Ethernet Cable, Single-mode Fiber Cable, and RJ45 Jacks  APC Netshelter SX 48U Racks and NetShelter AV Roof Fan Tray 825mm  Cisco 3800 ISR.

 Category 6 Ethernet Cable, Single-mode Fiber Cable, and RJ45 Jacks  APC Netshelter SX 48U Racks and NetShelter AV Roof Fan Tray 825mm  Cisco 3800 ISR.
The Cable Guys Inc. Drew Leach Tom McLoughlin Philip Mauldin Bill Smith.

The Cable Guys Inc. Drew Leach Tom McLoughlin Philip Mauldin Bill Smith.
Solutions for SIP The SIP enabler We enable SIP communication for business What the E-SBC can do for you.

Solutions for SIP The SIP enabler We enable SIP communication for business What the E-SBC can do for you.
1 © 2003, Cisco Systems, Inc. All rights reserved. Cisco Integrated Security: Building The Self-Defending Network Bogdan Constantinescu Area Manager Romania.

1 © 2003, Cisco Systems, Inc. All rights reserved. Cisco Integrated Security: Building The Self-Defending Network Bogdan Constantinescu Area Manager Romania.
16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.

16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
January 23-26, 2007 Ft. Lauderdale, Florida IP Communications, Secure – By Design Roger W. Farnsworth.

January 23-26, 2007 Ft. Lauderdale, Florida IP Communications, Secure – By Design Roger W. Farnsworth.
Introducing VoIP Networks Chapter 01 Components of a VoIP Network.

Introducing VoIP Networks Chapter 01 Components of a VoIP Network.
In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?

In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?

Similar presentations

Ads by Google