© 2007 Cisco Systems, Inc. All rights reserved.DESGN v2.06-1 Evaluating Security Solutions for the Network Selecting Network Security Solutions.

Презентация:



Advertisements
Похожие презентации
© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Security Design Review Define the security requirements. Define the security policy. Integrate.
Advertisements

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Structuring and Modularizing the Network Using a Modular Approach in Network Design.
© 2006 Cisco Systems, Inc. All rights reserved. SND v Configuring a Cisco IOS Firewall Defending Your Network with the Cisco Firewall Product Family.
© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Evaluating Security Solutions for the Network Understanding the Cisco Self-Defending Network.
© 2006 Cisco Systems, Inc. All rights reserved. SND v Module Summary IDS technology is passive; it monitors the network for suspicious activity and.
© 2007 Cisco Systems, Inc. All rights reserved. Securing Networks with Cisco Routers and Switches (SNRS) v2.0 SNRS v2.01.
© 2006 Cisco Systems, Inc. All rights reserved.SNRS v Adaptive Threat Defense Examining Cisco IOS Firewall.
© 2006 Cisco Systems, Inc. All rights reserved. SND v2.01 Securing Cisco Network Devices (SND) v2.0.
© 2006 Cisco Systems, Inc. All rights reserved. SND v Securing Networks with Cisco IOS IPS Configuring Cisco IOS IPS.
© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Module Summary IPsec is designed to provide interoperable, high-quality, cryptographically.
© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Module Summary The hierarchical network structure is composed of the access, distribution,
© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Enterprise Campus and Data Center Design Review Analyze organizational requirements: –Type.
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Module Summary Attacks can target various components of modern networks, such as system integrity,
Designing Security Services © 2004 Cisco Systems, Inc. All rights reserved. Implementing Network Security Using the SAFE Security Blueprints ARCH v
© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Remote Connectivity Design Review Analyze network requirements: –Type of applications, the.
© 2006 Cisco Systems, Inc. All rights reserved. SND v Introduction to Network Security Policies Building Cisco Self-Defending Networks.
Lesson 11 SAFE Enterprise Network Design © 2005 Cisco Systems, Inc. All rights reserved. CSI v
© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Designing Basic Enterprise Campus Networks Describing Enterprise Data Center Considerations.
© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Module Summary The Cisco IOS Firewall feature set combines existing Cisco IOS Firewall technology.
© 2006 Cisco Systems, Inc. All rights reserved.SND v Building Cisco IPsec VPNs Building Remote Access VPNs.
Транксрипт:

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Evaluating Security Solutions for the Network Selecting Network Security Solutions

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Network Devices Supporting Integrated Security Cisoc IOS router security PIX security appliance Adaptive security appliance (ASA) VPN concentrator Intrusion prevention system Catalyst service modules Endpoint security

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Integrated Security for Cisco IOS Routers Cisco IOS Firewall –Stateful multiservice application-based filtering Cisco IOS IPS –In-line deep-packet inspection Cisco IOS IPsec –Data encryption at the IP packet level Cisco IOS trust and identity –AAA –PKI –SSH –SSL

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Example: Security Hardware Options for ISRs Built-in VPN acceleration Voice security options High-performance AIM Cisco IDS Network Module Cisco Content Engine Module Cisco Network Analysis Module

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Security Appliances VPN concentrator –IPsec and SSL VPN support PIX security appliance – Rich application and protocol inspection – Integrated site-to-site and remote access VPNs ASA, a multifunction security appliance –Stateful firewall of PIX appliance, plus –Adaptive threat defense capabilities Application security Anti-X defenses IPS –Advanced integration modules

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Intrusion Prevention Systems In line (IPS) or passive (IDS) Multivector threat identification Network speeds from multiple T1s to 1 Gbps –IPS 4215 sensor protects up to 65 Mbps of traffic –IPS 4240 sensor protects up to 250 Mbps of traffic –IPS 4255 sensor protects up to 500 Mbps of traffic –IPS 4260 sensor protects up to 1 Gbps of traffic

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Cisco Catalyst Service Modules Cisco Firewall Services Module Cisco Intrusion Detection System Services Module Cisco SSL Services Module Cisco IPSec VPN SPA Cisco Traffic Anomaly Detector Module Cisco Anomaly Guard Module Cisco Network Analysis Module

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Cisco Security Agent Spyware and adware protection Protection against buffer overflows Distributed firewall capabilities Malicious mobile code protection Operating-system integrity assurance Application inventory Audit log consolidation

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Securing the Enterprise Network Embed Self-Defending Network features throughout the network in: –The enterprise campus –The enterprise data center –The enterprise edge Use Self-Defending Network technologies, including: –Identity and access control –Threat defense –Infrastructure protection –Security management

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Deploying Security in the Enterprise CampusIdentity and Access Control 802.1X or NAC NAC appliance ACLs Firewall –Stateful inspection –Application inspection

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Deploying Security in the Enterprise Campus Threat Detection and Mitigation NetFlow Syslog SNMP Host IPS (Cisco Security Agent) Network IPS Cisco Security MARS, Cisco Security Manager

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Deploying Security in the Enterprise Campus – Infrastructure Protection AAA SSH SNMPv3 IGP or EGP Message Digest 5 Layer 2 security features

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Deploying Security in the Enterprise CampusSummary Identity and access control: 802.1x, NAC, ACLs, firewalls Threat detection and mitigation: NetFlow, syslog, SNMP, Cisco Security-MARS, Network IPS, Host IPS Infrastructure protection: AAA, SSH, SNMPv3, IGP or EGP MD5, Layer 2 security features Security management Cisco Security Manager, Cisco Security MARS

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Deploying Security in the Enterprise Data Center – Identity and Access Control 802.1X ACLs Firewalls

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Deploying Security in the Enterprise Data CenterThreat Detection and Mitigation NetFlow Syslog SNMP Host IPS (Cisco Security Agent) Network IPS Cisco Security MARS, Cisco Security Manager

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Deploying Security in the Enterprise Data CenterInfrastructure Protection AAA SNMPv3 SSH IGP or EGP MD5 Layer 2 security features

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Deploying Security in the Enterprise Data CenterSummary Identity and access control: 802.1X, ACLs, firewalls Threat detection and mitigation: NetFlow, syslog, SNMP, Cisco SecurityMARS, Network IPS, Host IPS Infrastructure protection: AAA, SSH, SNMPv3, IGP or EGP MD5, Layer 2 security features Security management Cisco Security Manager, Cisco Security MARS

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Deploying Security in the Enterprise EdgeIdentity and Access Control ACLs Firewall IPSec or SSL VPN NAC appliance

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Deploying Security in the Enterprise EdgeThreat Detection and Mitigation NetFlow Syslog SNMP IPS (host or network) Cisco Security MARS, Cisco Security Manager

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Deploying Security in the Enterprise EdgeInfrastructure Protection SNMPv3 AAA SSH IGP or EGP MD5

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Deploying Security in the Enterprise Edge – Summary Identity and access control: Firewalls, IPSec, SSL VPN, ACLs Threat detection and mitigation: NetFlow, syslog, SNMP, Cisco Security MARS, Network IPS, Host IPS Infrastructure protection: AAA, CoPP, SSH, RFC 2827, SNMPv3, IGP/EGP MD5 Security management Cisco Security Manager, Cisco Security MARS

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Summary Cisco has integrated security features into the network devices, including ACLs, firewall support, VPNs, IPS, and event logging. The Cisco Self-Defending Network elements and Cisco network devices with integrated security are deployed throughout the enterprise network.

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v